-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
R23.04 BPDM Country Risk - Release Checks #497
Comments
After some emails exchanged with @jjeroch and Werner Jost, the responsible, it was concluded that our product already has its app registered in the marketplace and, being a VAS, does not require any extra action for the Gaia-X compliance confirmed point. |
Repo urls https://github.com/eclipse-tractusx/vas-country-risk Veracode Scans can be checked Trivy scans can be checked https://github.com/eclipse-tractusx/vas-country-risk/actions/workflows/trivy.yml https://github.com/eclipse-tractusx/vas-country-risk-backend/actions/workflows/trivy.yml |
SAST and SCA approved |
Secret Scanning approved |
Documentation existing and looking consistent - Data sovereinty requirements unchanged for 24.03 - Expert Assessment passed. Please consider the Data Sovereignty Criteria for 24.05 -> https://confluence.catena-x.net/x/NTeJBg |
Trivy: Container Scans : : Approved |
E2E test completed successfully. Please approve @phirabu |
@kelaja As there were no significant changes which relates to GDPR, we can take the declaration from R.3.1. See Jira Ticket https://jira.catena-x.net/browse/CXRM-1025 |
Security Assessment Process (Threat Modeling Analysis) approved. Re-assessment was done on Wednesday 31st Jan 2024. No open critical & high findings remains. |
We herby confirm that we considered (as good as possible) all relevant CX-Standards as well as that we reviewed the content of upcoming STAN Request as good as possible @kelaja |
From a pure Interoperability perspective, this VAS service does not need to be interoperable, since it is a value add on provided based on BPDM data provided by the operating company. There is not true interoperability requirement between compatible app providers at this point in time. However, Catena-X architecture framework components (EDC and oAUTH) mechanisms have been applied, so there is no objection from an Enterprise Architecture perspective. Approved! |
@kelaja: User Journey approved |
Hi @jjeroch So i created a issue for the High Findings and one for the Medium findings For the High Findings a Pull Request is already created with the solution eclipse-tractusx/vas-country-risk#87 everything can be checked on the country risk url https://country-risk-dashboard.int.demo.catena-x.net/ |
Hi all, generated eclipse-tractusx/vas-country-risk#88 for QG-Checks which version should be checked? |
Interim Status für Q check on 19.Feb.2024: APPROVED |
The current version is of the charts are 3.0.9 but once we have the fix accepted by @jjeroch commented above #497 (comment) i will release a new version So the latest is https://github.com/eclipse-tractusx/vas-country-risk/releases/tag/country-risk-3.0.9 , can you check this one and after we can connect if something is missing should we have also TRG issue for our backend ? https://github.com/eclipse-tractusx/vas-country-risk-backend ( no charts on this one ) |
INT test performed/documented. |
CountryRisk team will provide latest code version to address high finding wrt StyleGuide. |
Rescan requested by @fabiodmota SAST: Approved |
High finding was resolved; the medium findings are moved to 24.05. release for fix |
QG-Checks done, thanks for the work @fabiodmota and dedicated information are shared in separate issue. |
QG approval now complete! |
After all checks on QG and after approval a version was released contained all the fixes and pull requests done: chart version: https://github.com/eclipse-tractusx/vas-country-risk/releases/tag/country-risk-3.0.11 |
thx for the info - and pls clarify: |
Release Info
Please provide information on what you want to be included in the Eclipse Tractus-X release.
If you are not owner of this issue, please provide the information as comment to the issue.
Version to be included in Eclipse Tractus-X release: Chart Version: 3.0.9 App Version: 1.3.0
Leading product repository: vas-country-risk
Compliance Verifications
This issue tracks all compliance related checks, that need to be performed for a product release in Eclipse Tractus-X.
Documentation
Security Checks
General Checks
Test Results
Helpful Links
The text was updated successfully, but these errors were encountered: