...
Requirement | commitment & strategy | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Document current upgrade component strategy | Frankfurt Documentation shows AAI documentation update & status
| ||||||||||
SECCOM Perform Software Composition Analysis - Vulnerability tables | AAI will work with Pawel Pawlak SECCOM for the security vulnerability
| ||||||||||
SECCOM Password removal from OOM HELM charts | N/A | ||||||||||
REQ-380 - ONAP container repository (nexus) must not contain upstream docker images TO DO | No Community Commitment As of 7/9 | ||||||||||
REQ-379 - ONAP projects must use only approved and verified base images for their containers TO DO | No Community Commitment As of 7/9 | ||||||||||
REQ-366 - Containers must crash properly when a failure occurs TO DO | AAI currently satisfies | ||||||||||
REQ-365 - Containers must have no more than one main process TO DO | AAI currently satisfies | ||||||||||
REQ-362 - All containers must run as non-root user TO DO | AT&T delivered this update for Guilin | ||||||||||
REQ-361 - Continue hardcoded passwords removal TO DO | No Community Commitment As of 7/9 | ||||||||||
REQ-351 - ONAP must complete update of the java language (from v8 -> v11) TO DO | No Community Commitment As of 7/9 Multi-tenancy use case folks (amdocs/yoppworks) may take this work | ||||||||||
REQ-349 - Each ONAP project shall define code coverage improvements and achieve at least 55% code coverage TO DO | No Community Commitment As of 7/9 | ||||||||||
REQ-323 - Each project will update the vulnerable direct dependencies in their code base TO DO | Updated SV Documentation for Guilin | SECCOM HTTPS communication vs. HTTP | All interfaces are secured with TLS except for elastic search, which we plan to move to a TLS capable version Jira | | |||||||
server | ONAP JIRA | ||||||||||
columns | key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution | ||||||||||
serverId | 425b2b0a-557c-3c0c-b515-579789cceedb | key | AAI-2677