Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Practice AreaCheckpointYes/NoEvidencesHow to?
Architecture


Has the Project team reviewed the APIs with the Architecture Committee (ARC)?YesIn the February 20 arc meeting presented the MUSIC slide and updated the version as required.

Architecture walkthrough to understand how each project contributes on Release Use Case. ARC to organize the walkthrough.

Is there a plan to address the findings the API review?NANo specific changes suggested during the review.The plan could be as simple as a Jira issue to track the implementation of findings or a documented plan within the wiki.
Does the team clearly understand that no changes in the API definition is allowed without formal TSC review and approval?YesNAIn the case some changes are necessary, bring the request to the TSC for review and approval.

Is there any changes in the scope, functionalities, deliverable, dependency, resources, API, repositories since M1 milestone?

NoIf Yes, please a link to the evidence of these changes.Critical point to understand is that change is inevitable, and that right timing and clear communication to the community will ease the process of accepting changes.
Provide link to the API Documentation.Yeshttps://gerrit.onap.org/r/#/c/31127/2/swagger.json
Release ManagementAre committed Sprint Backlog Stories been marked as "Done" in Jira board?Yeshttps://jira.onap.org/secure/RapidBoard.jspa?rapidView=113&view=planning&selectedIssue=MUSIC-45
Are all tasks associated with Sprint Backlog Stories been marked as "Done" in Jira?Yeshttps://jira.onap.org/secure/RapidBoard.jspa?rapidView=113&view=planning&selectedIssue=MUSIC-45
Have all findings from previous milestones been addressed?Yeshttps://jira.onap.org/secure/RapidBoard.jspa?rapidView=113&view=planning&selectedIssue=MUSIC-45
DevelopmentHas the project team reach the Automated Unit Test Code Coverage expectation? (Refer to artifacts available in Sonar)Yes

https://sonar.onap.org/dashboard?id=org.onap.music%3AMUSIChttps://sonar.onap.org/dashboard?id=org.onap.music%3AMUSIC

Guidance on Code Coverage and Static Code Analysis

Tools: Sonar

Is there any pending commit request older than 36 Business hours in Gerrit?No

Do you have a plan to address by M4 the Critical  vulnerabilities in the third party libraries used within your project?

Yes

Our issues are mostly linked to certain java versions of jackson that is used to provide the REST API. We are working on resolving themWe have just two critical issues:

https://nexus-iq.wl.linuxfoundation.org/assets/index.html#/reports/music/cecf4c77af8646d882e29cd6968eecba

We have documented the issues here;:

Security/Vulnerability Threat Template

Ensure by M4 the Nexus-IQ report from “Jenkins CLM” shows 0 critical security vulnerability. Open the Nexus-IQ report for the details on each repo.
Are all the Jenkins jobs successfully passed ( Merge-Jobs)?Yeshttps://jenkins.onap.org/view/Merge-Jobs/job/music-master-merge-java/
Are all binaries available in Nexus?Yeshttps://nexus.onap.org/#nexus-search;quick~music
Integration and Testing

Have 50 % of System Integration Testing Use Cases been implemented successfully in Jenkins?

NoThis is still work in progress.
Has the project code successfully passed the Daily Build process?YesThe Integration Daily Build would suggest that MUSIC is not breaking any daily builds.
Goal is to ensure the latest project commit has not broken the Integration Daily Build