Versions Compared

Old Version 2

changes.mady.by.user Paweł Pawlak

Saved on

compared with

New Version Current

changes.mady.by.user Paweł Pawlak

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Jira No
SummaryDescriptionStatusSolution

SECCOM slides for Requirements Subcommittee

https://wikilf-onap.onapatlassian.orgnet/wiki/display/DW/Template+to+be+fulfilled+per+each+requirement

We booked next session on March 1st to present slide deck – confirmed with Alla

ongoingPresent slides on March 1st. 

Whitesource scans of SPC vs. Nexus-IQ

Ticket was opened with Whitesource

ongoing

Whitesource will be contacted to follow-up the request on transitive dependency in their GUI.


UI from Morgan presentation

Repository with ONAP docker images: https://nexus3.onap.org


ongoing

Info to be shared with Michal


Last PTL session update

-Exceptions for Python and Java upgrade 1 week by RC0 (March 5th)

-Page for exceptions in Honolulu release :https://wiki.onap.org/x/8DyLBQ

ongoing

Logs management – follow up by Amy – container logging requirements review

View file
name2021-02-22_LoggingRequirementEvents_v1.pptx
height150

First discussion point based on VNF requirements for logging.

Comment on container (OS layer) and container application (application layer) for logs collection.

Comment on logging modifications in the container.

ongoingComments for logging requirements to be reviewed at the next SECCOM meeting.

ONAP MVPSlide deck to be uploaded.

View file
nameSECCOM_23022021.pptx
height150

MVP (to support simple use cases):

  • AAI
  • SDC
  • SO
  • DMaaP
  • SDNC
  • AAF (without Service Mesh adaptation)
ongoingTo be presented with Fabian at the PTL's meeting on March 8th.

Trivy can results

View file
nametrivy_cps-service.0.0.1-SNAPSHOT.txt
height150

Not possible to compare results with Whitesource or Nexus-IQ.

Trivy does not provide remedy version - to be elaborated by Fabian.

To be elaborated on how to integrate Trivy with the CI and what to do with the findings.

ongoingRemedy version to be elaborated by Fabian.

No use of base imagesWe need to review of who is using basic image and who is not. Once the list of projects not running basic image is known, we shall contact each concerned PTL to understand the rationale behind.ongoing

We start with discovery phase and understanding rationale.

List to be checked with Morgan and start with MVP and then exapnd to remaining projects.


How to create secure applications

Following last request from Chaker and discussion at the last PTLs meeting.

Secure design should cover that.


Tony will start Wiki with the initial proposal and SECCOM will support by reviewing it and providing feedback.

Toine from CPS to be addressed.


OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 2nd OF MARCH'21. 





...