diff --git a/CHANGELOG.md b/CHANGELOG.md
index e59ef711e..00521a1f2 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,17 @@
New features, fixed bugs, known defects and other noteworthy changes to each release of the Catena-X Portal Assets.
+## 1.8.0-RC5
+
+### Change
+
+- improved offer release process documentation
+- updated security assessment
+
+### Bugfix
+
+- fixed links (relative links, image links and links to GitHub) in documentation app
+
## 1.8.0-RC4
### Change
diff --git a/docs/developer/01. Registration/04. Registration Approval/03. Registration Approval Process.md b/docs/developer/01. Registration/04. Registration Approval/03. Registration Approval Process.md
index 235a8cfaa..58a4971b3 100644
--- a/docs/developer/01. Registration/04. Registration Approval/03. Registration Approval Process.md
+++ b/docs/developer/01. Registration/04. Registration Approval/03. Registration Approval Process.md
@@ -551,9 +551,8 @@ Response "Success" => set status to "DONE"
##### Details "Activation"
-
-
p>
+
+
The complete company account activation (as a result of the successful application checklist finalization) is automatically executed when the following pre-requisites are fulfilled:
diff --git a/docs/developer/02. Technical Integration/02. Identity Provider Management/02. Configure Company IdP.md b/docs/developer/02. Technical Integration/02. Identity Provider Management/02. Configure Company IdP.md
index 241d815cb..a6d622a1b 100644
--- a/docs/developer/02. Technical Integration/02. Identity Provider Management/02. Configure Company IdP.md
+++ b/docs/developer/02. Technical Integration/02. Identity Provider Management/02. Configure Company IdP.md
@@ -11,7 +11,7 @@ The initial overlay is used to create the IdP record with the respective IdP typ
-
diff --git a/docs/developer/03. User Management/04. App Access Management/02. Assign App Role Page Overview.md b/docs/developer/03. User Management/04. App Access Management/02. Assign App Role Page Overview.md
index 1a2a19fce..ad933ef11 100644
--- a/docs/developer/03. User Management/04. App Access Management/02. Assign App Role Page Overview.md
+++ b/docs/developer/03. User Management/04. App Access Management/02. Assign App Role Page Overview.md
@@ -84,7 +84,7 @@ Example:
In case the api is responding with an empty array, the UI will display following messages:
-
+
diff --git a/docs/developer/04. Apps/02. App Release Process/App Release Process.md b/docs/developer/04. Apps/02. App Release Process/App Release Process.md
index f82885b82..c3996a300 100644
--- a/docs/developer/04. Apps/02. App Release Process/App Release Process.md
+++ b/docs/developer/04. Apps/02. App Release Process/App Release Process.md
@@ -417,15 +417,36 @@ In case the privacy policies can not get loaded, the response will look like def
-#### Step 3 - Terms & Conditions / Consent
+### Step 3 - Terms & Conditions / Consent
+
+
+
+This step in the app release process is ensuring that your application meets the marketplace's standards and complies with all legal and regulatory requirements.
+Following actions are covered in the step:
+
+- Agreement to Marketplace Rules and Terms & Conditions
+- Upload of App Dataspace Conformity Certification
+
+
-Depending on the response of the endpoint #1 GET agreements, the user will be enabled to download related documents from the portal to read through the relevant agreement details. Expected formats are pdf, however other formats can get supported as well.
+
+
+
+### Agreement to Marketplace Rules and Terms & Conditions
+
+Before the app provider can proceed with the release process, they first must agree to the marketplace's rules and Terms & Conditions. This agreement is essential for ensuring that the provider app adheres to the marketplace's quality standards, operational guidelines, and legal requirements.
+To display the relevant agreements, respective linked documents and to store the provider consent, the following endpoints are to be used:
+
+- GET /api/apps/appreleaseprocess/agreementData - used to fetch all necessary appReleaseProcess agreements
+- GET /api/administration/documents/frameDocuments/{documentId} - used to enable the user to access agreement documents
+- POST /api/apps/appreleaseprocess/consent/{appId}/agreementConsents - post consent
+- GET /api/apps/AppReleaseProcess/{appId}/appStatus - to check the current given consent status
-###### #1 Retrieve Terms & Conditions
+#### #1 Retrieve Terms & Conditions
Terms and Conditions are fetched via the endpoint
@@ -439,9 +460,9 @@ Response Body
[
{
- "agreementId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
+ "agreementId": "uuid",
"name": "string",
- "documentId": "3fa85f64-5717-4562-b3fc-2c963f66afa6"
+ "documentId": "uuid"
}
]
@@ -462,7 +483,7 @@ If the documentId is NULL, the agreement is displayed without link (as currently
-###### #2 Retrieve Documents
+#### #2 Retrieve Documents
Terms and Conditions with an document ID in API endpoint #1 can get retrieved via the document endpoint GET /frameDocuments/{documentId}
@@ -479,7 +500,48 @@ Response Body
-###### #3 Upload Document
+
+
+
+#### #3 Store Consent for Agreements
+
+The given consent or the unapproved consent for the needed agreements are stored via the POST endpoint.
