.. ===============LICENSE_START======================================================= .. Acumos CC-BY-4.0 .. =================================================================================== .. Copyright (C) 2017-2018 AT&T Intellectual Property & Tech Mahindra. All rights reserved. .. =================================================================================== .. This Acumos documentation file is distributed by AT&T and Tech Mahindra .. under the Creative Commons Attribution 4.0 International License (the "License"); .. you may not use this file except in compliance with the License. .. You may obtain a copy of the License at .. .. http://creativecommons.org/licenses/by/4.0 .. .. This file is distributed on an "AS IS" BASIS, .. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. .. See the License for the specific language governing permissions and .. limitations under the License. .. ===============LICENSE_END========================================================= ================================================ Security Verification (SV) Library Release Notes ================================================ -------------------------- Version 1.2.2, 13 Dec 2019 -------------------------- * `ACUMOS-3428: Security Verification License Scan migration to Jenkins `_ * `6114: Release notes 1.2.2 `_ * `ACUMOS-3840: Update to CDS 3.1.0 `_ * `6093: Update to CDS 3.1.0 `_ -------------------------- Version 1.2.1, 03 Dec 2019 -------------------------- This version corrects an issue with SV Scanning Service API endpoints. One configuration change is necessary: * for the Portal-BE, Onboarding, and Federation components, remove the path element in the SV API URL: * for Portal-BE, in the Spring environment under "portal.feature.sv" .. code-block:: json "api": "http://sv-scanning-service:9082" .. * for Onboarding amd Microservice Generation, in the Spring environment under "security.verificationApiUrl" .. code-block:: json "verificationApiUrl": "http://sv-scanning-service:9082" .. * for Federation, in the Spring environment under "verification.url" .. code-block:: json "url": "http://sv-scanning-service:9082" .. * `ACUMOS-3660: Security Verification endpoint mapping `_ * `5999: update release notes `_ * `5777: Release SV 1.2.1 Client Library `_ * `5773: Correct SV endpoint mapping `_ -------------------------- Version 1.2.0, 10 Oct 2019 -------------------------- * Removal of LMCL dependency - `ACUMOS-3505 `_ * Changed docker image for SV to follow acumos/ prefix -------------------------- Version 1.1.0, 01 Oct 2019 -------------------------- * `5317: Security Verification 1.1.0 - jenkins and rtu `_ * `ACUMOS-3125: As a model User, when LUM provides denial of action to Acumos, Security Verification will not allow user action and Portal will display notification to user. `_ ---------------------------- Version 1.0.1, 19 Sept 2019 ---------------------------- * `ACUMOS-3031: A scan must occur to verify License Profile metadata `_ * `4888: Support License ArtifactType `_ * `4965: Fix SV build on master `_ --------------------------- Version 0.0.24, 09 Jun 2019 --------------------------- Version update only; changes were to the SV Scanning Service * `ACUMOS-1373: S-V Scanning Service component with spring-based API `_ * `4796: Bump sv-client version `_ --------------------------- Version 0.0.22, 25 Jun 2019 --------------------------- * `ACUMOS-1373: S-V Scanning Service component with spring-based API `_ * `4603: Wait for CDS, init scancode on startup `_ --------------------------- Version 0.0.21, 07 Jun 2019 --------------------------- * `4632: Changing API - SV needs to accept logged in userId `_ * `4616: Rtu Verifier fixes `_ * `ACUMOS-1373: S-V Scanning Service component with spring-based API `_ * `4634: Update release notes, scan scripts `_ * `4621: Fix workflow check `_ * `4603: Support proprietary licences `_ * Uprev to allow release of License Manager client library --------------------------- Version 0.0.20, 30 May 2019 --------------------------- * `ACUMOS-2559: S-V Library workflow permission determination `_ * `4555: Update versions for release `_ * `4554: Upload single copy of scancode.json etc `_ * `4545: Update artifact creation logic `_ * `4534: Update artifact creation logic `_ --------------------------- Version 0.0.19, 28 May 2019 --------------------------- * `ACUMOS-2559: S-V Library workflow permission determination `_ * `4524: Correct return of failure reason to user `_ * `4522: Correct check for getVerifiedLicense result `_ * `4518: S-V Library workflow permission determination `_ --------------------------- Version 0.0.18, 23 May 2019 --------------------------- * Update license-manager-client-library version-0.0.7 in security-verification-client-library (`ACUMOS-2954 `_) * `4489: Update design doc with recommended tests `_ * `ACUMOS-2358: S-V design documentation `_ * `4366: Updated release note `_ * `ACUMOS-2886: update security verification for cds 2.2.2 `_ * `4291: Update SV and LM version for LF release `_ * `ACUMOS-2830: Update license-manager-client-library, security-verification-client and security-verification-service For LF release `_ * `4262: Sonar 40% code coverage requirement