Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

R24.03 Discovery Finder - Release Checks #502

Closed
20 tasks done
kelaja opened this issue Jan 30, 2024 · 28 comments
Closed
20 tasks done

R24.03 Discovery Finder - Release Checks #502

kelaja opened this issue Jan 30, 2024 · 28 comments
Assignees
@tomaszbarwicki @kelaja @thomas-henn
Labels
compliance RM compliance discovery finder Feature/Bug for Discovery Finder component documentation RM documentation
Milestone
24.03

Comments

@kelaja
Copy link
Contributor

kelaja commented Jan 30, 2024
edited by tomaszbarwicki
Loading

Release Info

Please provide information on what you want to be included in the Eclipse Tractus-X release.
If you are not owner of this issue, please provide the information as comment to the issue.

Version to be included in Eclipse Tractus-X release:
helm: discoveryfinder-0.1.18
Image version: 0.2.7

Leading product repository: https://github.com/eclipse-tractusx/sldt-discovery-finder

Compliance Verifications

This issue tracks all compliance related checks, that need to be performed for a product release in Eclipse Tractus-X.

  • Gaia-X compliance confirmed
  • GDPR compliance confirmed (personal data, data protection + privacy DPP)
  • Interoperability checks performed
  • Data Sovereignty checks performed
  • Compliant with relevant published CX Standards (see the Catena-X standard library)

Documentation

  • Arc24 documentation up-to-date
  • Administrators Guide up-to-date
  • End-User manual up-to-date
  • Interface documentation up-to-date

Security Checks

  • Thread Modelling Analysis passed
  • Static Application Security Testing (SAST) scans passed
  • Dynamic Application Security Testing (DAST) tests passed
  • Secret Scans passed
  • Software Composition Analysis (SCA) passed
  • Container Scans passed
  • Infrastructure as Code (IaC) scans passed

General Checks

Test Results

  • E2E Integration Test passed
  • User Journey approved

Helpful Links
@kelaja kelaja added documentation RM documentation compliance RM compliance discovery finder Feature/Bug for Discovery Finder component labels Jan 30, 2024
@kelaja kelaja added this to the 24.03 milestone Jan 30, 2024
@tunacicek
Copy link

Gaia-X compliance:
@kelaja : No changes since Release 23.12 -> Could you please tick this checkbox?
Gaia-X compliance is not relevant for the Discovery Finder.

@tunacicek
Copy link

@kelaja :
GDPR Compliance:
No changes since Release 23.12
Catena-X.GDPR.Declaration.and.Requirements_V2024.03_Discovery.Finder.xlsx

@tunacicek
Copy link

Interoperability Check:
Interoperability was ensured to Release 23.12. Since then no changes have been made.
@kelaja : Could you please tick this checkbox?

@tunacicek
Copy link

Data Sovereignty Check:
@vialkoje : Could you please tick this checkbox?
No significant changes since Release 23.12.

@tunacicek
Copy link

Verification of foreseen CX Standards:
@thomas-henn : Could you please confirm?
See also previous task for R23.12: #117

@tunacicek
Copy link

Documentation

@vialkoje : Could you please check and approve the checkboxes?

@tunacicek
Copy link

tunacicek commented Feb 8, 2024
edited
Loading

Security Checks- Thread Modelling Analysis:
No changes since Release 23.12.
See also Security Assessment diagram:
https://github.com/eclipse-tractusx/sldt-discovery-finder/blob/main/docs/documentation.md#:~:text=INSTALL.md.-,Security,-Assessment

@guenterban : Could you please check and approve it?

@tunacicek
Copy link

User Journey :
@thomas-henn : Could you please confirm?
See also previous task for R23.12: #120

@tunacicek
Copy link

Compliant with the Style Guide:
N/A → no User Interface / no Frontend for this Service

@jjeroch : Could you please check and approve it?

@thomas-henn
Copy link

Verification of foreseen CX Standards: @thomas-henn : Could you please confirm? See also previous task for R23.12: #117

Yes, Discovery Finder is compliant with relevant published CX Standards.