+The endpoint will store the newly added agreement status as well as update existing consent status if necessary.
+
+```diff
+! POST: /api/apps/appreleaseprocess/consent/{appId}/agreementConsents
+```
+
+
+
+Response Body
+
+ {
+ "agreements": [
+ {
+ "agreementId": "uuid",
+ "consentStatus": "ACTIVE"
+ }
+ ]
+ }
+
+
+
+
+### Conformity Certification
+
+The Service Dataspace Conformity Certification is a document that certifies that the service provider service complies with specific data handling, privacy, and security standards. This certification is crucial for marketplaces that prioritize the safety and privacy of their users.
+To support the conformity certificate upload, following endpoints are available:
+
+- GET /api/apps/appeReleaseProcess/{appId}/appStatus - to retrieve already uploaded certificates (if any existing)
+- PUT /api/apps/appreleaseprocess/updateappdoc/{appId}/documentType/{documentTypeId}/documents - to store the conformity certificate
+- DELETE /api/apps/appreleaseprocess/documents/{documentId} - used to delete the conformity certificate
+
+Note, only PDF is supported.
+
+
+
+#### #1 Upload Document
The user has to upload the app conformity document.
@@ -491,18 +553,21 @@ Type: CONFORMITY_APPROVAL_BUSINESS_APPS
-###### #4 DELETE Document
+#### #2 DELETE Document
In case the user identifiers that a wrong document got uploaded in the respective step, the DELETE endpoint is used to delete documents linked to the app.
Important: the deletion is not reversible - since the app is still under DRAFT, all app related details will get deleted immediately.
```diff
-! Delete: /api/apps/appreleaseprocess/documents/{documentId}
+! DELETE /api/apps/appreleaseprocess/documents/{documentId}
```
+
+
+
#### Step 4 - Integration - Role Upload
diff --git a/docs/developer/05. Service(s)/02. Service Release Process/03.Terms&Conditions.md b/docs/developer/05. Service(s)/02. Service Release Process/03.Terms&Conditions.md
index fef58c047..3accfbde9 100644
--- a/docs/developer/05. Service(s)/02. Service Release Process/03.Terms&Conditions.md
+++ b/docs/developer/05. Service(s)/02. Service Release Process/03.Terms&Conditions.md
@@ -2,13 +2,28 @@
-
+This step in the service release process is ensuring that your application meets the marketplace's standards and complies with all legal and regulatory requirements.
+Following actions are covered in the step:
-Depending on the response of the endpoint #1 GET agreements, the user will be enabled to download related documents from the portal to read through the relevant agreement details. Expected formats are pdf, however other formats can get supported as well.
+- Agreement to Marketplace Rules and Terms & Conditions
+- Upload of App Dataspace Conformity Certification
-### Implementation Details
+
+
+
+
+
+### Agreement to Marketplace Rules and Terms & Conditions
+
+Before the service provider can proceed with the release process, they first must agree to the marketplace's rules and Terms & Conditions. This agreement is essential for ensuring that the service provider service adheres to the marketplace's quality standards, operational guidelines, and legal requirements.
+To display the relevant agreements, respective linked documents and to store the provider consent, the following endpoints are to be used:
+
+- GET /api/services/servicerelease/agreementData - used to fetch all necessary serviceReleaseProcess agreements
+- GET /api/administration/documents/frameDocuments/{documentId} - used to enable the user to access agreement documents
+- POST /api/services/servicerelease/consent/{serviceId}/agreementConsents - post consent
+- GET /api/services/ServiceRelease/{serviceId}/serviceStatus - to check the current given consent status
#### #1 Retrieve Terms & Conditions
@@ -49,7 +64,7 @@ If the documentId is NULL, the agreement is displayed without link (as currently
#### #2 Retrieve Documents
-Terms and Conditions with an document ID in API endpoint #1 can get retrieved via the document endpoint GET /frameDocuments/{documentId}
+Depending on the response of the endpoint #1 GET agreements, the user will be enabled to download related documents from the portal to read through the relevant agreement details. Expected formats are pdf, however other formats can get supported as well.
