...
Jira No | Summary | Description | Status | Solution | Update on Unmaintained Projects task group | Unmaintained Project tg reviewing RACI matrix: https://wiki.onap.org/display/DW/Project+State%3A+Unmaintained Use Jira TSC epic and project/work group tasks to track the retirement of a capability (project/repos) – create template OOM contains unused/orphan code: discuss at next unmaintained projects call because it affects security and maintainability (step in the RACI matrix) DCAEMOD repos are being removed in London Test RACI process with AAF (unmaintained project) and DCAEMOD (unmaintained repos) – Muddasar will contact Vijay | ongoing | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
PTLs meeting – August 29th | Tool for automated gerrit reviews – presented by Tony and Vijay, Focus on quality of the push, versions compatibility, copy rights notices consistency. Operational in DCAE. Trial for python and java projects. | ongoing | This could be shared at the DTF with all LFN projects. Amy will try to share information about this tool with LFN Governance Board as tool is applicable widely. | |||||||||||||||||||
Update on the Security Logging Fields and Global Requirement | Bob updated PTLs at the 8/22 PTL call DCAE will deliver logging updates in London will socialize python & javascript POCs with PTLs: May need python & js POCs Use language indicator on SonarCloud dashboard to determine programming language
| ongoing | SBOM creation | dcaegen2-collectors-ves SBOM successful CPS SBOM working 4 successful project SBOMs created | ongoing | Superblueprint | Update from 8/16 Super Blueprint meeting (Muddasar)
Use cases to be added, limited resources to go with E2E solution integration. Weekly meetings: https://wiki.lfnetworking.org/pages/viewpage.action?pageId=50528282 Architecture: https://wiki.lfnetworking.org/pages/viewpage.action?pageId=53609061 Roadmap: https://wiki.lfnetworking.org/display/LN/5G+Super+Blueprint+Roadmap Requirements and Use case Advisory Group: https://wiki.lfnetworking.org/display/LN/Requirements+and+Use+Case+Advisory+Group Use cases: https://wiki.lfnetworking.org/pages/viewpage.action?pageId=68792322 Use cases to be added, limited resources to go with E2E solution integration. Muddasar tasked with specifying detailed use case requirements for creating secure slices: least privilege Eric Kline performing streaming analytics on data to use in closed loop slicing automation | ongoing | Logistic from program perspective needs to be improved. | OOM | Ericsson OOM team is focused on the ONAP security reference implementation. Logging reference implementation is second priority work item for now. Code link was shared with SECCOM before (nordix), but not yet contributed to ONAP | PTL meeting – August 22th | Short meeting (Bob attended)
| TSC meeting – August 18th | No one on SECCOM call attended | Pawel and Amy submitted proposal: ONAP’s Recipe for Managing CVEs and Securing Open Source Software Byung will present service descriptor and potentially new ONAP security architecture with service mesh. | LFN Developer & Testing Forum NA | Productization of Assured Opensource Software - Muddasar SBOM implementation and challenges in ONAP - Muddasar 5G orchestration with ONAP, AI and ML. - Maggie | Brian to be asked by Muddasar as co-presenter for SBOM. by Bob, info about languages used by ONAP projects based on SonarCloud. Python project volunteer needed. | ongoing | Bob to open a ticket to LF IT- done: https://jira.linuxfoundation.org/plugins/servlet/theme/portal/2/IT-24461 with Sonarcloud scaning capabilities enhancements. | |
ODL code transition to ONAP | Potentially better maintained in ONAP. | started | Scans to be done as for every other | |||||||||||||||||||
SECCOM MEETING CALL WILL BE HELD ON 6th OF September'22. |
...
View file | ||||
---|---|---|---|---|
|
SECCOM presentation:
View file | ||||
---|---|---|---|---|
|