Dublin-M3 checklist

Practice Area	Checkpoint	Yes/No	Evidences	How to?

Practice Area	Checkpoint	Yes/No	Evidences	How to?
Security	Has the Release Security/Vulnerability table been updated in the protected Security Vulnerabilities wiki space?	Yes	R4 CLI Security/Vulnerability - Full Content	PTL reviews the NexusIQ scans for their project repos and fills out the vulnerability review table
	Has the project committed to enabling transport level encryption on all interfaces and the option to turn it off?	No	NA. CLI does not expose any HTTPS to consumption for user.
	Has the project documented all open port information?	Yes		Update OOM NodePort List
	Has the project provided the communication policy to OOM and Integration?	No	NA. CLI does not provide any Micro-service HTTPS	Recommended Protocols
	Do you have a plan to address by M4 the Critical and High vulnerabilities in the third party libraries used within your project?	No	CLI does not expose any HTTPS to consumption for user.	Replace vulnerable packages Document false positives in the release notes if it is not possible to replace the vulnerable packages Document vulnerabilities inherited in dependencies: include the name of the dependency and any mitigations that can be implemented by an ONAP user Ensure by M4 the Nexus-IQ report from “Jenkins CLM” shows 0 critical security vulnerability. Open the Nexus-IQ report for the details on each repository
Architecture	Has the Project team reviewed the APIs with the Architecture Committee (ARC)?	YES		Architecture walkthrough to understand how each project contributes on Release Use Case. ARC to organize the walkthrough.
	Is there a plan to address the findings the API review?	NA	Link to plan	The plan could be as simple as a Jira issue to track the implementation of findings or a documented plan within the wiki.
	Does the team clearly understand that no changes in the API definition is allowed without formal TSC review and approval?	YES	NA	In the case some changes are necessary, bring the request to the TSC for review and approval.
	Is there any changes in the scope, functionalities, deliverable, dependency, resources, API, repositories since M1 milestone?	NO	If Yes, please a link to the evidence of these changes.	Critical point to understand is that change is inevitable, and that right timing and clear communication to the community will ease the process of accepting changes.
	Provide link to the API Documentation.	YES	Dublin M3 Interface details
Release Management	Are committed Sprint Backlog Stories been marked as "Done" in Jira board?	YES	https://jira.onap.org/secure/RapidBoard.jspa?rapidView=21&view=planning.nodetail
	Are all tasks associated with Sprint Backlog Stories been marked as "Done" in Jira?	YES	https://jira.onap.org/secure/RapidBoard.jspa?rapidView=21&view=planning.nodetail
	Have all findings from previous milestones been addressed?	NA
Development	Has the project team reach the Automated Unit Test Code Coverage expectation? (Refer to artifacts available in Sonar)	YES		Guidance on Code Coverage and Static Code Analysis Tools: Sonar
	Is there any pending commit request older than 36 Business hours in Gerrit?	YES	They are in review progress/ merge conflicts.
	Are all the Jenkins jobs successfully passed ( Merge-Jobs)?	YES	https://jenkins.onap.org/view/cli/
	Are all binaries available in Nexus?	YES
Integration and Testing	Have 50 % of System Integration Testing Use Cases been implemented successfully in Jenkins?	YES	https://jenkins.onap.org/job/cli-master-verify-csit-sanity-check/
	Has the project code successfully passed the Daily Build process?	YES		Goal is to ensure the latest project commit has not broken the Integration Daily Build