```diff
Get: /api/administration/documents/frameDocuments/{documentId}
@@ -89,6 +104,20 @@ Response Body
+### Conformity Certification
+
+The Service Dataspace Conformity Certification is a document that certifies that the service provider service complies with specific data handling, privacy, and security standards. This certification is crucial for marketplaces that prioritize the safety and privacy of their users.
+To support the conformity certificate upload, following endpoints are available:
+
+- GET /api/services/ServiceRelease/{serviceId}/serviceStatus - to retrieve already uploaded certificates (if any existing)
+- PUT /api/services/ServiceRelease/updateservicedoc/{serviceId}/documentType/{documentTypeId}/documents - to store the conformity certificate
+- DELETE /api/services/ServiceRelease/documents/{documentId} - used to delete the conformity certificate
+
+Note, only PDF is supported.
+
+
+
+
## NOTICE
This work is licensed under the [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0).
diff --git a/docs/developer/Technical Documentation/Architecture/Security-Assessment.md b/docs/developer/Technical Documentation/Architecture/Security-Assessment.md
index 090d49aa0..d6394a792 100644
--- a/docs/developer/Technical Documentation/Architecture/Security-Assessment.md
+++ b/docs/developer/Technical Documentation/Architecture/Security-Assessment.md
@@ -5,8 +5,8 @@
| Contact for product | [@evegufy](https://github.com/evegufy)
[@jjeroch](https://github.com/jjeroch) |
| Security responsible | [@SSIRKC](https://github.com/SSIRKC)
[Szymon Kowalczyk](szymon.kowalczyk.external@zf.com) |
| Version number of product | 23.12 |
-| Dates of assessment | 2023-11-14: Re-Assessment |
-| Status of assessment | RE-ASSESSMENT DRAFT |
+| Dates of assessment | 2024-02-13: Re-Assessment |
+| Status of assessment | RE-ASSESSMENT Finalized |
## Product Description
@@ -133,7 +133,7 @@ RS <-->|Company data \n user role data \n T&C / consent agreements| RF
MSS <--> PF
MSS <-.-> K
MSS ==>|Company app subscription data \n app service data + user preferences| PDB
- SDF <--> CH
+ SDF <-->|Out of Scope \n details may be found in Gaia-X \n and SD Factory Repositories| CH
SDT -.->|Product meta data| PF
NC1 & CU-Shared1 & NC2 & CU-Shared2 & NC3 & CU-Shared3 & CU-Own -.-> |OIDC| K
K <-.-> |"Authentication/authorization data (using JWT)"| RF & PF
@@ -208,6 +208,7 @@ All threats identified are mitigated.
- Software Composition Analysis (SCA) - VeraCode
- Container Scan conducted - Trivy
- Infrastructure as Code - KICS
+- Securing code, dependencies, containers, IaC and Cloud Deployments - SNYK
Also see [Penetrations Tests](../Tests/Tests.md#penetration-tests).
diff --git a/docs/static/consent-contract-tickbox-document.png b/docs/static/consent-contract-tickbox-document.png
index 78c481deb..eea939ba9 100644
Binary files a/docs/static/consent-contract-tickbox-document.png and b/docs/static/consent-contract-tickbox-document.png differ
diff --git a/docs/user/02. Technical Integration/02. Identity Provider Management/index.md b/docs/user/02. Technical Integration/02. Identity Provider Management/index.md
index 3a2bccfa3..66fe8d01b 100644
--- a/docs/user/02. Technical Integration/02. Identity Provider Management/index.md
+++ b/docs/user/02. Technical Integration/02. Identity Provider Management/index.md
@@ -6,7 +6,7 @@
- [User Migration](./03.%20User%20Migration.md)
- [Identity Provider Disablement](./05.%20Disable%20Identity%20Provider.md)
- [Identity Provider Deletion](./04.%20Identity%20Provider%20Deletion.md)
-- [FAQ](./04.%20FAQ.md)
+- [FAQ](./06.%20FAQ.md)
diff --git a/docs/user/04. App(s)/02. App Release Process/03. Terms&Conditions.md b/docs/user/04. App(s)/02. App Release Process/03. Terms&Conditions.md
index 96a4535d0..ee5267807 100644
--- a/docs/user/04. App(s)/02. App Release Process/03. Terms&Conditions.md
+++ b/docs/user/04. App(s)/02. App Release Process/03. Terms&Conditions.md
@@ -1,6 +1,6 @@
### Step 3 - Terms & Conditions / Consent
-Under Step 3 - the user needs to agree to the terms and conditions of the app publish rules before getting on the marketplace. This section is mandatory and displays agreement documents; if any documents are linked to the relevant agreement types
+This step in the app release process is ensuring that your application meets the marketplace's standards and complies with all legal and regulatory requirements. Below is a detailed guide on how to complete this phase successfully.
