Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

R24.03 BPDM Golden Record / BPN Service - Release Checks #496

Closed
19 of 20 tasks
kelaja opened this issue Jan 30, 2024 · 28 comments
Closed
19 of 20 tasks

R24.03 BPDM Golden Record / BPN Service - Release Checks #496

kelaja opened this issue Jan 30, 2024 · 28 comments
Assignees
@BANANAS1337 @kelaja @nicoprow @RoKrish14 @rybtim @HeyHardy @FaGru3n @szymonkowalczykzf
Labels
compliance RM compliance documentation RM documentation
Milestone
24.03

Comments

@kelaja
Copy link
Contributor

kelaja commented Jan 30, 2024
edited by Siegfriedk
Loading

Release Info

Please provide information on what you want to be included in the Eclipse Tractus-X release.
If you are not owner of this issue, please provide the information as comment to the issue.

Version to be included in Eclipse Tractus-X release: version placeholder

Leading product repository: repository link

Compliance Verifications

This issue tracks all compliance related checks, that need to be performed for a product release in Eclipse Tractus-X.

  • Gaia-X compliance confirmed
  • GDPR compliance confirmed (personal data, data protection + privacy DPP)
  • Interoperability checks performed
  • Data Sovereignty checks performed
  • Compliant with relevant published CX Standards (see the Catena-X standard library)

Documentation

  • Arc24 documentation up-to-date
  • Administrators Guide up-to-date
  • End-User manual up-to-date
  • Interface documentation up-to-date

Security Checks

  • Thread Modelling Analysis passed
  • Static Application Security Testing (SAST) scans passed
  • Dynamic Application Security Testing (DAST) tests passed
  • Secret Scans passed
  • Software Composition Analysis (SCA) passed
  • Container Scans passed
  • Infrastructure as Code (IaC) scans passed

General Checks

Test Results

  • E2E Integration Test passed
  • User Journey approved

Helpful Links
@kelaja kelaja added documentation RM documentation compliance RM compliance labels Jan 30, 2024
@kelaja kelaja added this to the 24.03 milestone Jan 30, 2024
@nicoprow
Copy link

nicoprow commented Feb 8, 2024

No Secrets in Github Scans:
grafik

No Github Code scanning alerts:
grafik

No Dependabot Alerts:
grafik

@nicoprow
Copy link

nicoprow commented Feb 8, 2024

Veracode passed:
grafik

grafik

One medium composition vulnerability:
veracode compositions

2 Triage Flaws, both mitigation proposed, one approved. (But flaws seem to be duplicates anyway):
Bildschirmfoto 2024-02-08 um 10 50 12

@nicoprow
Copy link

nicoprow commented Feb 8, 2024

Threat Modeling passed and assessment currently in the process of being merged:
eclipse-tractusx/bpdm#737
eclipse-tractusx/bpdm#740

@nicoprow
Copy link

nicoprow commented Feb 8, 2024

Interface documentation up to date for current release version:
https://github.com/eclipse-tractusx/bpdm/tree/release/5.0.x/docs/api

This was referenced Feb 8, 2024
Merged
Merged
@RoKrish14
Copy link

RoKrish14 commented Feb 9, 2024
edited
Loading

SAST: Approved
SCA: Approved
Trivy: Approved
KICKS: Approved

@nicoprow
Copy link

DAST no high or above issues:

Gate: https://www.netsparkercloud.com/websites/dashboard/9372f73eb7d24ca41db1b059018933cc/?scanGroupId=6b67c661-b788-44db-2f1f-b0c701e8f2f9
Pool: https://www.netsparkercloud.com/websites/dashboard/9372f73eb7d24ca41db1b059018933cc/?scanGroupId=48809087-5bb1-4773-3453-b0c2024239f4

@RoKrish14
Copy link

Secret Scanning: Approved
DAST: Approved

@rybtim
Copy link

rybtim commented Feb 12, 2024

No significant changes to last time related Gaia-X Compliance and GDPR @kelaja

@rybtim
Copy link

rybtim commented Feb 12, 2024

We herby confirm that we considered (as good as possible) all relevant CX-Standards as well as that we reviewed the content of upcoming STAN Request as good as possible @kelaja

@rybtim
Copy link

rybtim commented Feb 12, 2024

E2E Test passed
https://jira.catena-x.net/browse/TEST-1739
Overall Status
https://confluence.catena-x.net/x/sgA1Bw

@alexKeppler
Copy link

@kelaja User Journey approved

@ThomasObermeyer
Copy link

No major architecture changes in the current release - interoperability check approved.

@kelaja

@szymonkowalczykzf
Copy link

Security Assessment Process (Threat Modeling Analysis) approved.

Re-assessment was done on Wednesday 25th Jan 2024. No open critical & high findings remains.
Documentation of the assessment will be available under BPDM/docs/Security_Assessment.md

@FaGru3n FaGru3n self-assigned this Feb 19, 2024
@FaGru3n
Copy link
Contributor

FaGru3n commented Feb 19, 2024
edited
Loading

Hi all,

think there are some infos not shared within this issue would suggest:

Version to be included in Eclipse Tractus-X release: version placeholder

Leading product repository: repository link

Leading repo: https://github.com/eclipse-tractusx/bpdm

Version: 5.0.0 Am i correct?

