Versions Compared

Old Version 1

changes.mady.by.user Paweł Pawlak

Saved on

compared with

New Version 2

changes.mady.by.user Paweł Pawlak

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Jira No
SummaryDescriptionStatusSolution

Latest feedback received from Integration team

Amy made w Wiki. 

Some the part of docker tests need to be part of Jenkins jobs. It might be thta we will be responsible for the scripts and OOM team to get it into the place (intehrated into the Jenkins build). New Notary v2 project - address container image signing





TSC logging presentation – discussion point





vF2F summary





Synch meeting with Requirements Subcommittee 

We missed the one on 27th of April to present SECCOM requirements for Guilin release – next meeting is sccheduled on May 11th.


Latest feedback received from Integration team




Sylvain is acting PTL in OOM.


For the only HTTP port exposed - action Amy – to contact PTL Bharath. - no OJSI ticket assigned as it should have appeared after our scans or component was not responding at the scanning moment. No value to open an additional tickets. MUSIC team should either: remove http, switch to https or ask for a waiver with justification.

Virtual ONAP event
  • SECCOM Guilin security requirements update - Paweł
  • Holistic view of ONAP security – Krzysztof/Amy
    • Access control
    • Storing permission
    • Hardening
    • Logging 
    • Gaps identified
  • Akraino reference for security documentation - Amy
  • CNTT alignment meeting – to be consulted with Samuli
  • Service Mesh – analysis and then with Architecture Subcommittee - Krzysztof
  • Logs management evolution in ONAP - Pawel
  • VNF security requirements - Amy
  • Package upgrade strategy – Amy/Pawel
  • Communication matrix - Natacha
  • Password removal continued and no hardcoded passwords for a new code - Krzysztof
  • NEW: CMPv2 in Guilin release – Pawel B

We should come back to Architecture Subcommittee with a proposal for Service Mesh and once approved we should apprach TSC for a recommendation.


PTLs meeting update

PTLs meeting (held on April 13th) update:

-CLI closed 3 http ports and one of the CVEs and running as root

-A&AI should Close 15 issues

-AAF – still one issue open

-Optimization – 1 running as root – under fix - submitted

-MUSIC – https port exposed – delivered 

-Code coverage – 5 exceptions not reaching 55% (all with waiver granted: AAF no resouces for side car, Policy engine will be excluded next release, OOF – no resources)

-API documentation presentation by Andy Mayer

(27th of April)





To approach David to check who would open Jira tickets per project for package upgrades.




Scorecard for requirement req-223

David proposed to descope this requirement.

Progress is minor but SECCOM porposes to keep this requirement as in scope.


Tony - to update scoorecard with green status and comment on minor but positive direction.


 OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 28th 5th OF APRIL'20 as on 21st we have vF2F meetings.

View file
name2020-04-14_SECCOM_week.mp4
height150

...

MAY'20.