...
Jira No | Summary | Description | Status | Solution | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Vulnerable package reportion automation | Presentation provided by Brianna and Bert. Great job (150 hours → 2 hours)! Safes a lot of manual work for us. Enhancements for the future:
| ongoing | import excel into confluence: | LFN Developer & Testing Forum | Event June 13th-16th Porto, Portugal Please register: https://events.linuxfoundation.org/lfn-developer-testing-forum/ | started | ||||||||||||
| started | Remaining topic proposals to be submitted. Brian to share what kind of security due diligence is performed by BellCanada. ONAP is used for 5G slicing orchestration. Fabian to check if could contribute on how qualify software to be deployed, what duediligence was performed. Follow-up with Kenny to be done. | ||||||||||||||||
OSA documentation update per release | Thomas asked for a branch to be created for Jakarta | started | Pawel to to be done. | |||||||||||||||
Last PTLs meeting – 25th of April |
1.SDC-3954 - open 2.SDNC-1692 - done 3.OOM-2957 – open – reassigned to Fiachra
1.OOM-2958 – open - reassigned to Fiachra 2.INT-2104 – in progress | |||||||||||||||||
Last PTLs meeting – 9th of May | Tony presented 5Y project review – CPS volunteered to be PoC and review questionaire. | ongoing | Once Toine completes, we will review the questionnaire. SECCOM to be updated. | |||||||||||||||
Unmaintained Projects | Amy presented to ArchCom and to present unmaintained project deckto Architecture subcommittee on 3 May andTSC on12 May. Good exchanges with Chaker, Byung:
Updated presentation is available below. | Amy to present at 12 May TSC call | logging PoC report | Ajay (Ericsson) is working on the connection between FluntBit and ElasticSearch. He is leaving Ericsson end of this week, so some of our OOM team members have key learning sessions with him. I told Ajay to check in his code. We plan to report our log PoC progress/demo to SECCOM sometime soon. That is the plan. | ongoing . Outline for the yellow to be added. | |||||||||||||
Update on failing security tests below: |
1.SDC-3954 - open 2.SDNC-1692 - done 3.OOM-2957 – open – reassigned to Fiachra
1.OOM-2958 – open - reassigned to Fiachra 2.INT-2104 – in progress | Security tests taht are performed to be reviewed for test coverage and identification of missing items. | ||||||||||||||||
SBOM: patch to add the path for VES | -Jess is trying to validate the procedure
| ongoing | Muddasar to share e-mail that Vijay shared with Jess. | CPS gold badge | Dedicated meeting to be scheduled – 2 tickets created at LFN IT: Adoption issue requires manual manipulation of workspace flag. Next step to get PTL onboard and set target date when LF IT would implement ONAP projects | ongoing | ||||||||||||
CPS gold badge |
| Next focus on Nexus to get A grade. | LFN white paper 5G E2E security | MFA for ONAP | Discussed whether MFA should be natively supported by ONAP.
| Service Mesh | OOM is working on ServiceMesh even though there is no OOM PTL EST (E///) and DT have a goal is to complete the ServiceMesh in Kohn
Invite ServiceMesh SMEs to SECCOM meeting for update. | Pawel to invite ServiceMesh SMEs to SECCOM call. Need to identify the EST and DT SMEs | 5Y review | tp be presented on May 9th to PTLs.
| Tony will present at 9 May PTL call. | OpenSSF intro by David Wheeler | Link to recording and slide deck: https://wiki.lfnetworking.org/display/LN/LFN+Security+Forum review for the near future – are our pipeline or processes optimal? | to be done
| ongoing | |||
logging PoC report | Ajay (Ericsson) is working on the connection between FluntBit and ElasticSearch. He is leaving Ericsson end of this week, so some of our OOM team members have key learning sessions with him. I told Ajay to check in his code. We plan to report our log PoC progress/demo to SECCOM sometime soon. That is the plan. Prototype for logging fields. | ongoing | update and demo will be provided - Byung coordinates that. | |||||||||||||||
CPS PoC | Fabian tried to join Seshu. How to move forward: share results of the PoC during PTLs meeting to build awarness, followed by proposal to community. Closed loop for results is a defintely a value for the developer. | ongoing | Outcomes of CPS PoC to be presented in incoming weeks. | |||||||||||||||
NIST 5G Cybersecurity draft document | https://csrc.nist.gov/publications/detail/sp/1800-33/draft | started | to be addressed at the next SECCOM | Kohn SECCOM Global Requirements | -[REQ-437 -> REQ-800] -> REQ-1067 -> REQ-1208 COMPLETION OF PYTHON LANGUAGE UPDATE (v2.7 → v3.8)started | Logging requirment - target full PoC for Kohn and then Global Requirement for London releaseongoing | ||||||||||||
Technical debt | Presentation provided by Muddasar:
El Alto was first release focusing on technical debt and it was a shorter release. | started | We shall have Jira issues for all technical dept issues to track it. To review last 2 slides ta the next meeting - slides to be shared by Muddasar to SECCOM distribution list - done. One slide to be prepared and then shared with PTLs and architecture subcommitee. | |||||||||||||||
SECCOM MEETING CALL WILL BE HELD ON 17th OF MAY'22. | Review of technical debt slides with special focus on 2 last ones. |
Recording:
View file | ||||
---|---|---|---|---|
|
...
22_04_18_ONAPUnmaintainedProjects_v5.pdfAttendees:
View file | ||||
---|---|---|---|---|
|