We do have clear text default credentials in our docker-compose files if not provided (Only used for testing). The users of CPS are expected to override credentials and strategies around these.

+1

Note: Architecture diagram is for the Istanbul release.

Please update "This page reflects the state for Istanbul-R9 release" to reflect the current release.

None available

CPS don’t have security requirements apart from the authentication on our rest API wherein username and passwords are configurable

None available

CPS don’t have security requirements apart from the authentication on our rest API wherein username and passwords are configurable

Yes, CPS sonarcloud reports can be found @

https://sonarcloud.io/organizations/onap/projects?search=cps&sort=-coverage

https://sonarcloud.io/organizations/onap/projects?search=ncmp-dmi-plugin&sort=-coverage

Yes. Critical vulnerabilities/issues are compiled by SECCOM periodically and CPS project team resolves them in-time for current/prev release.

We also check sonarcloud reports on a weekly basis and if needed action is taken.

Our application expects (any) client to upload models and data to be stored.

These models and data are validated via OpenDayLight Yang parser. These are only stored once the parser accepts that it is valid and returns an exception for invalid models and data.

Additionally, inputs to all REST endpoints are validated, e.g. CM handle IDs, CPS paths, timestamps

Is the ODL Yang parser included in CPS or is it a separate "microservice"?

How does CPS differentiate between trusted and untrusted sources?

CPS does not have a UI and does not use javascript

The application uses Swagger for RESTful API, wherein it is set that Authorization headers are required for accessing API documentation. 

[TH] You should mention use of HTTPS behind mesh.How are usernames and passwords stored?

Are passwords stored hashed where CPS acts as an authenticator?