...
Practice Area | Checkpoint | Yes/No | Evidences | How to? | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Security | Has the Release Security/Vulnerability table been updated in the protected Security Vulnerabilities wiki space? | Table in in the protected Security Vulnerabilities wiki space corresponds to the latest NexusIQ scan | PTL reviews the NexusIQ scans for their project repos and fills out the vulnerability review table | ||||||||||||
Has the project committed to enabling transport level encryption on all interfaces and the option to turn it off? | Yes* |
| Requirements and test cases for transport layer encryption have been created for all interfaces not currently supporting encryption. | ||||||||||||
Has the project documented all open port information? | Update OOM NodePort List | ||||||||||||||
Has the project provided the communication policy to OOM and Integration? | Recommended Protocols | ||||||||||||||
Do you have a plan to address by M4 the Critical and High vulnerabilities in the third party libraries used within your project? |
| ||||||||||||||
Architecture | Has the Project team reviewed the APIs with the Architecture Committee (ARC)? | Yes |
| Architecture walk through to understand how each project contributes on Release Use Case. ARC to organize the walk through. | |||||||||||
Is there a plan to address the findings the API review? | Link to plan | The plan could be as simple as a Jira issue to track the implementation of findings or a documented plan within the wiki. | |||||||||||||
Does the team clearly understand that no changes in the API definition is allowed without formal TSC review and approval? | Yes | In the case some changes are necessary, bring the request to the TSC for review and approval. | |||||||||||||
Is there any changes in the scope, functionalities, deliverable, dependency, resources, API, repositories since M1 milestone? | If Yes, please a link to the evidence of these changes. | Critical point to understand is that change is inevitable, and that right timing and clear communication to the community will ease the process of accepting changes. | |||||||||||||
Provide link to the API Documentation. | Yes | CMSO: CMSO API v1_v2, New CMSO APIs in Dublin HAS: OOF-HAS Homing Specification Guide, Traffic Distribution | |||||||||||||
Release Management | Are committed Sprint Backlog Stories been marked as "Closed" in Jira board?Provide Link to Project backlog | Yes. |
| ||||||||||||
Are all tasks associated with Sprint Backlog Stories been marked as "Closed" in Jira? | Yes |
| |||||||||||||
Have all findings from previous milestones been addressed?Provide link to JIRA findings | Yes | OSDF code coverage has been bumped up to 65% HAS code coverage has been bumped up to 51%, will meet target 55% by M4. | |||||||||||||
Development | Is there any pending commit request older than 36 Business hours in Gerrit? | No | Gerrit Query: status:open label:verified -is:draft -label:Code-Review=-1 AND -label:Code-Review=-2 AND is:mergeable age:1week | ||||||||||||
Has the project team reach the Automated Unit Test Code Coverage expectation? (Refer to artifacts available in Sonar)Goal: 55% for Incubation project in the current release | No | OSDF: 65% HAS: 51% CMSO: Team is currently working towards this. | Guidance on Code Coverage and Static Code Analysis Tools: Sonar | ||||||||||||
Are all the Jenkins jobs successfully passed ( Merge-Jobs)? Provide link to evidence | https://jenkins.onap.org/view/optf/job/optf-has-master-conductor-merge-java/ https://jenkins.onap.org/view/optf/job/optf-osdf-master-osdf-merge-java/ https://jenkins.onap.org/view/optf/job/optf-cmso-master-merge-properties-java/ | ||||||||||||||
Are all binaries available in Nexus?Provide link to evidence | Yes | https://nexus.onap.org/content/groups/staging/org/onap/optf/ | |||||||||||||
Integration and Testing | Have 50% of System Integration Testing Use Cases been implemented successfully in Jenkins? It should include at least 1 CSIT that will be run on Lab-xxx-OOM-Daily Jenkins Job Provide link to evidence | Yes | CSIT for the has been completed for CMSO, OSDF, HAS https://jenkins.onap.org/view/CSIT/ | ||||||||||||
Has the project code successfully passed the Daily Build process? | Yes | Goal is to ensure the latest project commit has not broken the Integration Daily Build | |||||||||||||
Has the project passed the Integration Sanity Tests? | Integration sanity tests in Dublin Release cover:
No test failure reported on http://onapci.org/grafana/d/8cGRqBOmz/daily-summary?orgId=1 No Integration Blocking Issue with no workaround: Dublin Release Integration Test Blocking Issues |
...