@@ -11,6 +11,31 @@ Under Step 3 - the user needs to agree to the terms and conditions of the app pu
+#### Agreement to Marketplace Rules and Terms & Conditions
+
+Before you can proceed with uploading your app to the marketplace, you must first agree to the marketplace's rules and Terms & Conditions. This agreement is essential for ensuring that your app adheres to the marketplace's quality standards, operational guidelines, and legal requirements. To complete this step, follow the instructions below:
+
+- **Review the Documents:** Carefully read through the marketplace rules and Terms & Conditions. Pay special attention to sections detailing your rights and responsibilities as a developer/provider, as well as any requirements your app must meet to be eligible for listing.
+
+- **Accept the Agreement:** After reviewing the documents, you will find an option to accept the Terms & Conditions. This usually involves checking a box to indicate your agreement and then clicking a button to confirm. By doing so, you are legally binding yourself to these terms, so ensure you understand them fully before agreeing.
+
+#### Upload of App Dataspace Conformity Certification
+
+The App Dataspace Conformity Certification is a document that certifies your app complies with specific catena-x dataspace, data handling, privacy, and security standards. This certification is crucial for marketplaces that prioritize the safety and privacy of their users as well as it gives the customer the trust that all catena-x dataspace quality standards are followed. Follow these steps to upload your certification:
+
+- **Prepare Your Certification:** Before you can upload your certification, you must obtain it from a recognized certifying authority. Ensure that your app meets all the criteria for certification and that your documentation is up to date. Respective certification authorities can get found on the catena-x homepage.
+
+- **Access the Certification Upload Section:** On the app submission page, look for the section designated for uploading conformity certifications. This section is typically found after the agreement to marketplace rules and Terms & Conditions.
+
+- **Upload Your Certification:** Click on the upload button and select your certification document from your files. The marketplace accepts PDF format. Ensure the document is clear and all information is legible.
+
+
+
+Once you have successfully completed the page; proceed to the next step "Technical Integration".
+
+
+
+
## NOTICE
This work is licensed under the [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0).
diff --git a/docs/user/05. Service(s)/02. Service Release Process/03. Terms&Conditions.md b/docs/user/05. Service(s)/02. Service Release Process/03. Terms&Conditions.md
index 194c2fcd0..3372495db 100644
--- a/docs/user/05. Service(s)/02. Service Release Process/03. Terms&Conditions.md
+++ b/docs/user/05. Service(s)/02. Service Release Process/03. Terms&Conditions.md
@@ -1,6 +1,6 @@
### Step 3 - Terms & Conditions / Consent
-Under Step 3 - the user needs to agree to the terms and conditions of the service publish rules before getting on the marketplace. This section is mandatory and displays agreement documents; if any documents are linked to the relevant agreement types
+This step in the service release process is ensuring that your service offer meets the marketplace's standards and complies with all legal and regulatory requirements. Below is a detailed guide on how to complete this phase successfully.
@@ -8,9 +8,30 @@ Under Step 3 - the user needs to agree to the terms and conditions of the servic
+
+
+
+#### Agreement to Marketplace Rules and Terms & Conditions
+
+Before you can proceed with uploading your service offer to the marketplace, you must first agree to the marketplace's rules and Terms & Conditions. This agreement is essential for ensuring that your service adheres to the marketplace's quality standards, operational guidelines, and legal requirements. To complete this step, follow the instructions below:
+
+- **Review the Documents:** Carefully read through the marketplace rules and Terms & Conditions. Pay special attention to sections detailing your rights and responsibilities as a developer/provider, as well as any requirements your service must meet to be eligible for listing.
