...
| Jira No | Summary | Description | Status | Solution | NSA contribution proposal for ONAP security | ongoing | ||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Both Vijay and Tony to provide support for NSA teamJava and python upgrades in Istanbul release | We do not plan on creating tickets for unmaintained projects, instead we should add those repos to Morgan’s exception list. Looking for info on which projects are responsible for the following repos:(responses from PTLs in parentheses)
| ongoing | Additional jiras to be created excluding the ones related to testing that will go to whitelist. Awx to be checked in what context it is used for testing - Morgan to be asked. | |||||||||
| Security and critical vulns per project | Orange developer strated with DMaap: 421 issues down to 53 - at the last PTLs meeting DMaaP PTL promissed to review the proposed changes and merge it. Next step will be to analyze SO. | ongoing | ||||||||||
| NSA contribution proposal for ONAP security | Vijay reached-out Maggie, establishing contact with relevant ONAP community members. | ongoing | Next meeting to be booked. | |||||||||
CNF Task Force enterprise business workgroup | Next meeting Meeting on April 14th at 2:30 00 UTC - Work with O-RAN to use ONAP for service management and orchestration, how to handle Magma - no decision yet on how to treat access control gw? ONAP Architecture Subcommittee to be involved. | ongoing | Progress tracking for Python and Java upgrades | In begining of March still Python 2.7 (40) and Java 8 (38) the containers -> last week: (23/67) Java (28/105), so considerable progress observed! Some items might be due to LF pipeline. | ongoing | We will track upgrades with Jira tickets in Instanbul release | Feedback collection on Magma | |||||
| [WAIVERS] Set Honolulu security waivers | Merge done | done | ||||||||||
| Meeting with Jess and SECCOM on Jenkins/Gerrit and SonarCloud | Meeting done on April 15th - integration between Wikimedia and Sonar: https://phabricator.wikimedia.org/phame/post/view/160/introducing_the_codehealth_pipeline_beta/ | ongoing | Fabian will come back to us with an update. | |||||||||
| Slide deck for new Global Requirements | No slot again at the last TSC, although booked. | ongoing | To be presented at the incoming TSC meeting - slot in the next agenda to be booked again and e-mail to be - e-mail request was sent to TSC districution list. | Security and critical vulns per project | Orange developer strated with DMaap: 421 issues down to 53! distribution list | ongoing | Next step for PTL to merge the code. | SonarCube and integration with Gerrit | ongoing | Meeting to be organized by Pawel with Jess and Orange team. | Waiting for TAC approval | |
| Training for SonarCloud | Please refer to slides 4 and 5 of in the slide deck below for a complete list of the questions. | ongoing | Questions Additional question identified on possibility to integrate SonarCloud with Gerrit – scan before merge. | ongoing | Updated list of questions to be shared by Jess with SonarCloud team. | |||||||
| Last PTL meeting |
| ongoing | To check with Chaker where logging guidelies doc is located on the Wiki - already found: ONAP Application Logging Guidelines v1.1. | |||||||||
| OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 20th OF APRIL'21. |
Recording:
| View file | ||||
|---|---|---|---|---|
|
SECCOM presentation:
| View file | ||||
|---|---|---|---|---|
|