Page Comparison

...

Open items from 6/21Lots of different wiki pages about ONAP Service Mesh - can we consolidate i.e. Service Mesh POC, ONAP on Service Mesh - Developer Wiki - Confluence, Service Mesh Risk , Analysis - Developer Wiki - Confluence (onap.org), Service Mesh - Developer Wiki - Confluence (onap.org), Service Mesh PoC plan - Developer Wiki - Confluence (onap.org)

Any ONAP project to participate to "Container Signing"- Amy will present the concept to the next PTL call - June 27th, 2022.

Work started. Results for root_pods and unlimitted_pods from Guilin to Jakarta.

Jira No

Summary

Description

Status

Solution

Consolidate ONAP ServiceMesh wiki pages
Present container signing to PTLs - 6/27 PTL call was used to evaluate the Jakarta release status. Present 7/1

ongoing

Jakarta status

Release approval waiting for input from CLI about the failed nodeport test: port 30271 refusing a connection (https://logs.onap.org/onap-integration/daily/onap_daily_pod4_master/2022-06/24_05-56/infrastructure-healthcheck/k8s/nodeport_check_certs/certificates.html)

ongoing

Kohn status

Package upgrade tickets created for each project and set to block REQ-1211

Infrastructure recommendations at Database, Java, Python, Docker, Kubernetes, and Image Versions

ongoing

MITRE FiGHT

Muddasar presented MITRE FiGHT framework

complete

View file

name	FiGHT_ONAP SECCOM_ Jun2022_v3.pptx
height	150

SBOM

Ongoing issue with SBOM - Muddasar

Muddasar contacted CPS, A&AI and SDNC to as them to try adding SBOM creation to their Jenkins jobs.

Issue with the repo structure - LFIT/LFDEV has not yet delivered a solution.

ongoing

Governance board to be escalated to for SBOM and LF IT proper focus. Ranny was contatced by e-mail as a follow-up of DTF discussion.

Last TSC June 23rd

Sign-off pushed to 27th of June PTL call. CLI nodeport failure.

Conditional approval of Kohn M1

Ongoing SBOM creation issue - Muddasar to follow up with PTLs, LFIT and Ranny Haiby

Nominations for new LFNGB committer delegate underway. Candidate cannot be from ONAP this year.

Logging Global Requirement

Promoting Logging Best Practice to Global Requirement - Bob

Bob will follow process: present GR proposal to PTLs for feedback, then request approval to make it a CR for London.

Tata Communications production logging implementation

Overview of Tata Communications DTF presentation on their production logging implementation – Bob [move to 7/12]

https://wiki.lfnetworking.org/display/LN/2022-06-DD+-+ONAP%3A+The+Path+to+a+Production-Grade+ONAP

Bob to present on 7/12

Waivers review between releases

started

To be completed for remaining categories by Pawel - done

Review on 7/1

Synch with OOM:

Security dashboard

Waiver Analysis

Waiver analysis was reviewed.

Testing components are never part of the release.
Upstream components will not be solved as well
For a code produced in ONAP we are in a very good position.
Have we moved to shared DBs?
To be checked with Buyng on shared DBs.
Why ESR is still showing up? It is not part of Jenkins jobs, so some cleaning is needed.

Pawel to check formatting for versions_xfail.txt and Jakarta - checked it is ok.

Specific tickets to be opened for projects.

Next LFN events

ONE Summit NARegistration Open

CFP - Deadline: July 8th; 2022
Nov. 15 & 16 2022 Seattle, WA, USA
In Person

LFN Developer & Testing Forum NARegistration Open

Nov. 17 & 18 2022 Seattle, WA, USA
In Person
Securiung software supply chain by LFN - new topic to be proposed

Proppsals to be submitted.

David to be contacted and invited by Maggie to SECCOM meeting.

Update on Jakarta release

TSC approved the sign off of the Jakarta release on June 30th

Security tests results at 60%: https://logs.onap.org/onap-integration/daily/onap-daily-dt-oom-

master

20

05

53

and

Versions reporting at 57%:

https://

logs.onap.org/onap-integration/weekly/onap_weekly_pod4_master/2022-05/20_21-56/ latest run by Michal for the weekend

Overview of Tata communication Logging solution

Older ONAP version used. https://wiki.lfnetworking.

wiki.onap.org/display/

LN/2022-06-DD+-+ONAP%3A+The+Path+to+a+Production-Grade+ONAP

To be shared what we are doing with them.

Whitesource (mend.io) container scans

New ticket submitted to LFN IT: IT-24112 - Jess was asked for an update.

ongoing

Technical debt

PTLs to be consulted. to know how PTL thinks when looking at Jira tickets. Vijay will be on PTO for next 2 weeks, so it will not be DCAE, AAI under consideration.

ongoing

Ask at the next PTLs meeting for volunteering PTLs. Amy and Muddasar to synch each other on that.

Automation for dependency management

https://github.blog/2020-06-01-keep-all-your-packages-up-to-date-with-dependabot/

DW/Jakarta%3A++Lessons+Learned

SBOM status update

Muddasar contacted with several PTLs and waiting for their feedback.

We need LF IT support, GB was informed by Amy. We ned to run SBOM in the pipeline. Amy to talk to Kenny, Muddasar and Ranny.

Technical debt

Muddasar reviewed Jira tickets recently. Some PTLs are using TechnicalDebt tagging and some not at all. Grooming the tickets would be helpful.

Updating packages is technical debt for us.

OSA branch

WE have not had any vulnerability raised within the process, so nothing to be added in OSA for Jakarta release.

Thomas to be contacted during unmaintained meeting on Monday.

Last SECCOM meeting link

2022-06-28 Security Subcommittee Meeting Notes

DevOPS Pipelines IRS presentation

https://www.cloudbees.com/customers/IRS

SECCOM MEETING CALL WILL BE HELD ON 5th 12th OF July'22.

15 minutes for Muddasar to present 5G security.Potentially session with David Wheeler on SBOM.

Overview of Tata Communications DTF presentation on their production logging implementation

Recording:

View file

name	2022-07-05_SECCOM_week.mp4
height	150

SECCOM presentation:

View file

name	2022-07-05 ONAP Security Meeting - AgendaAndMinutes.pptx
height	150

Versions Compared

Old Version 2

New Version 3

Key