+
+- **Accept the Agreement:** After reviewing the documents, you will find an option to accept the Terms & Conditions. This usually involves checking a box to indicate your agreement and then clicking a button to confirm. By doing so, you are legally binding yourself to these terms, so ensure you understand them fully before agreeing.
+
+#### Upload of Service Dataspace Conformity Certification
+
+The Service Dataspace Conformity Certification is a document that certifies your service complies with specific catena-x dataspace, data handling, privacy, and security standards. This certification is crucial for marketplaces that prioritize the safety and privacy of their users as well as it gives the customer the trust that all catena-x dataspace quality standards are followed. Follow these steps to upload your certification:
+
+- **Prepare Your Certification:** Before you can upload your certification, you must obtain it from a recognized certifying authority. Ensure that your service meets all the criteria for certification and that your documentation is up to date. Respective certification authorities can get found on the catena-x homepage or within the portal company role details "Service Provider".
+
+- **Access the Certification Upload Section:** On the service submission page, look for the section designated for uploading conformity certifications. This section is typically found after the agreement to marketplace rules and Terms & Conditions.
+
+- **Upload Your Certification:** Click on the upload button and select your certification document from your files. The marketplace accepts PDF format. Ensure the document is clear and all information is legible.
+
-In case any documents or further details to the agreements are available, the agreement will be blue highlighted and can get downloaded by clicking on the agreement title.
+Once you have successfully completed the page; proceed to the next step "Technical Integration" or you might directly get forwarded to the "Verify&Submit" step, depending on your service offering type.
diff --git a/docs/user/Style-Guide/Static_Page_Template.md b/docs/user/Style-Guide/Static_Page_Template.md
index 7d177e31e..280a9af46 100644
--- a/docs/user/Style-Guide/Static_Page_Template.md
+++ b/docs/user/Style-Guide/Static_Page_Template.md
@@ -16,7 +16,7 @@ Below you can find an overview of all supported templates as well as the templat
Template Name: "TextCenterAlignedWithCardGrid"
-
+
@@ -88,7 +88,7 @@ Template Name: "TextCenterAlignedWithCardGrid"
Template Name: "TextCenterAlignedWithLinkButtonGrid"
-
+
Structure Details
@@ -134,7 +134,7 @@ Template Name: "TextCenterAlignedWithLinkButtonGrid"
Template Name: "TextImageSideBySideWithCardGrid"
-
+
Structure Details
@@ -214,7 +214,7 @@ Template Name: "TextImageSideBySideWithCardGrid"
Template Name: "TextVideoSideBySide"
-
+
Structure Details
@@ -239,7 +239,7 @@ Template Name: "TextVideoSideBySide"
Template Name: "VideoTextSideBySide"
-
+
Structure Details
@@ -264,7 +264,7 @@ Template Name: "VideoTextSideBySide"
Template Name: "TextImageCenterAligned"
-
+
Structure Details
@@ -290,7 +290,7 @@ Template Name: "TextImageCenterAligned"
Template Name: "TextCenterAligned"
-
+![image](https://raw.githubusercontent.com/eclipse-tractusx/portal-assets/main/docs/static/TextCenterAligned.png")
Structure Details
@@ -314,7 +314,7 @@ Template Name: "TextCenterAligned"
Template Name: "TextImageSideBySide"
-
+
Structure Details
@@ -340,7 +340,7 @@ Template Name: "TextImageSideBySide"
Template Name: "TextCenterAlignedBody2"
-
+
@@ -369,7 +369,7 @@ Template Name: "TextCenterAlignedBody2"
Template Name: "TextImageSideBySideWithLinks"
-
+
@@ -419,7 +419,7 @@ Template Name: "TextImageSideBySideWithLinks"
Template Name: "TextImageSideBySideWithSections"
-
+
diff --git a/package.json b/package.json
index e89a7573f..dafc50744 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
{
"name": "cx-portal-assets",
- "version": "v1.8.0-RC4",
+ "version": "v1.8.0-RC5",
"description": "Shared frontend content and static assets for the Catena-X Portal",
"main": "index.js",
"repository": "git@github.com:eclipse-tractusx/portal-assets.git",
diff --git a/public/documentation/index.html b/public/documentation/index.html
index 0e77c0885..704e7683a 100644
--- a/public/documentation/index.html
+++ b/public/documentation/index.html
@@ -1,6 +1,5 @@