-
Epic
-
Resolution: Unresolved
-
Highest
-
None
-
CII Badging updates
-
Best Practice (global - all code)
-
1
-
Not required
-
Original Scope
-
XS
-
GO
-
GO
-
GO
Description of Use Case / Requirement:
ONAP project will provide their feedback for the Application Security questions:
- Crypto Credentials Agility – ½ of apps in met and almost half not yet answered
- Implement Secure Design – 1/3 of projects did not answer
- Crypto Weaknesses – tests to be applied (3 including Morgan)
- 39 crypto weaknesses have been discovered in the SonarCube scans, each of which can be fixed by changing a value in the code (requires less than 30min of work by a developer). SECCOM can provide recommendations
- 134 instances of bypassed host verification or certificate validation have been identified in the code, which need to be reviewed with the PTLs
- For Istanbul, the security issues we will concentrate on are:
- command injection - 1 issue found in 1 project
- sql injection - 5 issues found in 4 projects
- xss (cross site scripting) - 11 issues found in 7 projects
- xxe (XML External Entity) - 38 issues found in 13 projects
Projects that have already answered this question positively, should verify that the answer is still correct.
Should be the Assignee - use @ notation): TonyLHansen , zwarico ,
Link to HLD/LLD (if any):
Dependency Relationships with Other Projects:
Project Impact (Test Only (TO), Code (C)): C **
Support Status for each Affected Project (Supported (S); Partially Supported (P); Not Supported (N)):
Note: for any affected projects labeled 'P' or 'N', please document the resulting gaps.
Integration Leads (use @ notation):
Company Engagement:
- is blocked by
-
ONAPARC-653 (Honolulu-R8) - NF - CONTINUATION OF CII BADGING SCORE IMPROVEMENTS FOR SILVER LEVEL
- Open
- relates to
-
AAI-3345 fix CRITICAL xss (cross site scripting) issues identified in sonarcloud
- Closed
-
AAI-3346 fix CRITICAL xxe (XML External Entity) issues identified in sonarcloud
- Closed
-
AAI-3347 fix CRITICAL xxe (XML External Entity) issues identified in sonarcloud
- Closed
-
AAI-3348 fix CRITICAL xxe (XML External Entity) issues identified in sonarcloud
- Closed
-
APPC-1919 fix CRITICAL xxe (XML External Entity) issues identified in sonarcloud
- Closed
-
CCSDK-3317 fix CRITICAL xxe (XML External Entity) issues identified in sonarcloud
- Closed
-
CCSDK-3321 fix CRITICAL xml external entity (xxe) issues identified in sonarcloud
- Closed
-
CCSDK-3322 fix CRITICAL xml external entity (xxe) issues identified in sonarcloud
- Closed
-
CCSDK-3323 fix CRITICAL xml external entity (xxe) issues identified in sonarcloud
- Closed
-
CCSDK-3324 fix CRITICAL xml external entity (xxe) issues identified in sonarcloud
- Closed
-
CCSDK-3325 fix CRITICAL xml external entity (xxe) issues identified in sonarcloud
- Closed
-
CCSDK-3326 fix CRITICAL xml external entity (xxe) issues identified in sonarcloud
- Closed
-
CCSDK-3327 fix CRITICAL xml external entity (xxe) issues identified in sonarcloud
- Closed
-
DCAEGEN2-2798 fix CRITICAL xxe (XML External Entity) issues identified in sonarcloud
- Closed
-
DMAAP-1623 [DR] fix CRITICAL sql-injection issues identified in sonarcloud
- Closed
-
DMAAP-1624 [DR] fix CRITICAL cross-site scripting (xss) issues identified in sonarcloud
- Closed
-
HOLMES-453 fix CRITICAL cross-site scripting (xss) issues identified in sonarcloud
- Closed
-
OPTFRA-965 fix CRITICAL sql-injection issues identified in sonarcloud
- Closed
-
OPTFRA-966 fix CRITICAL cross-site scripting (xss) issues identified in sonarcloud
- Closed
-
PORTAL-1070 fix CRITICAL sql-injection issues identified in sonarcloud
- Closed
-
PORTAL-1071 fix CRITICAL sql-injection issues identified in sonarcloud
- Closed
-
PORTAL-1072 fix CRITICAL sql-injection issues identified in sonarcloud
