Closed kelaja closed 5 months ago
Gaia-X compliance: @kelaja : No changes since Release 23.12 -> Could you please tick this checkbox? Gaia-X compliance is not relevant for the Discovery Finder.
Release Mangement
GDPR compliance: No changes since Release 23.12 Catena-X.GDPR.Declaration.and.Requirements_V2024.03_BPN.Discovery.xlsx
Interoperability Check: Interoperability was ensured to Release 23.12. Since then no changes have been made. @kelaja : Could you please tick this checkbox?
Data Sovereignty Check: @vialkoje : Could you please tick this checkbox? No significant changes since Release 23.12.
Verification of foreseen CX Standards: @thomas-henn : Could you please confirm? See also previous task for R23.12: https://github.com/eclipse-tractusx/sig-release/issues/121
Documentation
[ ] Arc42 MD files for arc42-documentation in Tractus-X repo: https://github.com/eclipse-tractusx/sldt-bpn-discovery/tree/main/docs
[ ] Administrator`s Guide (User assistance): MD files in Tractus-X repo: https://github.com/eclipse-tractusx/sldt-bpn-discovery/blob/main/README.md
[ ] End-User Manual (User assistance): End-user of the services is the developer who uses the API endpoints. Hence the swagger-ui of the service serves as the documentation. https://semantics.int.demo.catena-x.net/bpndiscovery/swagger-ui/index.html Also there is a detailed documentation available: https://github.com/eclipse-tractusx/sldt-bpn-discovery/tree/main/docs
[ ] Interfaces Documentation: Link to swagger UI documentation: https://semantics.int.demo.catena-x.net/bpndiscovery/swagger-ui/index.html
@vialkoje : Could you please check and approve the checkboxes?
Security Checks- Thread Modelling Analysis: No changes since Release 23.12. See also Security Assessment diagram: https://github.com/eclipse-tractusx/sldt-bpn-discovery/blob/main/docs/documentation.md#:~:text=Security-,Assessment,-Data%20Flow%20Diagram
@guenterban : Could you please check and approve it?
User Journey : @thomas-henn : Could you please confirm? See also previous task for R23.12: https://github.com/eclipse-tractusx/sig-release/issues/124
Compliant with the Style Guide: N/A → no User Interface / no Frontend for this Service
@jjeroch : Could you please check and approve it?
Verification of foreseen CX Standards: @thomas-henn : Could you please confirm? See also previous task for R23.12: #121
Yes, BPN Discovery Service is compliant with relevant published CX Standards.
User Journey : @thomas-henn : Could you please confirm? See also previous task for R23.12: #124
Yes, user journey of BPN Discovery is aligned along with e.g. Digital Twin Registry, Discovery Finder and Semantic Hub.
Security Checks - Dynamic Application Security Testing (DAST): Invicti scan has been made - the results can be seen here: https://www.netsparkercloud.com/scans/report/87f6d8d3119b4e596344b111023574bc/
@PiotrStys : Could you please review and approved it?
@tunacicek, results approved with a side note to validate the current DAST findings. Thank you.
Security Check- Secret scanning:
Secret Scanning (gitleaks) is activated and available: https://github.com/eclipse-tractusx/sldt-bpn-discovery/actions/workflows/gitleaks.yml
@DnlZF Could you please review and approved it?
Security Checks - Static Application Security Testing (SAST): Please see the results here: https://analysiscenter.veracode.com/auth/index.jsp#ReviewResultsAllFlaws:47240:1739413:32851550:32821208:32836858::5382788
@BANANAS1337 : Could you please review and approved it?
Security Checks - Software Composition Analysis (SCA): https://analysiscenter.veracode.com/auth/index.jsp#ReviewResultsSCA:47240:1739413:32851550:32821208:32836858:::::5382788: @BANANAS1337 : Could you please review and approved it?
Security Checks - nfrastructure as Code https://github.com/eclipse-tractusx/sldt-bpn-discovery/actions/workflows/kics.yml @RoKrish14 : Could you please review and approved it?
Test Results - E2E Integration Test Tests done: See result here: https://jira.catena-x.net/browse/CXSOLUTION-489
@tunacicek : As discussed-
SAST: Approved SCA: Approved IAC: Approved Secret Scanning: Approved
Compliant with the Style Guide: N/A → no User Interface / no Frontend for this Service
@jjeroch : Could you please check and approve it?
confirmed
Expert Approval granted for Documentation and data sovereignty.
INT test performed/documented. E2E test performed/documented. No high defect. TM approved @kelaja : please approve for "E2E Integration Test passed"
Open: InterOP ThreatModeling & Container Scans TRG QG approval postponed until topics addressed / no follow-up mtg required.
Discussed with @tunacicek Container Scans: Approved
Security Assessment Process (Threat Modeling Analysis) approved.
No significant changes detected since last release (23.12). No open critical & high finding remaining for this release.
Documentation of the assessment will be moved out to the GitHub repositories of the Products before the next release.
According to team no interoperability relevant changes for this release, therefore expert approval granted for interoperability
Hi all are these the proper information for the QG-Checks?
Product Owner: @bs-sili Dev SPOC: @tunacicek Helm Chart Version: 0.2.3 App Version: 0.2.8
Issue created https://github.com/eclipse-tractusx/sldt-bpn-discovery/issues/109
QG checks done.
QG4 approval granted. Congrats!
Release Info
Please provide information on what you want to be included in the Eclipse Tractus-X release. If you are not owner of this issue, please provide the information as comment to the issue.
Version to be included in Eclipse Tractus-X release: Helm Chart Version: 0.1.18 App Version: 0.2.8
Leading product repository: https://github.com/eclipse-tractusx/sldt-bpn-discovery
Compliance Verifications
This issue tracks all compliance related checks, that need to be performed for a product release in Eclipse Tractus-X.
Documentation
Security Checks
General Checks
Test Results
Helpful Links