Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: dcae risks status updated to closed

This centralized page, for all Istanbul projects, is aimed at identifying the risks as they are foreseen within the release life cycle.

A Risk that materialized becomes an Issue.

Status:

  • Identified: a risk that has been identified, but has not yet been analyzed / assessed yet 
  • Assessed: an identified risk which currently has no risk response plan 
  • Planned: an identified risk with a risk response plan
  • In-Process: a risk where the risk response is being executed 
  • Closed: a risk that occurred and is transferred to an issue or the risk was solved/avoided
  • Not occurred: a risk that was identified but that did not occur 
  • Rejected: created and kept for tracking purposes but considered not to be used yet


Code coverage goals
Risk IDProject Team or person identifying the riskIdentification DateRisk (Description and potential impact)Team or component impacted by the risk

Mitigation Plan

(Action to prevent the risk to materialize)


Contingency Plan - Response Plan

(Action in case of the risk materialized)

Probability of occurrence (probability of the risk materialized)

High/Medium/Low

Impact

High/Medium/Low

StatusNotes
1OOF

 

Problem with removing GPLv3 components from OSDF docker imageOSDFPossible ways of solving the problem are documented here. OSDF Image optimizationRaise an exception for this release and continue to work on itMediumMediumIdentified
2Policy

 

Problems resulting from upgrade of jetty-serverPolicy, oparentRequest update to oparent sooner rather than later so that impact may be assessedRaise an exception for this release and continue to work on itLowHighIdentified

Not occurred (based on discussion with James Hahnin PTL meeting Aug 23)

Reviewed Aug 23
3Policy

 

Problems resulting from upgrade of CDS jarsPolicy, CDSBe proactive with CDS team
MediumLowIdentified

Closed (based on discussion with James Hahnin PTL meeting Aug 23)

Reviewed Aug 23
4Policy

 

TSOCA Control Loops are dependent on migration of DCAE kubernetesPolicy, DCAEBe proactive with DCAE team
MediumMediumIdentifier

In process (based on discussion with Liam Fallon in PTL meeting Aug 23)

Reviewed Aug2 3
5AAI

 

Lack of resources to deliver deliver security bugs/issues

REQ-439 - CONTINUATION OF PACKAGES UPGRADES IN DIRECT DEPENDENCIES 

AAI-3194, AAI-3292

AAIMake best efforts to resolve the security findingsRaise an exception for this release and continue to work on itMediumLowIdentified

TBDWilliam Reehilplanning to file waiver.  Discuss with Catherine what the appropriate status should be.

Reviewed Aug 23
6AAI

 

Janusgraph does not support Java 11

REQ-438 - COMPLETION OF JAVA LANGUAGE UPDATE (v8 → v11)

AAINot much we can doRaise an exception for this release and hope janusgraph supports java 11 in the coming releaseHighLowIdentified

TBDWilliam Reehilwaiver filed.  Discuss with Catherine what the appropriate status should be.

Reviewed Aug 23
7DMaaP Message Router

 

REQ-438 - COMPLETION OF JAVA LANGUAGE UPDATE (v8 → v11)  

Confluent base images used by Message Router kafka/zookeeper are built using Java 8. Move to a newer version is a risk based on resources/time constraints.

DMaaPSource some more resources for the project to address this issue.Obtain a waiver for the problem packagesHighLowIdentified8DMaaP kafka

 

Code coverage for the dmaap-kafka project failed to meet the required goal.

DMaaP kafkaObtain a waiver for the impacted componentsHighLowWorking with Sonar community to fix this unexpected coverage drop.
9CCSDK

 

Most recent AAF shiro plugin version appears to still be compiled for Java 8, which causes problems when installed in Karaf under Java 11.AAFAAF plugin is not installed until this is resolved - installing it breaks the container.Will continue to use built-in ODL credentials instead of using AAF to authenticateHighLowIdentified

Assessed (based on discussion with Dan Timoneyin PTL meeting Aug 23)

Reviewed Aug 23
10DCAE

 

REQ-438 - COMPLETION OF JAVA LANGUAGE UPDATE (v8 → v11)

dcaemod-designtool & dcaemod-nifi-registry has dependency on upstream (NiFI) project which is currently on java8


DCAEContinue H versionWaiver/Exception to  be filed with SECCOM HighLowIdentified

Closed (10/18/2021)

(Exception filed for Nifi components; all other DCAE components/containers upgraded to java11)


  11DCAE

 

Scope of DCAE Transformation (REQ-685) being large and dependency on multiple projects (DCAE, OOM, Integration, CLAMP) - there is risk in completing the planned scope in entierity for this releaseDCAE, Integration, OOM, CLAMPPeriodic assessment with all impacted project;  adjust target scope if required.Defer subset of features to J releaseMediumMediumIdentified

Closed (10/18/2021)

(Integration Testsuite migration work (INT-1895) has been deferred to Jakarta due to resource constraint. Rest of planned scope has been delivered for Istanbul)


12UUI

 

Jira Legacy
serverSystem Jira
serverId4733707d-2057-3a0f-ae5e-4fd8aff50176
keyUSECASEUI-574

Update the vulnerable direct dependencies in code base but the result is unknown, and we don't have the lab environment to verify it now

UUIDelay it until our lab environment is ready
HighLowIdentified
13UUI

 

Jira Legacy
serverSystem Jira
serverId4733707d-2057-3a0f-ae5e-4fd8aff50176
keyUSECASEUI-405

Not enough human resource to do this modification

UUIContinue working on it until next release
HighLowIdentified
14SDC

 

Not able to fix all the identified security issues required by the global requirement 

Jira Legacy
serverSystem Jira
serverId4733707d-2057-3a0f-ae5e-4fd8aff50176
keyREQ-443
, reported in 
Jira Legacy
serverSystem Jira
serverId4733707d-2057-3a0f-ae5e-4fd8aff50176
keySDC-3607
 and 
Jira Legacy
serverSystem Jira
serverId4733707d-2057-3a0f-ae5e-4fd8aff50176
keySDC-3608

SDCSource resources to take a look and responsibility to fix the issues as soon as possible. Items will be tracked twice a week.Raise an exception for this release and continue to work on itLowLowNot occurred
15SDC

 

Not able to update all the required vulnerabilities, as per general requirement 
Jira Legacy
serverSystem Jira
serverId4733707d-2057-3a0f-ae5e-4fd8aff50176
keyREQ-439
SDCContinuously monitor the vulnerabilities reported Raise an exception for this release and continue to work on itLowLowNot occurred
16SDC

 

Code coverage fail to meet the required goal. Currently we are very close to the requirement of at least 55% of line coverage.SDCTrack code coverage closely and try to identify the changes that introduced drops and improve them.Raise an exception for this release and continue to work on itLowLowNot occurred
17SDC

 

Not able to fix 

Jira Legacy
serverSystem Jira
serverId4733707d-2057-3a0f-ae5e-4fd8aff50176
keyOJSI-94
. Was identified that the issue requires a significant change in the front end of the workflow plugin in SDC. There is no resource for now to deal with the problem.

SDCTry to find resources in the community to work on the issue. The issue will be tracked twice a week during the release.Raise an exception for this release and continue to work on itHighLowIdentified
18SO

 

Need a patch for the NSSMF adapter for the defect found during the E2E pairwise testing.SOPatch nssmf-adapter 1.9.1 is made and released for the Istanbul release

This is the first patch for nssmf-adapter in the I release on oom and hence the risk is raised.


MediumLow

In progress.

TSC has been informed about the change.