Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Jira No
SummaryDescriptionStatusSolution

Vulnerable package reportion automation 

by Brianna and Bert




LFN Developer & Testing Forum

Event June 13th-16th Porto, Portugal

Please register: https://events.linuxfoundation.org/lfn-developer-testing-forum/

started


SECCOM topics proposal:

  • SECCOM retrospectives:
    • Log4j fix implementation in Istanbul Maintenance Release
    • Jakarta security status update
  • Kohn security goals
    • Security PoCs:
      • logging req
      • code quality 
      • service mesh
    • SBOM enablement and maintenance, and packaging
    • Waiver policy update
  • Unmaintained projects joint meeting with Thomas and Andreas, Chaker and Byung.
  • On the road to gold badge - Tony and Toine
  • others? Operator perspective on ONAP security - Amy?, Andreas?, Brian? Fabian?
started

Topic proposals to be submitted.

Brian to share what kind of security due diligence is performed by BellCanada. ONAP is used for 5G slicing orchestration.


Bug in SBOM software - ticket was opened to LFN IT by Vijay.


ONAP unmaintained and deprecated functions 

Amy presented process for all possible use cases with execution and planning phases. Slide deck with modifications included


startedModifications to be provided by Amy based on the discussion held - done

Logging update

Majority of the fields implemented in CPS. 2 topics to be addressed:

  • ordering if the fields
  • format of how would be outputed
ongoingSynch with Byung on architecture.

Synch with OOM

1.SDC-3954 - open

2.SDNC-1692 - closed

3.OOM-2957 -open

    • fix root_pods in Jakarta release:

1.OOM-2958 - open

2.INT-2104 - open

ongoing

Michał to run additional run to get status update.

As none of the tickets were progressed - issue to be escalated at the TSC.


Kohn SECCOM Global Requirements

-[REQ-437 -> REQ-800] -> REQ-1067 -> REQ-1208 COMPLETION OF PYTHON LANGUAGE UPDATE (v2.7 → v3.8)

-[REQ-438 -> REQ-801] -> REQ-1068 -> REQ-1209 COMPLETION OF JAVA LANGUAGE UPDATE (v8 → v11)

-[REQ-439 -> REQ-863] -> REQ-1066  -> REQ-1211 CONTINUATION OF PACKAGES UPGRADES IN DIRECT DEPENDENCIES

-[REQ-443] -> REQ-1069 -> REQ-1210 CONTINUATION OF CII BADGING SCORE IMPROVEMENTS FOR SILVER LEVEL

startedLogging requirment - target full PoC for Kohn and then Global Requirement for London release.

5Y asessmentDedicated teams in projects for security. We have security tests at the Integration level but usually no delegated security expert.ongoingHardening validation process might not exist at all for some ONAP projects.

SECCOM MEETING CALL WILL BE HELD ON 3rd OF MAY'22. 







Recording: 

View file
name2022-04-26_SECCOM_week.mp4
height150



SECCOM presentation: