V Shape — รูปแบบการพัฒนาซอฟต์แวร์ V-Model

V-Model Development

V-Model V Shape Software Development Lifecycle Verification Validation Testing Requirements Design Unit Test Integration System Test Acceptance Test Safety-critical Waterfall

เนื้อหาเกี่ยวข้อง — อ่านต่อ: LangChain Agent Micro-segmentation — AI Agent

SDLC Model	Testing	Flexibility	Risk	เหมาะกับ
V-Model	ทุก Phase	ต่ำ	ต่ำ	Safety-critical
Waterfall	ท้ายสุด	ต่ำ	สูง	Simple Projects
Agile/Scrum	ทุก Sprint	สูง	ปานกลาง	Evolving Requirements
Spiral	ทุก Iteration	สูง	ต่ำ	Large Complex
DevOps	Continuous	สูงมาก	ต่ำ	Cloud SaaS

V-Model Phases

# === V-Model Implementation ===

# V-Model Structure:
#
# Requirements Analysis  ←→  Acceptance Testing
#   System Design        ←→  System Testing
#     Architecture Design ←→  Integration Testing
#       Detailed Design   ←→  Unit Testing
#           Implementation (Coding)
#
# Left Side: Development (Top-down)
# Bottom: Implementation
# Right Side: Testing (Bottom-up)

# Requirements Traceability Matrix
# req_id | requirement | design_ref | test_case | status
# REQ-001 | User login  | DES-001   | TC-001   | Verified
# REQ-002 | Payment     | DES-002   | TC-002   | Verified
# REQ-003 | Report      | DES-003   | TC-003   | Pending

from dataclasses import dataclass

@dataclass
class VModelPhase:
    dev_phase: str
    test_phase: str
    dev_output: str
    test_output: str
    tools: str
    traceability: str

phases = [
    VModelPhase(
        "Requirements Analysis", "Acceptance Testing",
        "SRS Document", "UAT Test Cases",
        "Jira DOORS", "REQ → UAT"
    ),
    VModelPhase(
        "System Design", "System Testing",
        "System Design Doc", "System Test Plan",
        "Enterprise Architect", "SDD → ST"
    ),
    VModelPhase(
        "Architecture Design", "Integration Testing",
        "Architecture Doc", "Integration Test Plan",
        "UML Diagrams", "ADD → IT"
    ),
    VModelPhase(
        "Detailed Design", "Unit Testing",
        "Module Design Doc", "Unit Test Cases",
        "Class Diagrams", "MDD → UT"
    ),
    VModelPhase(
        "Implementation", "—",
        "Source Code", "—",
        "IDE Git", "Code → All Tests"
    ),
]

print("=== V-Model Phases ===")
for p in phases:
    print(f"  Development: {p.dev_phase}")
    print(f"    Output: {p.dev_output} | Tools: {p.tools}")
    print(f"  Testing: {p.test_phase}")
    print(f"    Output: {p.test_output} | Trace: {p.traceability}")
    print()

Testing Strategy

# === V-Model Testing Strategy ===

# Unit Test Example (pytest)
# class TestPaymentProcessor:
#     def test_calculate_total(self):
#         processor = PaymentProcessor()
#         assert processor.calculate_total(100, 0.07) == 107.0
#
#     def test_validate_card_number(self):
#         assert validate_card("4111111111111111") == True
#         assert validate_card("0000000000000000") == False
#
#     def test_process_payment_success(self):
#         result = process_payment(amount=100, card="4111111111111111")
#         assert result.status == "approved"
#
#     def test_process_payment_insufficient_funds(self):
#         result = process_payment(amount=999999, card="4111111111111111")
#         assert result.status == "declined"
#         assert result.reason == "insufficient_funds"

# Integration Test
# class TestPaymentIntegration:
#     def test_order_to_payment_flow(self):
#         order = create_order(items=[{"id": 1, "qty": 2}])
#         payment = process_payment(order_id=order.id, amount=order.total)
#         assert payment.status == "approved"
#         assert order.status == "paid"
#
#     def test_payment_to_notification(self):
#         payment = process_payment(amount=100)
#         notifications = get_notifications(payment.id)
#         assert len(notifications) == 1
#         assert notifications[0].type == "payment_confirmation"

# System Test
# class TestPaymentSystem:
#     def test_end_to_end_purchase(self):
#         # Login → Browse → Add to Cart → Checkout → Pay → Confirm
#         user = login("test@example.com", "password")
#         cart = add_to_cart(user, product_id=1, qty=2)
#         order = checkout(cart)
#         payment = pay(order, card="4111111111111111")
#         assert payment.status == "approved"
#         assert order.status == "completed"
#         assert email_sent(user.email, "order_confirmation")

@dataclass
class TestLevel:
    level: str
    scope: str
    count: int
    automated: int
    pass_rate: float
    avg_time: str

test_levels = [
    TestLevel("Unit Test", "Function/Method", 500, 500, 98.5, "30s"),
    TestLevel("Integration Test", "Module/API", 120, 110, 96.2, "5min"),
    TestLevel("System Test", "End-to-end", 50, 40, 94.0, "30min"),
    TestLevel("Acceptance Test", "User Scenarios", 30, 15, 100.0, "2hr"),
]

print("\n=== Test Coverage ===")
total_tests = sum(t.count for t in test_levels)
for t in test_levels:
    auto_pct = (t.automated / t.count) * 100
    print(f"  [{t.level}] Tests: {t.count} | Auto: {auto_pct:.0f}%")
    print(f"    Pass Rate: {t.pass_rate}% | Duration: {t.avg_time}")
print(f"\n  Total: {total_tests} test cases")

Security SDL

# === Security Development Lifecycle (SDL) ===

# V-Model + Security at each phase:
# Requirements → Threat Modeling, Security Requirements
# Design → Secure Architecture Review, STRIDE Analysis
# Implementation → Secure Coding, SAST, Code Review
# Unit Test → Security Unit Tests
# Integration Test → DAST, API Security Test
# System Test → Penetration Testing
# Acceptance → Security Compliance Audit

# STRIDE Threat Model
# S - Spoofing: ปลอมตัวตน → Authentication
# T - Tampering: แก้ไขข้อมูล → Integrity Check
# R - Repudiation: ปฏิเสธการกระทำ → Audit Log
# I - Information Disclosure: ข้อมูลรั่ว → Encryption
# D - Denial of Service: ทำให้ล่ม → Rate Limiting
# E - Elevation of Privilege: ยกสิทธิ์ → Authorization

@dataclass
class SecurityActivity:
    phase: str
    activity: str
    tool: str
    frequency: str
    finding_type: str

security_activities = [
    SecurityActivity("Requirements", "Threat Modeling", "STRIDE Microsoft TMT", "ต้น Project", "Threats"),
    SecurityActivity("Design", "Architecture Review", "Manual Review", "ทุก Design Change", "Design Flaws"),
    SecurityActivity("Implementation", "SAST Scan", "SonarQube Semgrep", "ทุก Commit", "Code Vulnerabilities"),
    SecurityActivity("Implementation", "Dependency Scan", "Snyk Dependabot", "ทุกวัน", "CVEs"),
    SecurityActivity("Integration", "DAST Scan", "OWASP ZAP Burp", "ทุก Sprint", "Runtime Vulns"),
    SecurityActivity("System", "Penetration Test", "Manual + Tools", "ทุก Quarter", "Exploitable Vulns"),
    SecurityActivity("Acceptance", "Compliance Audit", "Manual Review", "ก่อน Release", "Compliance Gaps"),
]

print("Security Development Lifecycle:")
for s in security_activities:
    print(f"  [{s.phase}] {s.activity}")
    print(f"    Tool: {s.tool} | Frequency: {s.frequency}")
    print(f"    Finding: {s.finding_type}")

compliance = {
    "OWASP Top 10": "All addressed",
    "SAST Findings": "0 Critical, 2 Medium",
    "DAST Findings": "0 Critical, 1 Medium",
    "Dependency CVEs": "0 Critical, 5 Low",
    "Pen Test": "Passed (last quarter)",
    "Code Coverage (Security)": "85%",
}

print(f"\n\nSecurity Compliance:")
for k, v in compliance.items():
    print(f"  {k}: {v}")

เคล็ดลับ

Traceability: ทุก Requirement ต้องมี Test Case ที่สอดคล้อง
Early Testing: วางแผน Test ตั้งแต่ Requirements Phase
Automate: Automate Test ให้มากที่สุด โดยเฉพาะ Unit และ Integration
Security: เพิ่ม Security ทุก Phase ไม่ใช่แค่ตอนท้าย
Documentation: เอกสารสำคัญมากใน V-Model เก็บให้ครบ

V-Model คืออะไร

SDLC Model พัฒนาจาก Waterfall Testing คู่ทุกขั้นตอน ซ้าย Development ขวา Testing Requirements Acceptance Design System Coding Unit Safety-critical

แนะนำเพิ่มเติม — ดูสัญญาณเทรดที่ XM Signal

เนื้อหาเกี่ยวข้อง — ทำความเข้าใจ OpenID Connect DevSecOps Integration

เนื้อหาเกี่ยวข้อง — ดูเพิ่มเติมเรื่อง Prometheus Alertmanager Multi-tenant Design