Created TRG Guideline Check Issue for bpdm repo: eclipse-tractusx/bpdm#757

Thanks in advance.

@vialkoje
Copy link

could you please add the links to the documentation documents to check ?

Arc24 documentation
Administrators Guide
End-User manual
Interface documentation -> I found that one already

@nicoprow
Copy link

Hi all,

think there are some infos not shared within this issue would suggest:

Version to be included in Eclipse Tractus-X release: version placeholder
Leading product repository: repository link

Leading repo: https://github.com/eclipse-tractusx/bpdm

Version: 5.0.0 Am i correct?

Created TRG Guideline Check Issue for bpdm repo: eclipse-tractusx/bpdm#757

Thanks in advance.

Yes that is correct. Chart version is 4.0.0

@nicoprow
Copy link

could you please add the links to the documentation documents to check ?

Arc24 documentation Administrators Guide End-User manual Interface documentation -> I found that one already

Arc24: https://github.com/eclipse-tractusx/bpdm/tree/release/5.0.x/docs/arc42
Admin Guide: https://github.com/eclipse-tractusx/bpdm/blob/release/5.0.x/docs/OPERATOR_VIEW.md
End-User Manual: We don't have an UI, so no End-User. There is a guide for integrating services however: https://github.com/eclipse-tractusx/bpdm/blob/release/5.0.x/docs/ADOPTION_VIEW.md
Interface Documentation: https://github.com/eclipse-tractusx/bpdm/tree/release/5.0.x/docs/api

@rybtim
Copy link

rybtim commented Feb 20, 2024

Hi security team,
can you please check our scans.
@BANANAS1337 @RoKrish14 @PiotrStys @DnlZF
Thanks

@DnlZF
Copy link

DnlZF commented Feb 20, 2024

Secret Scans: Approved

@RoKrish14
Copy link

Hi security team, can you please check our scans. @BANANAS1337 @RoKrish14 @PiotrStys @DnlZF Thanks

Hi @rybtim
What has changed since last security checks?

  1. R24.03 BPDM Golden Record / BPN Service - Release Checks #496 (comment)
  2. R24.03 BPDM Golden Record / BPN Service - Release Checks #496 (comment)

@rybtim
Copy link

rybtim commented Feb 20, 2024

Hi security team, can you please check our scans. @BANANAS1337 @RoKrish14 @PiotrStys @DnlZF Thanks

Hi @rybtim What has changed since last security checks?

  1. R24.03 BPDM Golden Record / BPN Service - Release Checks #496 (comment)
  2. R24.03 BPDM Golden Record / BPN Service - Release Checks #496 (comment)

@RoKrish14 Sorry my fault, I have overlooked your release :) Thanks

@DirkBTSI
Copy link

INT test performed/documented.
E2E test performed/documented.
No high defect.
TM approved
@kelaja  : please approve for "E2E Integration Test passed"

@rybtim
Copy link

rybtim commented Feb 21, 2024

STYLE Guide: No changes to last release. No UI for Golden Record Service

@RolaH1t
Copy link
Contributor

RolaH1t commented Feb 21, 2024

QG review as per plan 21-Feb:
pending topics are DataSov & Documentation, as well as TRGs
Approval postponed until topics addressed; no follow-up mtg required.

@vialkoje
Copy link

Documentation Existing and looking consistent. Sovereignty requirements fulfilled as tehre are no specific requirements for 24.03. Expert Approval granted

@vialkoje vialkoje removed their assignment Feb 23, 2024
@RolaH1t RolaH1t mentioned this issue Mar 5, 2024
Closed
33 tasks
@RolaH1t
Copy link
Contributor

RolaH1t commented Mar 5, 2024

all pre-conditions fulfilled and QG approval granted!
Congrats!

@RolaH1t
Copy link
Contributor

RolaH1t commented Mar 6, 2024

Critical Update:
QG approval withdrawn until clarification of Postgresql DB issue => @HeyHardy @nicoprow @Siegfriedk
reference: violation of TRG 5.07

@RolaH1t
Copy link
Contributor

RolaH1t commented Mar 8, 2024

final conclusion: TRG 5.07 still violated (postgresql DB version 14.x) but successfully tested.
this is covered in overall release note 24.03
QG closed with these conditions.

@kelaja kelaja moved this from Inbox to Done in Release Planning Mar 13, 2024
@kelaja kelaja closed this as completed Mar 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@BANANAS1337 BANANAS1337

@kelaja kelaja

@nicoprow nicoprow

@RoKrish14 RoKrish14

@rybtim rybtim

@HeyHardy HeyHardy

@FaGru3n FaGru3n

@szymonkowalczykzf szymonkowalczykzf

Labels
compliance RM compliance documentation RM documentation
Projects
Release Planning
Status: Done
Milestone
24.03
Development

No branches or pull requests