Table of Contents |
---|
DCAE Platform
Security Policy
Strive to improve the secure design principles across DCAE components.
...
It’s worth noting that as platform components handle application configuration and stores in Consul; the security of consul and data stored is not considered within application scope .
What You CAN Expect:
- We follow best programming practices. We test heavily, including unit-test, functional test, csit, gating. We follow ONAP standard process for building artifacts, e.g. when producing Docker images.
- We enforce a common shared database with access managed through secrets for individual application. OOM/Common modules are used wherever applicable to align with ONAP security requirements.
- We always use TLS by default for communication
- We use standard ONAP recommended base images for the majority of DCAE components
- All DCAE code is statically scanned by Nexus IQ and reports are published based on threat/vulnerability rating
- All DCAE component code is run through Sonar scans and reports are monitored periodically and addressed
What We DON’T Do (yet):
- We don’t encrypt data stored in Consul.
- We don’t allow specifying authorization for internal platform components
Supported Versions
https://wikilf-onap.onapatlassian.orgnet/wiki/display/DW/Data+Collection+Analytics+and+Events
Reporting a Vulnerability
https://wikilf-onap.onapatlassian.orgnet/wiki/pages/viewpage.action?pageId=8467248716093039
DCAE Services
Security Policy
Strive to improve the secure design principles across DCAE components.
...
All inter DCAE service communication is handled through ONAP/DMAAP services. As DMAAP is independent ONAP project, security of interface for DMAAP are outside scope of this project.
What You CAN Expect:
We follow best programming practices. We test heavily, including unit-test, functional test, csit, gating. We follow ONAP standard process for building artifacts, e.g. when producing Docker images
We enforce a common shared database with access managed through secrets for individual application. OOM/Common modules are used wherever applicable to align with ONAP security requirements.
We always use TLS by default for external communication
We use standard ONAP recommended base images for the majority of DCAE services
All DCAE code is statically scanned by Nexus IQ and reports are published based on threat/vulnerability rating
All DCAE component code are run through Sonar scans and reports are monitored periodically and addressed
Component migration to use secure feed/topic feature
What We DON’T Do (yet):
Only a handful of DCAE services currently use secure/dynamic DMAAP feed and topic, and most of the services currently use unauthenticated topics
DCAE Components expect application configuration to be unencrypted, however certain configuration may require encryption/handling as K8s secret
Supported Versions
https://wikilf-onap.onapatlassian.orgnet/wiki/display/DW/Data+Collection+Analytics+and+Events
Reporting a Vulnerability
https://wikilf-onap.onapatlassian.orgnet/wiki/pages/viewpage.action?pageId=8467248716093039