Closed agg3fe closed 5 days ago
agg3fe
commented
1 month ago Interoperability Check: Interoperability was ensured to Release 23.12. Since then no changes have been made from Interoperability perspective. HiHenrik: Could you please tick this checkbox?
agg3fe
commented
1 month ago Data Sovereignty Check: @vialkoje : Could you please tick this checkbox? No significant changes since Release 23.12.
agg3fe
commented
1 month ago Security Checks- Thread Modelling Analysis: No changes since Release 23.12. See also Security Assessment diagram: https://github.com/eclipse-tractusx/sldt-bpn-discovery/blob/main/docs/documentation.md#:~:text=Security-,Assessment,-Data%20Flow%20Diagram
@guenterban : Could you please check and approve it?
agg3fe
commented
1 month ago User Journey : @thomas-henn : Could you please confirm? See also previous task for R23.12: https://github.com/eclipse-tractusx/sig-release/issues/124
agg3fe
commented
1 month ago agg3fe
commented
1 month ago Security Checks - nfrastructure as Code https://github.com/eclipse-tractusx/sldt-bpn-discovery/actions/workflows/kics.yml @RoKrish14 : Could you please review and approved it?
agg3fe
commented
1 month ago @kelaja A self review of the TRGs have been done and everything looks good.
thomas-henn
commented
1 month ago Yes, I hereby confirm that the requirements for the "User Journey" of the BPN Discovery are fulfilled.
agg3fe
commented
1 month ago cbrugg: Could you please provide the approval for E2E integration tests passed.
cbrugg
commented
1 month ago I can confirm that the E2E Tests as well as INT Tests for the BPN Discovery have been performed. Thank You.
RolaH1t
commented
1 month ago QG review 14-May Interoperability & DataSov approvals outstanding TRG crosscheck will be performed cw20; no blockers SEC (thread modelling) update expected 14-May no follow-up mtg required
szymonkowalczykzf
commented
1 month ago Threat Modeling - Based on the old assessment - all required recommendations were adressed. Could you please confirm that no functional changes / implementation of new application component was done since the last release ?
I would also like to have a meeting so that we can update the currently existing diagrams and move the report to the App Repo - but it can wait after the QG.
Please confirm the above so that I could proceed with the approval.
agg3fe
commented
1 month ago Threat Modeling - Based on the old assessment - all required recommendations were adressed. Could you please confirm that no functional changes / implementation of new application component was done since the last release ?
I would also like to have a meeting so that we can update the currently existing diagrams and move the report to the App Repo - but it can wait after the QG.
Please confirm the above so that I could proceed with the approval.
Hi @szymonkowalczykzf , Yes, we do not have any changes from the security perspective and no new application component has been added. So this is fine from our side.
Regarding the existing security diagram, we have already moved the diagram to our repo https://github.com/eclipse-tractusx/sldt-bpn-discovery/blob/main/docs/documentation.md#security-assessment Let us know if still any actions are required from our side. We can have meeting if you want.
Thanks
RoKrish14
commented
1 month ago Security Checks - nfrastructure as Code https://github.com/eclipse-tractusx/sldt-bpn-discovery/actions/workflows/kics.yml @RoKrish14 : Could you please review and approved it?
Security checks
Info: These security checks are now mandated as part of TRG 8.0 Security. This essentially means, all the High and Critical findings must be addressed to fulfil general TRG checks.
szymonkowalczykzf
commented
1 month ago Threat Modeling - Based on the old assessment - all required recommendations were adressed. Could you please confirm that no functional changes / implementation of new application component was done since the last release ? I would also like to have a meeting so that we can update the currently existing diagrams and move the report to the App Repo - but it can wait after the QG. Please confirm the above so that I could proceed with the approval.
Hi @szymonkowalczykzf , Yes, we do not have any changes from the security perspective and no new application component has been added. So this is fine from our side.
Regarding the existing security diagram, we have already moved the diagram to our repo https://github.com/eclipse-tractusx/sldt-bpn-discovery/blob/main/docs/documentation.md#security-assessment Let us know if still any actions are required from our side. We can have meeting if you want.
Thanks
Threat Modeling - Approved - Thanks for quick reply.
vialkoje
commented
1 month ago the BPN Discovery is not secured via data sovereignty policies as the expectation is, that the data in the discovery finder is not subject to sovereignty requirements of the partners. It is secured via access tokens though. Expert Approval granted
RolaH1t
commented
1 month ago Interoperability update: if your QG approval was not obtained by now via the communicated channels, please perform a self-assessment and document your results here. reference approval(s) of previous Release(s) - if applicable - and point out significant modifications relevant for InterOp - if any. (note: capacity of approving experts is very limited at this advanced point of time)
agg3fe
commented
1 month ago Interoperability update: if your QG approval was not obtained by now via the communicated channels, please perform a self-assessment and document your results here. reference approval(s) of previous Release(s) - if applicable - and point out significant modifications relevant for InterOp - if any. (note: capacity of approving experts is very limited at this advanced point of time)
@RolaH1t There are no changes from the interoperability perspective in this release. Here's the link to previous approval https://github.com/eclipse-tractusx/sig-release/issues/503#issuecomment-1954698730
RolaH1t
commented
1 month ago very good @agg3fe / please check the relevant box on top
RolaH1t
commented
1 month ago ??? where can the evidence for successful TRG checks be found ? add link please!
agg3fe
commented
1 month ago ??? where can the evidence for successful TRG checks be found ? add link please!
A self review was done by me and Tuna.
RolaH1t
commented
1 month ago Congrats: Quality Gate fully approved with all necessary pre-requisites fulfilled! Thanks for all your efforts, Roland
stephanbcbauer
commented
3 weeks ago Hello @agg3fe
Since the feature is a 24.05 feature and the development phase for 24.08 is coming to an end, we need a status on the feature. Can you please update the status?
If you need any clarification, please get in touch, thank you very much.
Stephan
agg3fe
commented
5 days ago As the task is complete and approval is granted, closing the issue. please reopen or let us know incase something.
Release Info
Please provide information on what you want to be included in the Eclipse Tractus-X release. If you are not owner of this issue, please provide the information as comment to the issue. Make sure to assign this issue to expert(s) for their approval, as soon as you have finished preparation. Multiple assignees allowed; they will un-assign themselves once review completed.
Version to be included in Eclipse Tractus-X release: helm: bpndiscovery-0.2.6 Image version: 0.3.1
Leading product repository: repository link
Compliance Verifications
This issue tracks all checks, that need to be performed for a product release in Eclipse Tractus-X.
General Checks
Security Checks
Test Results
Helpful Links