...
Practice Area | Checkpoint | Yes/No | Evidence - Comment | How to? | |||
Security | Has the Release Security/Vulnerability table been filled out in the protected Security Vulnerabilities wiki space? |
| Table in in the protected Security Vulnerabilities wiki space corresponds to the latest NexusIQ scan | PTL reviews the NexusIQ scans for their project repos and fills out the vulnerability review table | |||
Have known vulnerabilities (critical and severe) to address/remove in the release been identified with jira tickets? |
| Jira tickets exist for vulnerabilities or the project indicates that there will be no vulnerable library replacement | Complete Jira tickets | Propose that previous line replace this question in the current M3 template: Do you have a plan to address by M4 the Critical and High vulnerabilities in the third party libraries used within your project? |
|
| Ensure by M4 the Nexus-IQ report from “Jenkins CLM” shows 0 critical security and severe vulnerabilities. Open the Nexus-IQ report for the details on each repo.Create Jira tickets |
Has the project committed to the release CII badging level |
| Project plans that include | See https://www.coreinfrastructure.org/programs/badge-program/ and https://wiki.onap.org/display/DW/CII+Badging+Program | ||||
| Has the project created their project CII questionnaire and completed the ONAP-level CII requirements? | URL of the questionnaire and all ONAP level CII requirements are answered | ||||||
If the project uses java, has the project integrated with the oparent.pom? |
| Oparent.pom included in project |
|
...