eclipse-tractusx / sig-release

https://eclipse-tractusx.github.io/sig-release
Apache License 2.0
8 stars 8 forks source link

R24.05 Discovery Finder - Release Checks #668

Closed agg3fe closed 3 months ago

agg3fe commented 5 months ago

[!IMPORTANT]
Follow the guidance on how to use the templates.

Release Info

Please provide information on what you want to be included in the Eclipse Tractus-X release. If you are not owner of this issue, please provide the information as comment to the issue. Make sure to assign this issue to expert(s) for their approval, as soon as you have finished preparation. Multiple assignees allowed; they will un-assign themselves once review completed.

Version to be included in Eclipse Tractus-X release: helm: discoveryfinder-0.2.5 Image version: 0.3.1

Leading product repository: https://github.com/eclipse-tractusx/sldt-discovery-finder

Compliance Verifications

This issue tracks all checks, that need to be performed for a product release in Eclipse Tractus-X.

General Checks

[!NOTE] Note: most criteria for documentation and security are now covered in TRGs

Security Checks

Test Results

Helpful Links

agg3fe commented 4 months ago

Interoperability Check: Interoperability was ensured to Release 23.12. Since then no changes have been made from Interoperability perspective. per-henrik.addicks@sap.com : Could you please tick this checkbox?

agg3fe commented 4 months ago

Data Sovereignty Check: @vialkoje : Could you please tick this checkbox? No significant changes since Release 23.12.

agg3fe commented 4 months ago

Security Checks- Threat Modelling Analysis: No changes since Release 23.12. See also Security Assessment diagram: https://github.com/eclipse-tractusx/sldt-discovery-finder/blob/main/docs/documentation.md#:~:text=INSTALL.md.-,Security,-Assessment

@guenterban : Could you please check and approve it?

agg3fe commented 4 months ago

User Journey : @thomas-henn : Could you please confirm? See also previous task for R23.12: https://github.com/eclipse-tractusx/sig-release/issues/120

agg3fe commented 4 months ago

@kelaja A self review of the TRGs have been done and everything looks good.

agg3fe commented 4 months ago

Trivy Scan: https://github.com/eclipse-tractusx/sldt-discovery-finder/actions/runs/8962171090 Security scan: https://github.com/eclipse-tractusx/sldt-discovery-finder/security/code-scanning

thomas-henn commented 4 months ago

Yes, I hereby confirm that the requirements for the "User Journey" of the Discovery Finder are fulfilled.

agg3fe commented 4 months ago

cbrugg: Could you please provide the approval for E2E integration tests passed.

cbrugg commented 4 months ago

I can confirm that the E2E Tests as well as INT Tests for the Discovery Finder have been performed. Thank You.

RolaH1t commented 4 months ago

QG review 14-May Interoperability & DataSov approvals outstanding TRG crosscheck will be performed cw20; no blockers SEC (thread modelling) update expected 14-May no follow-up mtg required

szymonkowalczykzf commented 4 months ago

Threat Modeling - Based on the old assessment - all required recommendations were adressed. Could you please confirm that no functional changes / implementation of new application component was done since the last release ?

I would also like to have a meeting so that we can update the currently existing diagrams and move the report to the App Repo - but it can wait after the QG.

Please confirm the above so that I could proceed with the approval.

agg3fe commented 4 months ago

Threat Modeling - Based on the old assessment - all required recommendations were adressed. Could you please confirm that no functional changes / implementation of new application component was done since the last release ?

I would also like to have a meeting so that we can update the currently existing diagrams and move the report to the App Repo - but it can wait after the QG.

Please confirm the above so that I could proceed with the approval.

Hi @szymonkowalczykzf , Yes, we do not have any changes from the security perspective and no new application component has been added. So this is fine from our side.

Regarding the existing security diagram, we have already moved the diagram to our repo https://github.com/eclipse-tractusx/sldt-discovery-finder/blob/main/docs/documentation.md#security-assessment Let us know if still any actions are required from our side. We can have meeting if you want.

Thanks

szymonkowalczykzf commented 4 months ago

Threat Modeling - Based on the old assessment - all required recommendations were adressed. Could you please confirm that no functional changes / implementation of new application component was done since the last release ? I would also like to have a meeting so that we can update the currently existing diagrams and move the report to the App Repo - but it can wait after the QG. Please confirm the above so that I could proceed with the approval.

Hi @szymonkowalczykzf , Yes, we do not have any changes from the security perspective and no new application component has been added. So this is fine from our side.

Regarding the existing security diagram, we have already moved the diagram to our repo https://github.com/eclipse-tractusx/sldt-discovery-finder/blob/main/docs/documentation.md#security-assessment Let us know if still any actions are required from our side. We can have meeting if you want.

Thanks

Threat Modeling - Approved - Thanks for quick reply.

vialkoje commented 4 months ago

the discovery finder is not secured via data sovereignty policies as the expectation is, that the data in the discovery finder is not subject to sovereignty requirements of the partners. It is secured via access tokens though. Expert Approval granted

RolaH1t commented 4 months ago

Interoperability update: if your QG approval was not obtained by now via the communicated channels, please perform a self-assessment and document your results here. reference approval(s) of previous Release(s) - if applicable - and point out significant modifications relevant for InterOp - if any. (note: capacity of approving experts is very limited at this advanced point of time)

agg3fe commented 4 months ago

Interoperability update: if your QG approval was not obtained by now via the communicated channels, please perform a self-assessment and document your results here. reference approval(s) of previous Release(s) - if applicable - and point out significant modifications relevant for InterOp - if any. (note: capacity of approving experts is very limited at this advanced point of time)

@RolaH1t There are no major changes from the interoperability perspective in this release. Here's the link for previous approval https://github.com/eclipse-tractusx/sig-release/issues/502#issuecomment-1954697847

RolaH1t commented 4 months ago

thanks @agg3fe please check the relevant box on top

RolaH1t commented 4 months ago

??? where can the evidence for successful TRG checks be found ? add link please!

agg3fe commented 4 months ago

??? where can the evidence for successful TRG checks be found ? add link please!

A self review was done by me and Tuna.

RolaH1t commented 4 months ago

Congrats: Quality Gate fully approved with all necessary pre-requisites fulfilled! Thanks for all your efforts, Roland

stephanbcbauer commented 3 months ago

Hello @agg3fe

Since the feature is a 24.05 feature and the development phase for 24.08 is coming to an end, we need a status on the feature. Can you please update the status?

If you need any clarification, please get in touch, thank you very much.

Stephan

agg3fe commented 3 months ago

As the task is complete and approval is granted, closing the issue. please reopen or let us know incase something.