|Practice Area||Checkpoint||Yes/No||Evidences||How to?|
|Security||Has the Release Security/Vulnerability table been updated in the protected Security Vulnerabilities wiki space?||Yes||R4 APPC Security/Vulnerability - Full Content||PTL reviews the NexusIQ scans for their project repos and fills out the vulnerability review table|
|Has the project committed to enabling transport level encryption on all interfaces and the option to turn it off?||No||Requirements and test cases for transport layer encryption have been created for all interfaces not currently supporting encryption.|
|Has the project documented all open port information?||Yes||OOM NodePort List|
|Has the project provided the communication policy to OOM and Integration?||No|
|Do you have a plan to address by M4 the Critical and High vulnerabilities in the third party libraries used within your project?||Yes|
*APPC inherits from ODL. APPC is working with ODL community to address the security vulnerabilities issues. Please see ODL TSC meeting note: https://meetings.opendaylight.org/opendaylight-meeting/2019/tsc/opendaylight-meeting-tsc.2019-02-21-16.58.html
|Architecture||Has the Project team reviewed the APIs with the Architecture Committee (ARC)?||Yes|
Architecture walkthrough to understand how each project contributes on Release Use Case. ARC to organize the walkthrough.
|Is there a plan to address the findings the API review?||Yes|
|The plan could be as simple as a Jira issue to track the implementation of findings or a documented plan within the wiki.|
|Does the team clearly understand that no changes in the API definition is allowed without formal TSC review and approval?||Yes||NA||In the case some changes are necessary, bring the request to the TSC for review and approval.|
Is there any changes in the scope, functionalities, deliverable, dependency, resources, API, repositories since M1 milestone?
|No||If Yes, please a link to the evidence of these changes.||Critical point to understand is that change is inevitable, and that right timing and clear communication to the community will ease the process of accepting changes.|
|Provide link to the API Documentation.||Yes||APPC LCM API Guide|
|Release Management||Are committed Sprint Backlog Stories been marked as "Closed" in Jira board?||Yes||APPC Board|
|Are all tasks associated with Sprint Backlog Stories been marked as "Closed" in Jira?||Yes||APPC Board|
|Have all findings from previous milestones been addressed?||N/A||No previous findings|
|Development||Is there any pending commit request older than 36 Business hours in Gerrit?||No|
|Do you have a plan to address by M4 the Critical and High vulnerabilities in the third party libraries used within your project?||Yes||R4 APPC Security/Vulnerability - Full Content||Ensure by M4 the Nexus-IQ report from “Jenkins CLM” shows 0 critical security vulnerability. Open the Nexus-IQ report for the details on each repo.|
Are all the Jenkins jobs successfully passed ( Merge-Jobs)?
|Are all binaries available in Nexus?||Yes||https://nexus.onap.org/#nexus-search;quick~appc|
|Integration and Testing|
Have 50 % of System Integration Testing Use Cases been implemented successfully in Jenkins?
It should include at least 1 CSIT that will be run on
Lab-xxx-OOM-Daily Jenkins Job
APPC CSIT describes in APPC CSIT Functional Test Cases
|Has the project code successfully passed the Daily Build process?||Yes||https://jenkins.onap.org/view/appc/||Goal is to ensure the latest project commit has not broken the Integration Daily Build|
|Has the project passed the Integration Sanity Tests?||Yes|
Integration sanity tests in Dublin Release cover:
No test failure reported on http://onapci.org/grafana/d/8cGRqBOmz/daily-summary?orgId=1
No Integration Blocking Issue with no workaround: Dublin Release Integration Test Blocking Issues
|Modeling||Has the Project team provided links to Data Models (e.g, JSON, YANG, Swagger, etc.) for all Shared Information (e.g., APIs, API Payload, Shared Design Model)?||Yes|
APPC provides one single definition for API:
APPC uses Yang model to define LCM Action: Yang Model for LCM Action for payload.
APPC uses swagger 1.2 apidoc that provided by ODL ( see some sample links in APPC WindRiverLab )
APPC does not use TOSCA model in R4.
|It is a non-blocking item for M3 - The Modeling team is gathering information|