...
Jira No | Summary | Description | Status | Solution |
---|---|---|---|---|
Update on the Security Logging Fields and Global Requirement | -DRAFT slides: https://wiki.onap.org/display/DW/Security+Logging+Fields+-+Global+Requirement -Bob integrated comments from the last session -If no dependencies, 4 hours per container- info from CPS project Influencing O-RAN specs: security log tech report: https://oranalliance.atlassian.net/wiki/download/attachments/2547417415/O-RAN.SFG.Security%20Log%20Management-v00.02.docx?api=v2 | ongoing | Other than CPS project shall be involved for resource estimation for requirement implementation. Test proposal - can it be taken from CPS on how do you know it works? | |
SBOM creation | LF IT still veryfying cases – code should be modified as cleaner solution. LF IT seems to be short in resources. Sessions by Alain Friedman:
| ongoing | ||
Superblueprint | Use cases to be added, limited resources to go with E2E solution integration.
| ongoing | ||
Service Mesh for Kohn release | Follow-up of the Andreas presentation - service mesh used for communication as default. AuN and AuZ as next steps by E/// team. Connection to Keyclock is needed for user management with token. For London to be applied. E/// confirmed resources to contribute. AAF removal not ready for Kohn as providing full RBAC and certificates. Target to London. ISTIO GW configuration.We ave only one ONAP namespace. | Andreas will talk to Seshu. | ||
PTL meeting – August 1st | Cancelled. | |||
TSC meeting – July 28th | -Confluence injection attack – plugin disabled -DTF submissions, no deadline yet | |||
Pawel and Amy submitted proposal: ONAP’s Recipe for Managing CVEs and Securing Open Source Software Byung will present service descriptor and potentially new ONAP security architecture with service mesh. | ||||
LFN Developer & Testing Forum NA | Productization of Assured Opensource Software - Muddasar SBOM implementation and challenges in ONAP - Muddasar | Brian to be asked by Muddasar as co-presenter for SBOM. | ||
Node.js recommended upgrades | We start this topic. The even-numbered versions of Node.js roll through “current” status, “Active LTS” status, and “Maintenance LTS” status. New releases come out every 6 months. So a current release becomes LTS 1 year later, then Maintenance LTS 1 year after that for an additional 1.5 years. The current version is v18, the active LTS is v16, and maintenance LTS is v14. V14 is active through Apr 2023. We should make sure that we are using Containers with Node.js v14, v16 or v20. This MIGHT be automatic if we are using current node.js containers. | |||
SECCOM MEETING CALL WILL BE HELD ON 16th OF August'22. |
Recording:
View file | ||||
---|---|---|---|---|
|
SECCOM presentation: