Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

SECCOM will define a set of metrics per release that will be used to measure the security maturity of each ONAP project. Each project will have it's maturity level documented in the release notes.

Guilin - DRAFT

  1. All OJSI tickets closed.
  2. All mariadb-galera and yyyy passwords removed from Helm charts.
  3. All external HTTP ports converted to HTTPS.
  4. Java and Python projects are all using the recommended versions.
    1. All projects that use Python have upgraded to Python 3 (version 3.8.0).
    2. All projects that use Java have upgraded to Java 11.
  5. All direct dependencies containing Critical or Severe vulnerabilities are updated per SECCOM recommendations.
  6. Generate logs that can be collected by Kubernetes.

Frankfurt

  1. All OJSI tickets closed, with the following exceptions.
    1. All fixes that have an unresolved dependency on AAF integration.
  2. All mariabd-galera passwords removed from Helm charts, where the chart is using the common mariadb-galera chart. This applies to both common and dedicated instances of the db.
  3. All external HTTP ports converted to HTTPS, with the following exceptions.
    1. HTTP ports discovered after M2/M3
    2. All fixes that have an unresolved dependency on AAF integration
    3. HTTP ports only used for testing
  • No labels