Merge pull request #48 from eclipse-tractusx/release/v1.0.0

build(1.0.0): merge release into main

DEPENDENCIES

@@ -24,7 +24,7 @@ nuget/nuget/-/Serilog.Enrichers.Thread/3.1.0, Apache-2.0, approved, clearlydefin
 nuget/nuget/-/Serilog.Extensions.Hosting/8.0.0, Apache-2.0, approved, #13962
 nuget/nuget/-/Serilog.Extensions.Logging/8.0.0, Apache-2.0, approved, #13985
 nuget/nuget/-/Serilog.Formatting.Compact/2.0.0, Apache-2.0, approved, #13981
-nuget/nuget/-/Serilog.Settings.Configuration/8.0.0, Apache-2.0, approved, #13988
+nuget/nuget/-/Serilog.Settings.Configuration/8.0.2, Apache-2.0, approved, #13988
 nuget/nuget/-/Serilog.Sinks.Console/5.0.1, Apache-2.0, approved, #13980
 nuget/nuget/-/Serilog.Sinks.Debug/2.0.0, Apache-2.0, approved, clearlydefined
 nuget/nuget/-/Serilog.Sinks.File/5.0.0, Apache-2.0, approved, #11116

charts/ssi-asr/Chart.yaml

@@ -20,8 +20,8 @@
 apiVersion: v2
 name: ssi-asr
 type: application
-version: 1.0.0-rc.1
-appVersion: 1.0.0-rc.1
+version: 1.0.0
+appVersion: 1.0.0
 description: Helm chart for SSI Authority & Schema Registry
 home: https://github.com/eclipse-tractusx/ssi-authority-schema-registry
 dependencies:

