Page Comparison

...

Jira No

Summary

Description

Status

Solution

Jenkins, Gerrit and Sonar – Thierry Aleno

View file

name	Sonar_Gerrit.pptx
height	150

Master branch content is analyzed only by SonarCloud.

For ONAP quality gate is very low: https://sonarcloud.io/organizations/onap/quality_gates/show/6826

ongoing

completed

PTLs meting

The permissions are given per repo unfortunately.. not across all at once

Slot was booked at the last PTLs meeting to ask PTLs for their GitHub IDs., so they would get an access to SonarCloud capabilities.

ongoing

PTLs GitHub IDs to be collected once TSC approves the idea.

(IT-22048) for direct vs. indirect dependencies with container scans

Feedback from Bengt to move on with ticket at Sonatype by opening a feature request - Amy opened a feature request (IT-22175) - no update

ongoing

Fabian's update - quality of a code

DMaaP all security issues closed, still 18 critical, with SO pending merge, same for service mesh, now started with SDC.

E-mail from Jess on Wikimedia – plugin can be deployed but Jenkins job is needed every time before the merge. PoC could be created with DMaaP project. Discussion with LFN and Jess on Jenkins credentials.

ongoing

E-mail to be sent to Seshu to try to move forward merge (Pawel).

Meeting to be organized with Jess and LFN on plugin deployment possibility (Fabian)

CIS Benchmark feedback - Muddasar

We have pretty much every requirement already documented, what is missing is auditing capabilities (they are by default turned off).

CIS benchmarking provides guidelines but also commands required. On GitHub automated script that can be downloaded.

ongoing

Morgan's e-mail

Go back to PTL and figure out what do we do with the repo’s not part of the release
Cassandra – owned by Integration team?
Link to Wiki to be included in the minutes: https://logs.onap.org/onap-integration/weekly/onap_weekly_pod4_master/2021-06/11_22-55/security/versions/versions.html
Database link for recommended versions: https://wiki.onap.org/display/DW/Database%2C+Java%2C+Python%2C+Docker%2C+Kubernetes%2C+and+Image+Versions
We believe that acceptable step is migrating from unsopported versions and second step is to mutualize, have common latest recommeneded version.

ongoing

Book a slot with PTLs on next Monday (Pawel)

Check with Integration team why we can see 3 instances of Cassandra and if they own it (Amy).

OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 22nd 29th OF JUNE'21.

Recording:

View file

name	2021-06-22_SECCOM_week.mp4
height	150

SECCOM presentation:

Versions Compared

Old Version 2

New Version 3

Key