...
Practice Area | Checkpoint | Yes/No | Evidences | How to? | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Security | Has the Release Security/Vulnerability table been updated in the protected Security Vulnerabilities wiki space? | Yes | Table in in the protected Security Vulnerabilities wiki space: /wiki/spaces/SV/pages/16089316 | PTL reviews the NexusIQ scans for their project repos and fills out the vulnerability review table | |||||||||||||||
Has the project committed to enabling transport level encryption on all interfaces and the option to turn it off? | Yes | NBI registers APIs into MSB which provides HTTPS for external access. Internal HTTPS has not been prioritized on DUBLIN Note: Check and update MSB registration
Test ( need MSB and a deployed instance, tests will be provided as postman collection )
| |||||||||||||||||
Has the project documented all open port information? | Yes | 31130 => 8080 | Update OOM NodePort List | ||||||||||||||||
Has the project provided the communication policy to OOM and Integration? | TODO | Recommended Protocols | |||||||||||||||||
Do you have a plan to address by M4 the Critical and High vulnerabilities in the third party libraries used within your project? | Yes | Already done the most part: From 11 to 3 security threats from Casablanca to Dublin master branch. |
| ||||||||||||||||
Architecture | Has the Project team reviewed the APIs with the Architecture Committee (ARC)? | Yes | Architecture walk through to understand how each project contributes on Release Use Case. ARC to organize the walk through. | ||||||||||||||||
Is there a plan to address the findings the API review?TODO | Yes |
| The plan could be as simple as a Jira issue to track the implementation of findings or a documented plan within the wiki. | ||||||||||||||||
Does the team clearly understand that no changes in the API definition is allowed without formal TSC review and approval? | Yes | In the case some changes are necessary, bring the request to the TSC for review and approval. | |||||||||||||||||
Is there any changes in the scope, functionalities, deliverable, dependency, resources, API, repositories since M1 milestone? | No | Critical point to understand is that change is inevitable, and that right timing and clear communication to the community will ease the process of accepting changes. | |||||||||||||||||
Provide link to the API Documentation. | Yes | https://onap.readthedocs.io/en/latest/submodules/externalapi/nbi.git/docs/offeredapis/offeredapis.html | |||||||||||||||||
Release Management | Are committed Sprint Backlog Stories been marked as "Closed" in Jira board? | NA | Backlog not used, only issue tracking https://jira.onap.org/secure/RapidBoard.jspa?projectKey=EXTAPI&rapidView=43&view=planning | ||||||||||||||||
Are all tasks associated with Sprint Backlog Stories been marked as "Closed" in Jira? | NA | Backlog not used, only issue tracking | |||||||||||||||||
Have all findings from previous milestones been addressed?Provide link to JIRA findings | NA | No issues | |||||||||||||||||
Development | Is there any pending commit request older than 36 Business hours in Gerrit? | No | https://gerrit.onap.org/r/#/q/project:externalapi/nbi+status:open+label:verified+-is:draft+-label:Code-Review%253D-1+AND+-label:Code-Review%253D-2++AND+is:mergeable+age:1week | Gerrit Query: status:open label:verified -is:draft -label:Code-Review=-1 AND -label:Code-Review=-2 AND is:mergeable age:1week | |||||||||||||||
Has the project team reach the Automated Unit Test Code Coverage expectation? (Refer to artifacts available in Sonar) | Yes | Yes Coverage 77.00% https://sonar.onap.org/dashboard?id=org.onap.externalapi-nbi%3Anbi-rest-services | Guidance on Code Coverage and Static Code Analysis Tools: Sonar | ||||||||||||||||
Are all the Jenkins jobs successfully passed ( Merge-Jobs)? | Yes | Java https://jenkins.onap.org/job/externalapi-nbi-master-merge-java/ | |||||||||||||||||
Are all binaries available in Nexus?Provide link to evidence | Yes | Java https://nexus.onap.org/#nexus-search;quick~nbi docker | |||||||||||||||||
Integration and Testing | Have 50% of System Integration Testing Use Cases been implemented successfully in Jenkins? It should include at least 1 CSIT that will be run on Lab-xxx-OOM-Daily Jenkins Job Provide link to evidence | No | Not implemented in OOM Only one test currently, running outside oom context https://jenkins.onap.org/view/CSIT/job/externalapi-nbi-master-csit-healthcheck/ | ||||||||||||||||
Has the project code successfully passed the Daily Build process? | Yes | Both java an docker daily build | Goal is to ensure the latest project commit has not broken the Integration Daily Build | ||||||||||||||||
Has the project passed the Integration Sanity Tests? | No | Not implemented in NBI | Integration sanity tests in Dublin Release cover:
No test failure reported on http://onapci.org/grafana/d/8cGRqBOmz/daily-summary?orgId=1 No Integration Blocking Issue with no workaround: Dublin Release Integration Test Blocking Issues | ||||||||||||||||
Modeling | Has the Project team provided links to Data Models (e.g, JSON, YANG, Swagger, etc.) for all Shared Information (e.g., APIs, API Payload, Shared Design Model)? | Yes | Each API resources is documented with swagger, as json or yaml, and each data model is also described as plantuml and xml schemas Here the master readthedoc sources ( not yet build and available online ) https://git.onap.org/externalapi/nbi/tree/docs/offeredapis/api_serviceOrder https://git.onap.org/externalapi/nbi/tree/docs/offeredapis/api_hub https://git.onap.org/externalapi/nbi/tree/docs/offeredapis/api_serviceInventory https://git.onap.org/externalapi/nbi/tree/docs/offeredapis/api_status | It is a non-blocking item for M3 - The Modeling team is gathering information |
...