PTL reviews the NexusIQ scans for their project repos and fills out the vulnerability review table
Practice Area | Checkpoint | Yes/No | Evidence - Comment | How to? | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Security | Has the Release Security/Vulnerability table been filled out in the protected Security Vulnerabilities wiki space? | N/A | Table in the protected Security Vulnerabilities wiki space corresponds to the latest NexusIQ scan | PTL reviews the NexusIQ scans for their project repos and fills out the vulnerability review table|||||||||||
Have known vulnerabilities (critical and severe) to address/remove in the release been identified with JIRA ticket? | N/A | JIRA tickets exist for vulnerabilities or the project indicates that there will be no vulnerability library replacement. | Create JIRA tickets | |||||||||||
Has the project committed to the release CII badging level? | N/A | Project plans that include | See https://www.coreinfrastructure.org/programs/badge-program/ | |||||||||||
Has the project created their project CII questionnaire and completed the ONAP level CII requirements | N/A | See CII Badging Program | ||||||||||||
If the project uses java, has the project integrated with the oparent.pom? | N/AOparent.pom included in the project | |||||||||||||
Product Management | Are Product Backlog Epics entered in Jira? | Yes |
| |||||||||||
Are Product Backlog Stories entered in Jira? | Yes |
| ||||||||||||
Are Product Backlog Stories linked to Product Backlog Epics? | N/A | Work in a Sprint | ||||||||||||
Are Product Backlog Stories prioritized? | Yes | Dublin Release planning | ||||||||||||
Is the project team ready to estimate the top Stories (for coming Sprint) in Product backlog? | N/A | Estimate a Backlog item | ||||||||||||
Is the project team ready to create a 2 weeks Sprint in Jira? | N/A | Create a Sprint | ||||||||||||
Are Team Members willing to create Tasks and associate them with Stories in Jira? | Yes | Create a Backlog item | ||||||||||||
Has the project team plan to contribute to Platform Maturity Improvement? | N/A | Provide a link to project Planning, Platform Maturity table. | ||||||||||||
Release Management | Is there a Release Planning Template available and completed in wiki? | Yes | M1 Documentation Dublin Release Planning Template | |||||||||||
Has the Platform Maturity Table been updated with current status and Release goal? | For each Release, there is a Platform Maturity table created for PTLs to record their goals and achievements at M4 (Example: Casablanca Release Platform Maturity). | |||||||||||||
Have all the "Release Components Name" been defined in Resources and Repositories for your project? (this includes all Sub-Components Names, Sub-Components Repositories Names, Maven Group ID, Sub-Components Description) | N/A | Resources and Repositories | ||||||||||||
Have all the "Resources committed to the Release" been defined in Resources and Repositories for your project? This includes First and Last names, LFID, Email Address and Location for PTL, Project Manager, Committers and Contributors. | Yes | Resources and Repositories | Mail has been sent out to all committer and contributors asking for availability and plans for the Dublin release. No answers yet. Follow up is needed | |||||||||||
Have new developers made themself familiar on the Onboarding Process? | Yes | Onboarding | ||||||||||||
Is the project team aware of the Release milestone? Any misses will required TSC exception. | Yes | |||||||||||||
Integration and Testing | Has the Integration Team defined the vendor equipment list? | N/A | Link to evidence | |||||||||||
Has the Integration Team defined the End 2 End Release Test Case? | N/A | Link to evidence | ||||||||||||
Development | Is the Project Team committed to develop Unit Test? | N/A | ||||||||||||
Has the Project Team put in place an Automated Unit Test infrastructure? | N/A | |||||||||||||
Is the Project Team committed to create Continuous System Integration Testing (CSIT) test case? | N/A | |||||||||||||
Is the Project Team committed to perform Scrum ceremonies? | N/A | Scrum Overview | ||||||||||||
Are the Project Team members aware of Continuous Integration Principles (don't break the build, Fix the build,...)? | Yes | Continuous Integration | ||||||||||||
Has the Project Team a clear understanding on the Code Coverage expectations? | Yes | |||||||||||||
Does the Project Team understand the Free and Open Source Software (FOSS) process? | Yes | Free and Open Source Software | ||||||||||||
Is the Project Team willing to fill out accordingly the FOSS table? | N/A? | Fill out sub-pages for each project under Free and Open Source Software | ||||||||||||
Is the Project Team willing to comply to the Commit Process? | Yes | Commit Messages | ||||||||||||
Does the Project Team understand the purpose of Code Review? | Yes | Code Review | ||||||||||||
Is the Project Team aware of the Coding Guidelines? | Yes | Development Practices (Jave Coding Style) |
...