generated from openmcp-project/repository-template
-
Notifications
You must be signed in to change notification settings - Fork 0
Open
1 / 41 of 4 issues completedLabels
area/open-mcpAll ManagedControlPlane related issuesAll ManagedControlPlane related issueskind/epicEpic covers multiple issues/tasksEpic covers multiple issues/tasksneeds/validationVerify Issue and Prio with POVerify Issue and Prio with PO
Description
Understand the Epic
The Releasechannel currently only supports scanning for CVEs. This needs to be enhanced by allowing for:
- license scanning
- security scanning
- SBOM checks (insecure or prohibited dependencies)
- regular checks
- exceptions of check reports should be documentable and reasoned
Context / Background
No response
User Stories or tasks
- I as an operator of a MCP landscape wants to ensure that managed components are scanned depending on my requirements for compliance.
What is required to accept the Epic as finished.
- managed components are scanned before being put into our releasechannel
- managed components are scanned continuously
- exception reports are documented and reasoned
Dependencies of this Epic
- we should check wether using the OCM Delivery Gear is a valid solution as this already does compliance scanning for OCM components
Risks of this Epic
- dependency on OCM team building and maintaining the Delivery Gear: we should investigate whats needed to contribute and how much effort this needs
Known Stakeholders of this Epic
- operators of MCP landscapes
Milestone Definitions for this Epic.
- Experiment around OCM Delivery Gear and implementation effort
- New PR based workflow with Delivery Gear
- Continuous scanning in releasechannel
Sub-issues
Metadata
Metadata
Assignees
Labels
area/open-mcpAll ManagedControlPlane related issuesAll ManagedControlPlane related issueskind/epicEpic covers multiple issues/tasksEpic covers multiple issues/tasksneeds/validationVerify Issue and Prio with POVerify Issue and Prio with PO