@thomas-henn
Copy link

User Journey : @thomas-henn : Could you please confirm? See also previous task for R23.12: #120

Yes, user journey of Discovery Finder is aligned along with e.g. Digital Twin Registry, BPN Discovery and Semantic Hub.

@tunacicek
Copy link

tunacicek commented Feb 9, 2024
edited
Loading

Security Checks - Dynamic Application Security Testing (DAST):
Invicti scan has been made - the results can be seen here: https://www.netsparkercloud.com/scans/report/b49918c6505a46783ef3b11101e9d7e0/

@PiotrStys : Could you please review and approved it?

@PiotrStys
Copy link

Hi @tunacicek,
DAST approved.

@tunacicek
Copy link

Security Check- Secret scanning:

Secret Scanning (gitleaks) is activated and available: https://github.com/eclipse-tractusx/sldt-discovery-finder/actions/workflows/gitleaks.yml

@DnlZF Could you please review and approved it?

@tunacicek
Copy link

Security Checks - Static Application Security Testing (SAST):
See the results here:
https://analysiscenter.veracode.com/auth/index.jsp#ReviewResultsAllFlaws:47240:1739409:32851565:32821223:32836873::5382776

@BANANAS1337 : Could you please review and approved it?

@tunacicek
Copy link

Security Checks - Software Composition Analysis (SCA):
https://analysiscenter.veracode.com/auth/index.jsp#ReviewResultsSCA:47240:1739409:32851565:32821223:32836873:::::5382776:
@BANANAS1337 : Could you please review and approved it?

@tunacicek
Copy link

Security Checks - nfrastructure as Code
https://github.com/eclipse-tractusx/sldt-discovery-finder/actions/workflows/kics.yml
@RoKrish14 : Could you please review and approved it?

@tunacicek
Copy link

Test Results - E2E Integration Test
Tests done: See result here:
https://jira.catena-x.net/browse/CXSOLUTION-489

@RoKrish14
Copy link

@tunacicek : As discussed-

SAST: Approved
SCA: Approved
IAC: Approved
Secret Scanning: Approved

@jjeroch
Copy link

jjeroch commented Feb 14, 2024

Compliant with the Style Guide: N/A → no User Interface / no Frontend for this Service

@jjeroch : Could you please check and approve it?

confirmed

@tomaszbarwicki tomaszbarwicki self-assigned this Feb 16, 2024
@vialkoje
Copy link

Expert Approval granted for Documentation and data sovereignty.

@DirkBTSI
Copy link

INT test performed/documented.
E2E test performed/documented.
No high defect.
TM approved
@kelaja : please approve for "E2E Integration Test passed"

@RolaH1t
Copy link
Contributor

RolaH1t commented Feb 20, 2024

Open:
InterOP
ThreatModeling & Container Scans
TRG
QG approval postponed until topics addressed / no follow-up mtg required.

@RoKrish14
Copy link

Discussed with @tunacicek
Container Scans: Approved

@szymonkowalczykzf
Copy link

Security Assessment Process (Threat Modeling Analysis) approved.

No significant changes detected since last release (23.12).
No open critical & high finding remaining for this release.

Documentation of the assessment will be moved out to the GitHub repositories of the Products before the next release.

@HiHenrik
Copy link

According to team no interoperability relevant changes for this release, therefore expert approval granted for interoperability

@tomaszbarwicki
Copy link
Contributor

QG checks completed: eclipse-tractusx/sldt-discovery-finder#110

@RolaH1t
Copy link
Contributor

RolaH1t commented Feb 27, 2024

QG approval granted!
Congrats, Roland

@kelaja kelaja closed this as completed Mar 13, 2024
@agg3fe agg3fe mentioned this issue May 16, 2024
Closed
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tomaszbarwicki tomaszbarwicki

@kelaja kelaja

@thomas-henn thomas-henn

Labels
compliance RM compliance discovery finder Feature/Bug for Discovery Finder component documentation RM documentation
Projects
Release Planning
Status: Done
Milestone
24.03
Development

No branches or pull requests