This centralized page, for all Honolulu projects, is aimed at identifying the risks as they are foreseen within the release life cycle.
A Risk that materialized becomes an Issue.
Status:
- Identified: a risk that has been identified, but has not yet been analyzed / assessed yet
- Assessed: an identified risk which currently has no risk response plan
- Planned: an identified risk with a risk response plan
- In-Process: a risk where the risk response is being executed
- Closed: a risk that occurred and is transferred to an issue or the risk was solved/avoided
- Not occurred: a risk that was identified but that did not occur
- Rejected: created and kept for tracking purposes but considered not to be used yet
Risk ID | Project Team or person identifying the risk | Identification Date | Risk (Description and potential impact) | Team or component impacted by the risk | Mitigation Plan (Action to prevent the risk to materialize) | Contingency Plan - Response Plan (Action in case of the risk materialized) | Probability of occurrence (probability of the risk materialized) High/Medium/Low | Impact High/Medium/Low | Status | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | OOF |
| Meeting the following requirement for CMSO - Upgrade vulnerable packages | OOF - CMSO | Will be taken up along with the feature implementation if it is required by the use cases | Project team will try to take up activity if no new feature is planned | Low | Low | Identified | ||||||||
2 | UUI |
| usecase UI dockers contain GPLv3
| UUI | Will take active action to contact Jira owner and find out witch package contains GPLv3 | Make the current dependencies work well and keep this problem to next release | High | Low | Identified | ||||||||
3 | Policy |
| Some package upgrades (e.g., CDS) may require significant rework
| Policy | Will continue to work on upgrades | Obtain a waiver for the problem packages | Medium | Medium | Identified | ||||||||
4 | SDC |
| Some package upgrades may require significant rework
| SDC | Will continue to work on upgrades | Obtain a waiver for the problem packages | Medium | Medium | Identified | ||||||||
5 | AAI |
| AAI | Nothing we can really do given the current constraints unless JanusGraph updates to working with Java 11 | Obtain a waiver for the mS with the core tech of Janusgraph | High | Low | Identified | |||||||||
6 | DCAE |
| DCAE | Migrate/replace MOD NiFI components with custom containers for future release | Request waiver (discused with SECCOM and they are okay with filing exception for NiFI components) | High | Low | Closed; exception submitted for NiFi related components | |||||||||
7 | DCAE | REQ-437 - COMPLETION OF PYTHON LANGUAGE UPDATE (v2.7 → v3.8 With Cloudify 3.x support releated by Cloudify under 5.1.1, DCAE CM pod upgrade is targetted for H release. This will be major upgrade requiring extensive regression. Marking this risk due to resource/time constraint. | DCAE | Based on severity of issue - we'll assess if new containers can be released for H release or if need to be withheld. | If switching to Guilin version (old CM 4.6 version) - will need waiver for Cloudify container and plugins | Medium | High | Not Occurred | |||||||||
8 | CPS |
| Upgrade vulnerable packages, which all are Transient dependencies | CPS | Working with SecCom to resolve high level vulnerabilities | Obtain a waiver for the problem packages | Medium | Low | Identified | ||||||||
9 | DMaaP Message Router |
| DMaaP | Source some more resources for the project to address this issue. | Obtain a waiver for the problem packages | High | Low | Identified | |||||||||
10 | AAI |
| Upgrade vulnerable packages, which all are Transient dependencies | AAI | Source some more resources for the project to address this issue. | Obtain a waiver for the problem packages | Medium | Low | Identified | ||||||||
11 | VID |
| Upgrade vulnerable packages, which all are Transient dependencies | VID | Source some more resources for the project to address this issue. | Obtain a waiver for the problem packages | Medium | Low | Identified | ||||||||
12 | MultiCloud |
| REQ-437 - COMPLETION OF PYTHON LANGUAGE UPDATE (v2.7 → v3.8) MultiCloud have updated to v3.7, which is the highest version that onappylog can support | MultiCloud | Remove the dependency of onappylog | Obtain a waiver for the impacted components | Medium | Low | Identified | ||||||||
13 | Modeling |
| REQ-437 - COMPLETION OF PYTHON LANGUAGE UPDATE (v2.7 → v3.8) Modeling/etsicatlog can support V3.7, which is the highest version that onappylog can support | Modeling | Remove the dependency of onappylog | Obtain a waiver for the impacted components | Medium | Low | resolved | ||||||||
14 | VFC |
| REQ-437 - COMPLETION OF PYTHON LANGUAGE UPDATE (v2.7 → v3.8) VFC can support V3.7, which is the highest version that onappylog can support | VFC | Remove the dependency of onappylog | Obtain a waiver for the impacted components | Medium | Low | resolved | ||||||||
15 | SO |
| Code coverage for the new repos created failed to meet the required goal. | SO | Code coverage goals | Obtain a waiver for the impacted components | High | High | Working on the coverage for code split and will be able to meet the goals by the RC0.Resolved | ||||||||
16 | DMaaP kafka |
| Code coverage for the dmaap-kafka project failed to meet the required goal. | DMaaP kafka | Code coverage goals | Obtain a waiver for the impacted components | High | Low | Working with Sonar community to fix this unexpected coverage drop. | ||||||||
17 | Policy |
| OOM merge for M3 is not yet complete, so RC0 is even more unlikely | Policy | Update OOM review to latest Policy images | Obtain a waiver | High | High | Withdrawn M3 OOM review was merged | ||||||||
...