- Closed
-
SDC-3607 fix CRITICAL xss (cross site scripting) issues identified in sonarcloud
- Closed
-
SDC-3608 fix CRITICAL xxe (XML External Entity) issues identified in sonarcloud
- Closed
-
SDNC-1497 fix CRITICAL weak-cryptography issues identified in sonarcloud
- Closed
-
SO-3662 fix CRITICAL xml external entity (xxe) issues identified in sonarcloud
- Closed
-
SO-3663 fix CRITICAL xml external entity (xxe) issues identified in sonarcloud
- Closed
-
SO-3664 fix CRITICAL xml external entity (xxe) issues identified in sonarcloud
- Closed
-
SO-3665 fix CRITICAL xml external entity (xxe) issues identified in sonarcloud
- Closed
-
SO-3666 fix CRITICAL xml external entity (xxe) issues identified in sonarcloud
- Closed
-
SO-3667 fix CRITICAL xml external entity (xxe) issues identified in sonarcloud
- Closed
-
SO-3668 fix CRITICAL xml external entity (xxe) issues identified in sonarcloud
- Closed
-
VFC-1860 fix CRITICAL command-injection issues identified in sonarcloud
- Closed
-
VFC-1861 fix CRITICAL xml external entity (xxe) issues identified in sonarcloud
- Closed
-
VNFSDK-784 fix CRITICAL xxe (XML External Entity) issues identified in sonarcloud
- Closed
-
AAF-1215 all ONAP CII pages are not showing up on ONAP scans
- Closed
-
APPC-1917 fix CRITICAL weak-cryptography issues identified in sonarcloud
- Closed
-
MUSIC-614 fix CRITICAL weak-cryptography issues identified in sonarcloud
- Closed
-
OPTFRA-924 fix CRITICAL weak-cryptography issues identified in sonarcloud
- Closed
-
OPTFRA-926 fix CRITICAL weak-cryptography issues identified in sonarcloud
- Closed
-
POLICY-3201 fix CRITICAL weak-cryptography issues identified in sonarcloud
- Closed
-
PORTAL-1064 fix CRITICAL weak-cryptography issues identified in sonarcloud
- Closed
-
VFC-1826 fix CRITICAL weak-cryptography issues identified in sonarcloud
- Closed
-
VFC-1827 fix CRITICAL weak-cryptography issues identified in sonarcloud
- Closed
-
VNFSDK-755 fix CRITICAL weak-cryptography issues identified in sonarcloud
- Closed
-
DCAEGEN2-2570 REQ-443 CII improvement for Honolulu Release
- Closed
-
DCAEGEN2-2829 REQ-443 CII improvement for Istanbul Release
- Closed
-
DCAEGEN2-3192 REQ-443 CII improvement for Jakarta Release
- Closed
-
DCAEGEN2-3209 REQ-443 CII improvement for Kohn Release
- Closed
-
MODELING-524 continuation of CII badging score improvements for silver level
- Closed
-
POLICY-2683 REQ-443 improve its CII Badging score by improving input validation and documenting it in their CII Badging site.
- Closed
-
VFC-1848 continuation of CII badging score improvements for silver level
- Closed
-
REQ-223 CII badging – meet targeted Silver and Gold requirements
- Done
-
AAI-3292 fix CRITICAL weak-cryptography issues identified in sonarcloud
- In Progress
-
AAF-1213 fix CRITICAL xss (cross site scripting) issues identified in sonarcloud
- Closed
-
CCSDK-3196 fix CRITICAL weak-cryptography issues identified in sonarcloud
- Closed
-
CCSDK-3318 fix CRITICAL xxe (XML External Entity) issues identified in sonarcloud
- Closed
-
AAF-1211 fix CRITICAL weak-cryptography issues identified in sonarcloud
- Closed
-
DCAEGEN2-2518 security blocker in restconf collector
- Closed
-
DCAEGEN2-2656 fix CRITICAL weak-cryptography issues identified in sonarcloud
- Closed
-
OPTFRA-927 fix CRITICAL weak-cryptography issues identified in sonarcloud
- Closed
-
SDC-3495 fix CRITICAL weak-cryptography issues identified in sonarcloud
- Closed
-
VID-971 fix CRITICAL weak-cryptography issues identified in sonarcloud
- Closed
- mentioned in
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
1.
|
Crypto Credentials Agility CII Badging Score Improvements | In Progress | tonylhansen | |
2.
|
Implement Secure Design CII Badging Score Improvements | In Progress | tonylhansen |