R24.03 Semantic Hub - Release Checks

[kelaja]

Release Info

Please provide information on what you want to be included in the Eclipse Tractus-X release. If you are not owner of this issue, please provide the information as comment to the issue.

Version to be included in Eclipse Tractus-X release: helm version: semantic-hub- 0.1.35 Image version: 0.2.16

Leading product repository: https://github.com/eclipse-tractusx/sldt-semantic-hub

Compliance Verifications

This issue tracks all compliance related checks, that need to be performed for a product release in Eclipse Tractus-X.

• [x] Gaia-X compliance confirmed
• [x] GDPR compliance confirmed (personal data, data protection + privacy DPP)
• [x] Interoperability checks performed
• [x] Data Sovereignty checks performed
• [x] Compliant with relevant published CX Standards (see the Catena-X standard library)

Documentation

• [x] Arc24 documentation up-to-date
• [x] Administrators Guide up-to-date
• [x] End-User manual up-to-date
• [x] Interface documentation up-to-date

Security Checks

• [x] Thread Modelling Analysis passed
• [x] Static Application Security Testing (SAST) scans passed
• [x] Dynamic Application Security Testing (DAST) tests passed
• [x] Secret Scans passed
• [x] Software Composition Analysis (SCA) passed
• [x] Container Scans passed
• [x] Infrastructure as Code (IaC) scans passed

General Checks

• [x] Tractus-X Release Guidelines fulfilled https://github.com/eclipse-tractusx/sldt-semantic-hub/issues/243
• [x] Compliant with the Style Guide, fix will be delivered by @thomas-henn on release 24.05

Test Results

• [x] E2E Integration Test passed
• [x] User Journey approved

Helpful Links

• Eclipse Tractus-X openAPI specs on SwaggerHub
• Catena-X standard library

[tunacicek]

Gaia-X compliance: @kelaja : No changes since Release 23.12 with respect to Gaia-X compliance -> Could you please tick this checkbox?

[tunacicek]

@kelaja : GDPR Compliance: No changes since Release 23.12 Catena-X.GDPR.Declaration.and.Requirements_V2024.03_SemHub.xlsx

[tunacicek]

Interoperability Check: Interoperability was ensured to Release 23.12. Since then no changes have been made. @kelaja : Could you please tick this checkbox?

[tunacicek]

Data Sovereignty Check: @vialkoje : Could you please tick this checkbox? No significant changes since Release 23.12. See also Description for R24.03

[tunacicek]

Verification of foreseen CX Standards: @thomas-henn : Could you please confirm? See also previous task for R23.12: https://github.com/eclipse-tractusx/sig-release/issues/125

[tunacicek]

Documentation

• [ ] Arc42 https://github.com/eclipse-tractusx/sldt-semantic-hub/blob/main/docs/documentation.md

• [ ] Administrator`s Guide (User assistance): https://github.com/eclipse-tractusx/sldt-semantic-hub/blob/main/README.md

• [ ] End-User Manual (User assistance): End-user of the services is the developer who uses the API endpoints. Hence the swagger-ui of the services serves as the documentation. https://semantics.int.demo.catena-x.net/hub/swagger-ui/index.html There is a rudimentary integration to the Cantena-X portal, for which an End User explanation available on Portal UI https://portal.int.demo.catena-x.net/datamanagement

• [ ] Interfaces Documentation: Link to swagger UI documentation: https://semantics.int.demo.catena-x.net/hub/swagger-ui/index.html

@vialkoje : No significant changes since Release 23.12. Could you please check and approve the checkboxes?

[tunacicek]

Security Checks- Thread Modelling Analysis: No changes since Release 23.12. See also Security Assessment diagram: https://github.com/eclipse-tractusx/sldt-semantic-hub/blob/main/docs/documentation.md#:~:text=s%20%3Fp%20%3Fo%20.%0A%7D-,Security,-Assessment

@guenterban : Could you please check and approve it?

[tunacicek]

User Journey : @thomas-henn : Could you please confirm? See also previous task for R23.12: https://github.com/eclipse-tractusx/sig-release/issues/128

[thomas-henn]

Verification of foreseen CX Standards: @thomas-henn : Could you please confirm? See also previous task for R23.12: #125

Yes, Semantic Hub is compliant with relevant published CX Standards.

[thomas-henn]

User Journey : @thomas-henn : Could you please confirm? See also previous task for R23.12: #128

Yes, user journey of Semantic Hub is aligned along with e.g. Digital Twin Registry, Discovery Services and Semantic Hub.

[tunacicek]

Security Checks - Dynamic Application Security Testing (DAST): Invicti scan has been made - the results can be seen here: https://www.netsparkercloud.com/scans/report/098b72536de448934397b11101ec06f6/

@PiotrStys : Could you please review and approved it?

[PiotrStys]

Hi @tunacicek, DAST approved.