on every repo `_ * `ACUMOS-1095: Sonar 40% code coverage requirement on every repo `_ * `ACUMOS-2815: Security Verification throwing Unexected Error Message `_ * 4206: S-V library implementation (``_) * 4202: S-V library implementation (``_) * 4202: S-V library implementation (``_) * 4201: S-V library implementation (``_) ------------------------------- Version 0.0.17, 14 May 2019 ------------------------------- * Artifact type cdump not found -- when publishing in portal (`ACUMOS-2860 `_) ------------------------------- Version 0.0.16, 10 May 2019 ------------------------------- * SecurityVerificationServiceImpl.createSiteConfig (`ACUMOS-2865 `_) ------------------------------- Version 0.0.15, 10 May 2019 ------------------------------- * SecurityVerificationServiceImpl.createSiteConfig (`ACUMOS-2865 `_) * Artifact type cdump not found -- when publishing in portal (`ACUMOS-2860 `_) * Dependencies should be installed part of the docker image of the component rather than directly in yaml file (`ACUMOS-2845 `_) ------------------------------- Version 0.0.12, 01 May 2019 ------------------------------- * Update license-manager-client-library, security-verification-client and security-verification-service For LF release (`ACUMOS-2830 `_) ------------------------------- Version 0.0.11, 30 April 2019 ------------------------------- * Security Verification throwing Unexected Error Message (`ACUMOS-2815 `_) ---------------------------- Version 0.1.0, 12 April 2019 ---------------------------- * `ACUMOS-2559: S-V Library workflow permission determination `_ * `4137: Release 0.1.0 `_ * `4113: S-V Library workflow permission determination `_ * `4101: S-V Library workflow permission determination `_ * `4091: S-V Library workflow permission determination `_ ---------------------------- Version 0.0.3, 05 April 2019 ---------------------------- * `4085: Updated release note `_ * `ACUMOS-2555: S-V Library base module `_ * `4065: S-V Library workflow permission determination `_ * `ACUMOS-2559: S-V Library workflow permission determination `_ ---------------------------- Version 0.0.1, 04 April 2019 ---------------------------- * `3990: S-V library implementation `_ * `ACUMOS-1956: S-V library implementation `_ * `ACUMOS-2546: Reorganize security-verification git repo to support multiple maven projects `_ * `ACUMOS-2559: S-V Library workflow permission determination `_ * `3977: S-V library implementation `_ * `ACUMOS-1956: S-V library implementation `_ * `ACUMOS-2546: Reorganize security-verification git repo to support multiple maven projects `_ * `ACUMOS-2559: S-V Library workflow permission determination `_ * `3948: S-V library implementation `_ * `ACUMOS-1956: S-V library implementation `_ * `ACUMOS-2555: S-V Library base module `_ * `ACUMOS-2557: S-V Library solution/revision processing `_ * `ACUMOS-2558: S-V Library scan invocation logic `_ * `ACUMOS-2546: Reorganize security-verification git repo to support multiple maven projects `_ * `3914: S-V library implementation `_ * `ACUMOS-2555: S-V Library base module `_ * `ACUMOS-2557: S-V Library solution/revision processing `_ * `ACUMOS-2558: S-V Library scan invocation logic `_ ========================================================= Security Verification (SV) Scanning Service Release Notes ========================================================= -------------------------- Version 1.2.2, 13 Dec 2019 -------------------------- * `ACUMOS-3428: Security Verification License Scan migration to Jenkins `_ * `6114: Release notes 1.2.2 `_ * `6113: Fix location of logs: `_ * `ACUMOS-3840: Update to CDS 3.1.0 `_ * `6093: Update to CDS 3.1.0 `_ -------------------------- Version 1.2.1, 03 Dec 2019 -------------------------- * `ACUMOS-3660 `_ * `5774: Correct SV endpoint mapping, part 2 `_ * `5982: SV-Scanning-Service release 1.2.1 `_ * `ACUMOS-3428: Security Verification License Scan migration to Jenkins `_ * `5985: Include nexus auth for artifact retrieval `_ * `5927: Updates to SV jenkins job setup `_ -------------------------- Version 1.2.0, 16 Oct 2019 -------------------------- * `ACUMOS-3428: Security Verification License Scan migration to Jenkins `_ * `5607: Revision version format change `_ * Fix Sv-Scanning service for new revision version format. * Add verbose output to scan scripts. * Remove unused scripts. -------------------------- Version 1.1.0, 01 Oct 2019 -------------------------- * `5317: Security Verification 1.1.0 - jenkins and rtu `_ * `ACUMOS-3428: Security Verification License Scan migration to Jenkins `_ * `ACUMOS-3125: As a model User, when LUM provides denial of action to Acumos, Security Verification will not allow user action and Portal will display notification to user. `_ * Add LUM URL env parameter for LMCL * Code formatting clean up * Licensing RTU check updates * Relocate/update scripts for Jenkins. * Scan invokes Jenkins job. * ScanResult handling from Jenkins. ---------------------------- Version 1.0.1, 19 Sept 2019 ---------------------------- * `ACUMOS-3436: Security Verification update to Java 11 `_ * `5246: Security Verification - Java 11 `_ * `ACUMOS-3428: Implement scan job queuing `_ * `5292: Release 1.0.1 `_ * `5271: Update to CDS 3.0.0 `_ * `5241: Ignore license type field for now `_ * `5210: Implement scan job queueing `_ --------------------------- Version 0.0.24, 09 Jun 2019 --------------------------- This release restores the ability to deploy the SV Scanning Service with full functionality embedded in the docker container image. Updates with external configuration files (e.g. to update licenses/rules, or the scanning tool/scripts) is optional, as described by the updated user-guide. * `ACUMOS-1373: S-V Scanning Service component with spring-based API `_ * `4800: Handle exception cases and large scan sets `_ * `4795: Deployment with config updates optional `_ * `ACUMOS-2358: S-V design documentation `_ * `4789: Update design, add user guide `_ --------------------------- Version 0.0.22, 25 Jun 2019 --------------------------- * `ACUMOS-1373: S-V Scanning Service component with spring-based API `_ * `4603: Wait for CDS, init scancode on startup`_ ---------------------------- Version 0.0.21, 07 June 2019 ---------------------------- * `ACUMOS-1373: S-V Scanning Service component with spring-based API `_ * `4603: Support proprietary licences `_ --------------------------- Version 0.0.20, 30 May 2019 --------------------------- * `ACUMOS-2559: S-V Library workflow permission determination `_ * Update artifact creation logic --------------------------- Version 0.0.19, 28 May 2019 --------------------------- * `ACUMOS-2559: S-V Library workflow permission determination `_ * `4524: Correct return of failure reason to user `_ * switch to curl (wget hangs), add logging --------------------------- Version 0.0.18, 23 May 2019 --------------------------- This release includes improvements and other updates as below, for the merged commits and related Jira items: * `4489: Update design doc with recommended tests `_ * `ACUMOS-2358: S-V design documentation `_ * `4362: SecurityVerificationServiceImpl createSiteConfig `_ * `ACUMOS-2865: SecurityVerificationServiceImpl.createSiteConfig `_ * `ACUMOS-2860: Artifact type cdump not found -- when publishing in portal `_ * `4462: Artifact type cdump not found in portal `_ * `4449: Artifact type cdump not found in portal `_ * `4443: Artifact type cdump not found in portal `_ * `4418: Artifact type cdump not found in portal `_ * `4408: Artifact type cdump not found in portal `_ * `4397: Artifact type cdump not found in portal `_ * `4351: Artifact type cdump not found when publishing `_ * `4338: Updated SV code `_ * `ACUMOS-2845: Dependencies should be installed part of the docker image of the component rather than directly in yaml file `_ * `4262: Sonar 40% code coverage requirement on every repo `_ * `ACUMOS-1095: Sonar 40% code coverage requirement on every repo `_ * `ACUMOS-2815: Security Verification throwing Unexected Error Message `_ * `4179: S-V Library workflow permission determination `_ * `ACUMOS-2774: Security Verification run containerized process as unprivileged user `_ * `ACUMOS-1373: S-V Scanning Service component with spring-based API `_ * `4455: Script updates in testing `_ * `4450: Script updates in testing `_ * `4409: Script updates in testing `_ * `4204: Script updates in testing `_ * `4188: Move config to /tmp `_ * `4187: Add license type to scanresult.json `_ * `4156: S-V Library workflow permission determination `_ * `ACUMOS-1956:S-V library implementation `_ * `ACUMOS-2559: S-V Library workflow permission determination `_ ---------------------------- Version 0.1.0, 12 April 2019 ---------------------------- This is the first test release of the SV Scanning Service. Docker-compose and kubernetes templates are in the `system-integration `_ repo folders AIO/docker/acumos and AIO/kubernetes, respectively. The implementation includes a combination of: * A springboot application that serves the "/scan" API, per the `design document `_ * A set of bash scripts as prototype implementations of the following functions, built into the generated SV Scanning Service image. These will be migrated to Java code as time permits: * dump_model.sh: dump all to-be-scanned data for a model revision * license_scan.sh: invoke the `Scancode Toolkit `_ on the dumped model data * scan_all.sh: test script to scan all revisions in the CDS * setup_verification_site_config.sh: test script to initialize the CDS site config for the SV Library and Scanning Service Includes the merged commits and related Jira items: * `4137: Release 0.1.0 `_ * `ACUMOS-1373: S-V Scanning Service component with spring-based API `_ * `4135: Add scan_all.sh script, fix license_scan.sh bugs `_ * `ACUMOS-1373: S-V Scanning Service component with spring-based API `_ * `4098: Updates for testing `_ * `ACUMOS-1373: S-V Scanning Service component with spring-based API `_ * `4090: Integrate scripts into sv-scanning-service `_ * `ACUMOS-1373: S-V Scanning Service component with spring-based API `_ * `4069: Add script to populate verification site key `_ * `ACUMOS-1373: S-V Scanning Service component with spring-based API `_ ---------------------------- Version 0.0.1, 04 April 2019 ---------------------------- Includes the merged commits and related Jira items: * `3881: Baseline license scan scripts `_ * `ACUMOS-1958: S-V License Scan process implementation `_