Versions Compared

Version Old Version 3 New Version Current
Changes made by

Paweł Pawlak

Paweł Pawlak

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Jira No
SummaryDescriptionStatusSolution

NSA contribution proposal for ONAP security

Slides presented by Maggie:

View file
nameLACR_ONAP_Discussion_Proposal.pptx
height150

Proposal on using ONAP to enhance the security of 5G Architecture to use Data Analystics. DAta Analytics system in ONAP to be used to detect anomalies.

ongoingBoth Vijay and Tony to provide support for NSA team, establishing contact with relevant ONAP community memebersmembers.

CNF Task Force enterprise business workgroup 

Next meeting on April 14th at 2:30 UTCongoing

Progress tracking for Python and Java upgrades

In begining of March still Python 2.7  (40) and Java 8 (38) the containers -> last week: (23/67) Java (28/105), so considerable progress observed!

Some items might be due to LF pipeline.

ongoingWe will track upgrades with Jira tickets in Instanbul release.

Slide deck for new Global Requirements

No slot again at the last TSC, although booked.

ongoing

To be presented at the incoming TSC meeting - slot in the next agenda to be booked again and e-mail to be sent to TSC districution list.


Security and critical vulns per projectOrange developer strated with DMaap: 421 issues down to 53!ongoingNext step for PTL to merge the code.

SonarCube and integration with Gerrit

Slides presented by Fabian:

View file
nameSonrar_Gerrit.pptx
height150

Sonar only checks the Master. We need to analyse the code beefore merge.

ongoingMeeting to be organized by Pawel with Jess and Orange team.

Training for SonarCloud

Meeting last Thursday done. Questions collection to be addressed by training:

  • take a look at how we are using SonarCloud to benefit from it even more
  • how to automatically eliminate unmaintained projects
  • how to ensure that PTLs have right authority to be able to use SonarCloud capabilities and be able to do the lifecycle, it does support, example: marking false positive, right now we can only change the code to not reappear anymore 
ongoingLast PTL meeting

Global Requirements on the project level: 2 Factor Authentication, Site Hardening, code review standard, copyright profile at every source file. Some CII Badging questions have answers ONAP wide.

ongoingInfrastructure changes at the LF level will need some more timeLF InternshipsDeadline soon... Bus factor requirment could be a good use case.ongoingLogging management follow-up

In Honolulu it was PoC and not best practice.

Feedback from David: https://wiki.onap.org/x/gymLBQ, action: first step is to review and socialize with the PTLs, good to request time in the weekly PTL meeting for this.  Next, need to propose it as a best practice for the Istanbul release, which will require approval by the TSC before M1.

ongoingTo book a slot for next PTLs meeting.CII Badging – automationSupport for Tony, volunteers are welcomeNEXUS-IQ scans analysis

We wait with the SCA analysis untill code is stable, post RC1?

on standby

Please refer to slides 4 and 5 of the slide deck below for a complete list of the questions.

ongoingQuestions to be shared by Jess with SonarCloud team.

Last PTL meeting
  • Feedback from follwoing projects: DCAE, DMaaP, SDC and SDNC/CCSDK – need to directly discuss with those projects
  • Phase 1: move existing logs to STDOUT
  • Phase 2: to see how we can decide something that is usable by any component (pattern for logs)
  • Phase 3: add request id
  • Chaker’s feedback on Logging guidelines v1.1
ongoing

To check with Chaker where logging guidelies doc is located on the Wiki - already found:

ONAP Application Logging Guidelines v1.1.



OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 20th OF APRIL'21. 





...

View file
name2021-04-13_SECCOM_week.mp4
height150


SECCOM presentation:

View file
name2021-04-13 ONAP Security Meeting - AgendaAndMinutes.pptx
height150