From 7ed40294969e72ca14cdeca9796a902755c03029 Mon Sep 17 00:00:00 2001 From: Evelyn Gurschler Date: Tue, 14 May 2024 13:04:00 +0200 Subject: [PATCH 1/3] chore(npgsql): upgrade package https://github.com/eclipse-tractusx/portal-backend/issues/731 --- DEPENDENCIES | 4 ++-- src/database/PolicyHub.Entities/PolicyHub.Entities.csproj | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/DEPENDENCIES b/DEPENDENCIES index f2aec2a..6956b20 100644 --- a/DEPENDENCIES +++ b/DEPENDENCIES @@ -16,8 +16,8 @@ nuget/nuget/-/Humanizer.Core/2.14.1, MIT, approved, #10060 nuget/nuget/-/Mono.TextTemplating/2.2.1, MIT, approved, clearlydefined nuget/nuget/-/Newtonsoft.Json/13.0.1, MIT AND BSD-3-Clause, approved, #3266 nuget/nuget/-/Newtonsoft.Json/13.0.3, MIT AND BSD-3-Clause, approved, #3266 -nuget/nuget/-/Npgsql.EntityFrameworkCore.PostgreSQL/8.0.2, PostgreSQL AND MIT, approved, #13972 -nuget/nuget/-/Npgsql/8.0.2, PostgreSQL, approved, #13963 +nuget/nuget/-/Npgsql.EntityFrameworkCore.PostgreSQL/8.0.4, PostgreSQL AND MIT, approved, #13972 +nuget/nuget/-/Npgsql/8.0.3, PostgreSQL, approved, #13963 nuget/nuget/-/SSH.NET/2023.0.0, MIT AND (MIT AND MS-PL) AND ISC, approved, #13965 nuget/nuget/-/Serilog.AspNetCore/8.0.1, Apache-2.0 AND MIT, approved, #13967 nuget/nuget/-/Serilog.Enrichers.CorrelationId/3.0.1, MIT, approved, clearlydefined diff --git a/src/database/PolicyHub.Entities/PolicyHub.Entities.csproj b/src/database/PolicyHub.Entities/PolicyHub.Entities.csproj index 014ebdd..4f06ae9 100644 --- a/src/database/PolicyHub.Entities/PolicyHub.Entities.csproj +++ b/src/database/PolicyHub.Entities/PolicyHub.Entities.csproj @@ -31,7 +31,7 @@ runtime; build; native; contentfiles; analyzers; buildtransitive all - + From c13cfcc7b314da6af181b14059792242aaf495c4 Mon Sep 17 00:00:00 2001 From: Evelyn Gurschler Date: Tue, 14 May 2024 15:35:46 +0200 Subject: [PATCH 2/3] chore(dependabot): add groups for version updates (#132) --- .github/dependabot.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index de89d4c..6f38f3a 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -33,6 +33,11 @@ updates: ignore: - dependency-name: "*" update-types: ["version-update:semver-major"] + groups: + production-dependencies: + dependency-type: "production" + development-dependencies: + dependency-type: "development" # Github Actions - @@ -44,6 +49,11 @@ updates: - "github-actions" schedule: interval: "weekly" + groups: + production-dependencies: + dependency-type: "production" + development-dependencies: + dependency-type: "development" # Docker - @@ -58,3 +68,8 @@ updates: ignore: - dependency-name: "*" update-types: ["version-update:semver-major"] + groups: + production-dependencies: + dependency-type: "production" + development-dependencies: + dependency-type: "development" From d4a857cb91087744ce4dedab694e2d4c8a4b0b89 Mon Sep 17 00:00:00 2001 From: Evelyn Gurschler Date: Tue, 14 May 2024 16:38:10 +0200 Subject: [PATCH 3/3] docs: move and update security assessment --- .../{ => architecture}/Security_Assessment.md | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) rename docs/technical-documentation/{ => architecture}/Security_Assessment.md (72%) diff --git a/docs/technical-documentation/Security_Assessment.md b/docs/technical-documentation/architecture/Security_Assessment.md similarity index 72% rename from docs/technical-documentation/Security_Assessment.md rename to docs/technical-documentation/architecture/Security_Assessment.md index e686657..3eb47ad 100644 --- a/docs/technical-documentation/Security_Assessment.md +++ b/docs/technical-documentation/architecture/Security_Assessment.md @@ -10,20 +10,19 @@ ## Product Description -Policy-Hub project is an readonly REST API project, without implementation of an UI. (Pure Backend Component) +The Policy-Hub product is an readonly REST API project, without implementation of an UI. (Pure Backend Component) -Main purpose of the product is to provide interested and authenticated C-X Users with read access to policy data, use cases, credential types, policy rules, that are created during an application seeding. +The main purpose of the product is to provide interested and authenticated CX Users with read access to policy data, use cases, credential types, policy rules, which are created during an application seeding. -The Policy-Hub comprise the technical foundation for interaction, monitoring, auditing and further functionalities. -They are state of the art in terms of technology portfolio, consist of open-source components whenever possible and are open-sourced themselves 100%. +The Policy-Hub comprises the technical foundation for interaction, monitoring, auditing and further functionalities. -Policy-Hub can be run anywhere: it can be deployed as a docker image, e. g. on Kubernetes (platform-independent, cloud, on prem or local). +The product can be run anywhere: it can be deployed as a docker image, e. g. on Kubernetes (platform-independent, cloud, on prem or local). The policy hub is using following key frameworks: - .Net - Entity Framework -[architecture & development concept](https://github.com/eclipse-tractusx/policy-hub/blob/main/docs/technical-documentation/architecture/Development%20Concept.md) +[Development Concept](./Development%20Concept.md) ## Data Flow Diagram @@ -43,12 +42,12 @@ flowchart LR CU end - subgraph Policy-Hub Product + subgraph Policy-Hub Product PH PHD end - K-->|"Authentication & Authorization Data \n (Using JWT)"|PH + K-->|"Authentication & Authorization Data \n (Using JWT)"|PH CU-->|"Consumption of central, read-only REST API \n [HTTPS]"|PH PH-->|"Read policies, use cases, \n credential types, policy rules"|PHD CU-->|"IAM with OIDC \n [HTTPS]"|K