charts/ssi-asr/README.md

@@ -27,7 +27,7 @@ To use the helm chart as a dependency:
 dependencies:
   - name: ssi-asr
     repository: https://eclipse-tractusx.github.io/charts/dev
-    version: 1.0.0-rc.1
+    version: 1.0.0
 ```
 
 ## Requirements

docs/architecture/Security_Assessment.md

@@ -3,10 +3,10 @@
 |                           |                                                                                                          |
 | :------------------------ | :------------------------------------------------------------------------------------------------------- |
 | Contact for product       | [@evegufy](https://github.com/evegufy) <br> [@jjeroch](https://github.com/jjeroch)                       |
-| Security responsible      | tbd                                                                                                      |
+| Security responsible      |                                                                                                          |
 | Version number of product | 1.0.0                                                                                                    |
-| Dates of assessment       | tbd                                                                                                      |
-| Status of assessment      | tdb                                                                                                      |
+| Dates of assessment       | 24.07.2024                                                                                               |
+| Status of assessment      | ASSESSMENT DONE & APPROVED                                                                               |
 
 ## Product Description
 
@@ -60,12 +60,27 @@ N/A
 
 ## Threats & Risks
 
-tbd
+N/A - No direct threats & vulnerabilities detected during the assessment, taking into account already implemented security controls & requirements.
 
 ### Mitigated Threats
 
 N/A
 
+### Implemented Security Controls
+
+- Authentication & Authorization Concept
+  - As per the Association "business requirements", SSI Authority & Schema Registry Product is publicly available, even if the customers are not part of Catena-X. Therefore no authentication, authorization & session management concepts were implemented.  
+- Data Storage & Encryption
+  - Data Stored within the Registry DB (Postgres) is publicly available and not confidential information. No encryption requirements for data at rest is required.
+- API Security
+  - API is publicly available and may be accessed by Everyone.
+  - Two endpoints are available, for both functionalities of the application :
+      1. Read-only Get Endpoint - to receive information about available credentials and their authorities
+      2. Read-only Post Endpoint - to validate credential schemas
+  - Rate limiting configuration is available, once properly configured by the "Operating Company" will grant the availability controls for the application.
+- Logging & Monitoring
+  - All actions & requests performed by the Customers are logged in and stored within the application database with possibility for further audit, investigation & active monitoring, which may be configured by the "Operating Company"
+
 ### Performed Security Checks
 
 - Static Application Security Testing (SAST) - CodeQL

docs/architecture/Solution strategy.md

@@ -1,8 +1,7 @@
 # Solution Strategy
 
 - The technology portfolio and development stack are kept simple, based on commodity and oss components and products.
-- APIs are always REST-based with token authentication.
-- OIDC is used for authentication and authorization.
+- APIs are always REST-based.
 - IaC is fully realized via helm charts.
 
 ## NOTICE

environments/argocd-app-templates/appsetup-int.yaml

@@ -28,7 +28,7 @@ spec:
   source:
     path: charts/ssi-asr
     repoURL: 'https://github.com/eclipse-tractusx/ssi-authority-schema-registry.git'
-    targetRevision: ssi-asr-1.0.0-rc.1
+    targetRevision: ssi-asr-1.0.0
     plugin:
       env:
         - name: AVP_SECRET

environments/consortia/argocd-app-templates/appsetup-int.yaml

@@ -28,7 +28,7 @@ spec:
   source:
     path: charts/ssi-asr
     repoURL: 'https://github.com/eclipse-tractusx/ssi-authority-schema-registry.git'
-    targetRevision: ssi-asr-1.0.0-rc.1
+    targetRevision: ssi-asr-1.0.0
     plugin:
       env:
         - name: AVP_SECRET

src/Directory.Build.props

@@ -20,6 +20,6 @@
 <Project>
   <PropertyGroup>
     <VersionPrefix>1.0.0</VersionPrefix>
-    <VersionSuffix>rc.1</VersionSuffix>
+    <VersionSuffix></VersionSuffix>
   </PropertyGroup>
 </Project>

src/database/SsiAuthoritySchemaRegistry.DbAccess/SsiAuthoritySchemaRegistry.DbAccess.csproj

@@ -32,10 +32,10 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.Extensions.Diagnostics.HealthChecks.EntityFrameworkCore" Version="8.0.6" />
+    <PackageReference Include="Microsoft.Extensions.Diagnostics.HealthChecks.EntityFrameworkCore" Version="8.0.7" />
     <PackageReference Include="Npgsql.EntityFrameworkCore.PostgreSQL" Version="8.0.4" />
-    <PackageReference Include="Org.Eclipse.TractusX.Portal.Backend.Framework.DependencyInjection" Version="2.3.0" />
-    <PackageReference Include="Org.Eclipse.TractusX.Portal.Backend.Framework.ErrorHandling" Version="2.3.0" />
+    <PackageReference Include="Org.Eclipse.TractusX.Portal.Backend.Framework.DependencyInjection" Version="2.4.2" />
+    <PackageReference Include="Org.Eclipse.TractusX.Portal.Backend.Framework.ErrorHandling" Version="2.4.2" />
   </ItemGroup>
 
 </Project>

src/database/SsiAuthoritySchemaRegistry.Entities/SsiAuthoritySchemaRegistry.Entities.csproj

@@ -29,7 +29,7 @@
 
     <ItemGroup>
       <PackageReference Include="EFCore.NamingConventions" Version="8.0.3" />
-      <PackageReference Include="Microsoft.EntityFrameworkCore" Version="8.0.6" />
+      <PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="8.0.7" />
     </ItemGroup>
 
 </Project>

src/database/SsiAuthoritySchemaRegistry.Migrations/SsiAuthoritySchemaRegistry.Migrations.csproj

@@ -34,7 +34,7 @@
     </PropertyGroup>
 
     <ItemGroup>
-        <PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="8.0.6">
+        <PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="8.0.7">
             <PrivateAssets>all</PrivateAssets>
             <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
         </PackageReference>
@@ -47,9 +47,9 @@
         <PackageReference Include="Microsoft.Extensions.Hosting" Version="8.0.0" />
         <PackageReference Include="Microsoft.Extensions.Options.ConfigurationExtensions" Version="8.0.0" />
         <PackageReference Include="Npgsql.EntityFrameworkCore.PostgreSQL" Version="8.0.4" />
-        <PackageReference Include="Org.Eclipse.TractusX.Portal.Backend.Framework.Linq" Version="2.3.0" />
-        <PackageReference Include="Org.Eclipse.TractusX.Portal.Backend.Framework.Logging" Version="2.3.0" />
-        <PackageReference Include="Org.Eclipse.TractusX.Portal.Backend.Framework.Seeding" Version="2.3.0" />
+        <PackageReference Include="Org.Eclipse.TractusX.Portal.Backend.Framework.Linq" Version="2.4.2" />
+        <PackageReference Include="Org.Eclipse.TractusX.Portal.Backend.Framework.Logging" Version="2.4.2" />
+        <PackageReference Include="Org.Eclipse.TractusX.Portal.Backend.Framework.Seeding" Version="2.4.2" />
         <PackageReference Include="Serilog.Extensions.Logging" Version="8.0.0" />
     </ItemGroup>
 

src/registry/SsiAuthoritySchemaRegistry.Service/SsiAuthoritySchemaRegistry.Service.csproj

@@ -36,7 +36,7 @@
     <PackageReference Include="JsonSchema.Net" Version="7.0.2" />
     <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.6" />
     <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="8.0.6" />
-    <PackageReference Include="Org.Eclipse.TractusX.Portal.Backend.Framework.Web" Version="2.3.0" />
+    <PackageReference Include="Org.Eclipse.TractusX.Portal.Backend.Framework.Web" Version="2.4.2" />
     <PackageReference Include="System.Json" Version="4.7.1" />
     <PackageReference Include="System.Linq" Version="4.3.0" />
     <PackageReference Include="System.Linq.Async" Version="6.0.1" />

tests/database/SsiAuthoritySchemaRegistry.DbAccess.Tests/SsiAuthoritySchemaRegistry.DbAccess.Tests.csproj

@@ -33,7 +33,7 @@
     <PackageReference Include="FakeItEasy" Version="8.2.0" />
     <PackageReference Include="FluentAssertions" Version="6.12.0" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.10.0" />
-    <PackageReference Include="Org.Eclipse.TractusX.Portal.Backend.Framework.DateTimeProvider" Version="2.3.0" />
+    <PackageReference Include="Org.Eclipse.TractusX.Portal.Backend.Framework.DateTimeProvider" Version="2.4.2" />
     <PackageReference Include="System.Linq.Async" Version="6.0.1" />
     <PackageReference Include="Testcontainers.PostgreSql" Version="3.8.0" />
     <PackageReference Include="xunit" Version="2.7.0" />