Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Jira No
SummaryDescriptionStatusSolution

Jira Legacy
serverSystem Jira
serverId4733707d-2057-3a0f-ae5e-4fd8aff50176
keyREQ-437

Jira Legacy
serverSystem Jira
serverId4733707d-2057-3a0f-ae5e-4fd8aff50176
keyREQ-438

SECCOM global requirements

Updates of associated Jira epics and stories for REQ-437 (Python 2 -> 3) and REQ-438 (Java 8 -> 11) 

ongoingStatuses changed into In progress

Jira Legacy
serverSystem Jira
serverId4733707d-2057-3a0f-ae5e-4fd8aff50176
keyREQ-442

Jira Legacy
serverSystem Jira
serverId4733707d-2057-3a0f-ae5e-4fd8aff50176
keyREQ-443

Jira Legacy
serverSystem Jira
serverId4733707d-2057-3a0f-ae5e-4fd8aff50176
keyREQ-439

SECCOM best practices

Updates of associated Jira epics and stories

HELMv3

CII Badging

Packages upgrades

ongoingStatuses changed into In progress

LFN Developer & Testing Forum - Feb 1 - 4, 2021.

SECCOM proposals:

  • Global requirements and DCAE testimony on Java migration with packages upgrades – Focus on most commonly used packages

  • CII Badging – 3 items: additional verification test for crypto weakness (integration team to be addressed), crypto credentials, secure design

  • Service Mesh update (TBC with Krzysztof)?
done

Synch with DCAE

Discussion with Michal and commitment from his side to support DCAE

  • DCAE jiras review:

Python: DCAEGEN2-2494, DCAEGEN2-2427

Java: DCAEGEN2-2428, DCAEGEN2-2381

ongoing

ONAP and ODL synch

ODL prepares ONAP distribution for each of their releases. Dan will be basing our Honolulu release on their Aluminum release.  Right now working on porting to the current Aluminum service release ( SR1).  There’s another service release (SR2) that should be available before our code freeze, so Dan anticipates that we’d upgrade to SR2 when it’s available.

ongoingE-mail sent to Dan and feedback received. 

Sonarcloud crypto takeaways

Weak crypto report from Sonarcloud. Jiras to be opened. How to get a report with API to be figured out. 5 cathegories of findings: certificate validation, host name of certificate, using secure mode and padding, using weak protocols, encoding passwords as plain text.  


Logs management – what to do next?





OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 26th OF JANUARY'21. 




Recording:

View file
name2021-01-19_SECCOM_week.mp4
height150


SECCOM presentation: