Page Comparison

Toine Siebelink new elected PTL - Configuration & Persistency Service R7

Action point from last PTL meeting - Determine what can be achieved regarding the approved best practices for the Honolulu release.

SECCOM runs (among other things):

• Software Composition Analysis with Nexus-IQ for vulnerabilities and re commended upgrades for direct dependencies.
• CII Badging (passing, silver and gold levels) - self reported. Majority of projects are at passing level.
• SonarCloud scans - used for an automated code coverage (80-90% of code). Use of various cryptography under exploration.
• Securing communication (https protocol) - tested at build time
• Removing secrets
• Not running as root

Jenkins jobs for CPS need to be revised (last time scan failed) - ticket to be opened to LFN for that.

Access to Nexus-IQ reports for Toine - ticket to be opened to LFN for that.

Under SonarCloud nearly 50% achieved so far by CPS.

Access to security vulnerability space Wiki to be organized for Toine - ticket to be opened to LFN for that.

Links for Toine:

https://jenkins.onap.org/view/CLM/job/cps-maven-clm-master/

/wiki/spaces/SV/overview

Feedback from the PTLs about the SECCOM plan on proposing that Python 2 -> 3 and Java 8 -> 11 become Honolulu Global requirements

Guilin Java upgrade results: onap-guilin-java-versions.xlsx

Guilin Python upgrade results: onap-guilin-python-versions.xlsx

Exception process is needed, PostgreSQL mentionned by Vijay. List of impacted projects requested by Seshu.

• LFN Developer & Testing Forum - Feb 1 - 4, 2021.
• Registration
• Proposals Page- Session proposals are due January 15th 

SECCOM does +1 or -1 and we need TSC to provide +1 or -1 before we put +2.

TSC shall approve exception.