[tunacicek]

Security Check- Secret scanning:

Secret Scanning (gitleaks) is activated and available: https://github.com/eclipse-tractusx/sldt-semantic-hub/actions/workflows/gitleaks.yml

@DnlZF Could you please review and approved it?

[tunacicek]

Security Checks - Static Application Security Testing (SAST): See the results here: https://analysiscenter.veracode.com/auth/index.jsp#ReviewResultsAllFlaws:47240:1397649:32851557:32821215:32836865::4406299

@BANANAS1337 : Could you please review and approved it?

[tunacicek]

Security Checks - Software Composition Analysis (SCA): https://analysiscenter.veracode.com/auth/index.jsp#ReviewResultsSCA:47240:1397649:32851557:32821215:32836865:::::4406299: @BANANAS1337 : Could you please review and approved it?

[tunacicek]

Security Checks - nfrastructure as Code https://github.com/eclipse-tractusx/sldt-semantic-hub/actions/workflows/kics.yml @RoKrish14 : Could you please review and approved it?

[tunacicek]

General Checks - Compliant with the Style Guide No changes since Release 23.12 UI is part of the Portal and considered there https://portal.int.demo.catena-x.net/semantichub @jjeroch : Could you please review and approve it?

[tunacicek]

Test Results - E2E Integration Test Tests done: See result here: https://jira.catena-x.net/browse/A1SLDT-1505

[RoKrish14]

@tunacicek : As discussed-

SAST: Approved SCA: Approved IAC: Approved Secret Scanning: Approved

[jjeroch]

General Checks - Compliant with the Style Guide No changes since Release 23.12 UI is part of the Portal and considered there https://portal.int.demo.catena-x.net/semantichub @jjeroch : Could you please review and approve it?

@tunacicek we have a open defect from last release. We approved last release with the condition that the defect is getting solved in release 24.03. - whats the status. It looks still "undone" - https://github.com/eclipse-tractusx/sldt-semantic-hub/issues/157

[tunacicek]

General Checks - Compliant with the Style Guide No changes since Release 23.12 UI is part of the Portal and considered there https://portal.int.demo.catena-x.net/semantichub @jjeroch : Could you please review and approve it?

@tunacicek we have a open defect from last release. We approved last release with the condition that the defect is getting solved in release 24.03. - whats the status. It looks still "undone" - eclipse-tractusx/sldt-semantic-hub#157

Hi @jjeroch We updated in the backend to the newest sdk and enabled the diagram API again. The adjustments need to be done on the Portal UI side. @ma3u Do you have any updates on the UI part?

[vialkoje]

Expert Approval granted for Documentation and data sovereignty.

[DirkBTSI]

INT test performed/documented. E2E test performed/documented. No high defect. TM approved @kelaja : please approve for "E2E Integration Test passed"

[RolaH1t]

Open: InterOP ThreatModeling & Container Scans StyleGuide TRG QG approval postponed until topics addressed / no follow-up mtg required.

[RoKrish14]

Discussed with @tunacicek Container Scans: Approved

[szymonkowalczykzf]

Security Assessment Process (Threat Modeling Analysis) approved.

No significant changes detected since last release (23.12). No open critical & high finding remaining for this release.

Documentation of the assessment will be moved out to the GitHub repositories of the Products before the next release.

[HiHenrik]

According to team no interoperability relevant changes for this release, therefore expert approval granted for interoperability

[carslen]

TRG checks completed.

[RolaH1t]

@tunacicek any update or conclusion on StyleGuide/UI? This is the only blocker from QG approval...

[FaGru3n]

Hi all,

will this be also in your interest?

• [ ] Compliant with the Style Guide, fix will be delivered by @thomas-henn on release 24.05

@thomas-henn please provide a information / draft for the current release note.

Thanks in advance.

[thomas-henn]

@FaGru3n: With the support of @jjeroch and @mkanal the issue is under https://github.com/eclipse-tractusx/portal-frontend/issues/446 Currently in clarification if this can be solved for release 24.05.

[RolaH1t]

yes, @thomas-henn , no changes to our alignment yesterday. but in order to pass this current QG here we need two things: 1) a short "OK" from @jjeroch that she approves this approach for Release 24.03 and 2) your draft description of the "knownknown" which will remain unresolved for 24.03 Thx

[RolaH1t]

@thomas-henn & @jjeroch pls add your final conclusion here

[jjeroch]

@FaGru3n: With the support of @jjeroch and @mkanal the issue is under eclipse-tractusx/portal-frontend#446 Currently in clarification if this can be solved for release 24.05.

Hi, its a must with 24.05. I think it was really a miss to approach the ticket in the given time. Now after we offered to take it over again; a different team was approached. Thats not ideal. However we can not change this anymore but should improve in future. 24.03. approved

[RolaH1t]

all pre-conditions fulfilled, QG approval granted. Congrats.