...
Practice Area | Checkpoint | Yes/No | Evidences | How to? |
---|---|---|---|---|
Security | Has the Release Security/Vulnerability table been updated in the protected Security Vulnerabilities wiki space? | Yes | R4 CLI Security/Vulnerability - Full Content | PTL reviews the NexusIQ scans for their project repos and fills out the vulnerability review table |
Has the project committed to enabling transport level encryption on all interfaces and the option to turn it off? | Yes | Requirements and test cases for transport layer encryption have been created for all interfaces not currently supporting encryption. we are running in two ports ,one for https, one for httpNo | NA. CLI does not expose any HTTPS to consumption for user. | |
Has the project documented all open port information? | Yes | Update OOM NodePort List | ||
Has the project provided the communication policy to OOM and Integration? | YesNo | NA. CLI does not provide any Micro-service HTTPS | Recommended Protocols | |
Do you have a plan to address by M4 the Critical and High vulnerabilities in the third party libraries used within your project?Yes | No | CLI does not expose any HTTPS to consumption for user. |
| |
Architecture | Has the Project team reviewed the APIs with the Architecture Committee (ARC)? | YES | Architecture walkthrough to understand how each project contributes on Release Use Case. ARC to organize the walkthrough. | |
Is there a plan to address the findings the API review? | NA | Link to plan | The plan could be as simple as a Jira issue to track the implementation of findings or a documented plan within the wiki. | |
Does the team clearly understand that no changes in the API definition is allowed without formal TSC review and approval? | YES | NA | In the case some changes are necessary, bring the request to the TSC for review and approval. | |
Is there any changes in the scope, functionalities, deliverable, dependency, resources, API, repositories since M1 milestone? | NO | If Yes, please a link to the evidence of these changes. | Critical point to understand is that change is inevitable, and that right timing and clear communication to the community will ease the process of accepting changes. | |
Provide link to the API Documentation. | YES | Dublin M3 Interface details | ||
Release Management | Are committed Sprint Backlog Stories been marked as "Done" in Jira board? | YES | https://jira.onap.org/secure/RapidBoard.jspa?rapidView=21&view=planning.nodetail | |
Are all tasks associated with Sprint Backlog Stories been marked as "Done" in Jira? | YES | https://jira.onap.org/secure/RapidBoard.jspa?rapidView=21&view=planning.nodetail | ||
Have all findings from previous milestones been addressed? | NA | |||
Development | Has the project team reach the Automated Unit Test Code Coverage expectation? (Refer to artifacts available in Sonar) | YES | Guidance on Code Coverage and Static Code Analysis | |
Is there any pending commit request older than 36 Business hours in Gerrit? | YES | They are in review progress/ merge conflicts. | ||
Are all the Jenkins jobs successfully passed ( Merge-Jobs)? | YES | https://jenkins.onap.org/view/cli/ | ||
Are all binaries available in Nexus? | YES | |||
Integration and Testing | Have 50 % of System Integration Testing Use Cases been implemented successfully in Jenkins? | YES | https://jenkins.onap.org/job/cli-master-verify-csit-sanity-check/ | |
Has the project code successfully passed the Daily Build process? | YES | Goal is to ensure the latest project commit has not broken the Integration Daily Build |
...