R24.03 Discovery Finder - Release Checks

[kelaja]

Release Info

Please provide information on what you want to be included in the Eclipse Tractus-X release. If you are not owner of this issue, please provide the information as comment to the issue.

Version to be included in Eclipse Tractus-X release: helm: discoveryfinder-0.1.18 Image version: 0.2.7

Leading product repository: https://github.com/eclipse-tractusx/sldt-discovery-finder

Compliance Verifications

This issue tracks all compliance related checks, that need to be performed for a product release in Eclipse Tractus-X.

• [x] Gaia-X compliance confirmed
• [x] GDPR compliance confirmed (personal data, data protection + privacy DPP)
• [x] Interoperability checks performed
• [x] Data Sovereignty checks performed
• [x] Compliant with relevant published CX Standards (see the Catena-X standard library)

Documentation

• [x] Arc24 documentation up-to-date
• [x] Administrators Guide up-to-date
• [x] End-User manual up-to-date
• [x] Interface documentation up-to-date

Security Checks

• [x] Thread Modelling Analysis passed
• [x] Static Application Security Testing (SAST) scans passed
• [x] Dynamic Application Security Testing (DAST) tests passed
• [x] Secret Scans passed
• [x] Software Composition Analysis (SCA) passed
• [x] Container Scans passed
• [x] Infrastructure as Code (IaC) scans passed

General Checks

• [x] Tractus-X Release Guidelines fulfilled https://github.com/eclipse-tractusx/sldt-discovery-finder/issues/110
• [x] Compliant with the Style Guide

Test Results

• [x] E2E Integration Test passed
• [x] User Journey approved

Helpful Links

• Eclipse Tractus-X openAPI specs on SwaggerHub
• Catena-X standard library

[tunacicek]

Gaia-X compliance: @kelaja : No changes since Release 23.12 -> Could you please tick this checkbox? Gaia-X compliance is not relevant for the Discovery Finder.

[tunacicek]

@kelaja : GDPR Compliance: No changes since Release 23.12 Catena-X.GDPR.Declaration.and.Requirements_V2024.03_Discovery.Finder.xlsx

[tunacicek]

Interoperability Check: Interoperability was ensured to Release 23.12. Since then no changes have been made. @kelaja : Could you please tick this checkbox?

[tunacicek]

Data Sovereignty Check: @vialkoje : Could you please tick this checkbox? No significant changes since Release 23.12.

[tunacicek]

Verification of foreseen CX Standards: @thomas-henn : Could you please confirm? See also previous task for R23.12: https://github.com/eclipse-tractusx/sig-release/issues/117

[tunacicek]

Documentation

• [ ] Arc42 MD files in Tractus-X repo: Arc42: https://github.com/eclipse-tractusx/sldt-discovery-finder/tree/main/docs

• [ ] Administrator`s Guide (User assistance): MD files in Tractus-X repo: https://github.com/eclipse-tractusx/sldt-discovery-finder/blob/main/README.md

• [ ] End-User Manual (User assistance): End-user of the services is the developer who uses the API endpoints. Hence the swagger-ui of the services serves as the documentation. https://semantics.int.demo.catena-x.net/discoveryfinder/swagger-ui/index.html Also there is a detailed documentation available: https://github.com/eclipse-tractusx/sldt-discovery-finder/tree/main/docs

• [ ] Interfaces Documentation: Link to swagger UI documentation: https://semantics.int.demo.catena-x.net/discoveryfinder/swagger-ui/index.html

@vialkoje : Could you please check and approve the checkboxes?

[tunacicek]

Security Checks- Thread Modelling Analysis: No changes since Release 23.12. See also Security Assessment diagram: https://github.com/eclipse-tractusx/sldt-discovery-finder/blob/main/docs/documentation.md#:~:text=INSTALL.md.-,Security,-Assessment

@guenterban : Could you please check and approve it?

[tunacicek]

User Journey : @thomas-henn : Could you please confirm? See also previous task for R23.12: https://github.com/eclipse-tractusx/sig-release/issues/120

[tunacicek]

Compliant with the Style Guide: N/A → no User Interface / no Frontend for this Service

@jjeroch : Could you please check and approve it?

[thomas-henn]

Verification of foreseen CX Standards: @thomas-henn : Could you please confirm? See also previous task for R23.12: #117

Yes, Discovery Finder is compliant with relevant published CX Standards.

[thomas-henn]

User Journey : @thomas-henn : Could you please confirm? See also previous task for R23.12: #120

Yes, user journey of Discovery Finder is aligned along with e.g. Digital Twin Registry, BPN Discovery and Semantic Hub.

[tunacicek]

Security Checks - Dynamic Application Security Testing (DAST): Invicti scan has been made - the results can be seen here: https://www.netsparkercloud.com/scans/report/b49918c6505a46783ef3b11101e9d7e0/

@PiotrStys : Could you please review and approved it?

[PiotrStys]

Hi @tunacicek, DAST approved.

[tunacicek]

Security Check- Secret scanning:

Secret Scanning (gitleaks) is activated and available: https://github.com/eclipse-tractusx/sldt-discovery-finder/actions/workflows/gitleaks.yml

@DnlZF Could you please review and approved it?

[tunacicek]

Security Checks - Static Application Security Testing (SAST): See the results here: https://analysiscenter.veracode.com/auth/index.jsp#ReviewResultsAllFlaws:47240:1739409:32851565:32821223:32836873::5382776

@BANANAS1337 : Could you please review and approved it?

[tunacicek]

Security Checks - Software Composition Analysis (SCA): https://analysiscenter.veracode.com/auth/index.jsp#ReviewResultsSCA:47240:1739409:32851565:32821223:32836873:::::5382776: @BANANAS1337 : Could you please review and approved it?

[tunacicek]

Security Checks - nfrastructure as Code https://github.com/eclipse-tractusx/sldt-discovery-finder/actions/workflows/kics.yml @RoKrish14 : Could you please review and approved it?

[tunacicek]

Test Results - E2E Integration Test Tests done: See result here: https://jira.catena-x.net/browse/CXSOLUTION-489

[RoKrish14]

@tunacicek : As discussed-

SAST: Approved SCA: Approved IAC: Approved Secret Scanning: Approved

[jjeroch]

Compliant with the Style Guide: N/A → no User Interface / no Frontend for this Service

@jjeroch : Could you please check and approve it?

confirmed

[vialkoje]

Expert Approval granted for Documentation and data sovereignty.

[DirkBTSI]

INT test performed/documented. E2E test performed/documented. No high defect. TM approved @kelaja : please approve for "E2E Integration Test passed"

[RolaH1t]

Open: InterOP ThreatModeling & Container Scans TRG QG approval postponed until topics addressed / no follow-up mtg required.

[RoKrish14]

Discussed with @tunacicek Container Scans: Approved

[szymonkowalczykzf]

Security Assessment Process (Threat Modeling Analysis) approved.

No significant changes detected since last release (23.12). No open critical & high finding remaining for this release.

Documentation of the assessment will be moved out to the GitHub repositories of the Products before the next release.

[HiHenrik]

According to team no interoperability relevant changes for this release, therefore expert approval granted for interoperability

[tomaszbarwicki]

QG checks completed: https://github.com/eclipse-tractusx/sldt-discovery-finder/issues/110

[RolaH1t]

QG approval granted! Congrats, Roland