Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 17th of January 2023.
Jira No | Summary | Description | Status | Solution | Weekly scans re-enabled with 2023-01-17_SECCOM_week.mp4support: | https://logs.onap.org/onap-integration/weekly/onap-weekly-dt-oom-kohn/2022-11/28_09-30/ -Fiachra responded with srimzi-zk-entrance:
| ongoing | E-mail with feedback was shared with Fiachra | |
---|---|---|---|---|---|---|---|---|---|
Logging security discussion | Follow-up by Byung: After meeting Justin shared his script and mentioned node level Fluentbit deployment (different name space with different privilege level). Adrien is working on node level logging. | ongoing | Andrew from Byung's team will check feasibility for pod level logging. Next week conclusion expected. | ||||||
Security issues raised by External researchers | -
| ongoing | Details to be reviewed by Pawel and Amy on January 13th. | ||||||
Unmaintained projects Unmaintained projects | Repos without merge (for last 1 year) identified, at . Merges by Thomas and Cedric to be excluded. | ongoing | At the next PTL meeting Jan 23rd list to be reviewed. Merges by Thomas and Cedric to be excluded. | ongoing | TSC meeting (5th January) | Synch | |||
Security review questionaire | CPS team has mostly completed their security review. Tony will be scheduling a meeting with them to answer a few questions | ongoing | Update to SECCOM to be provided by Tony next week | ||||||
TSC meeting (12th January) |
| ||||||||
PTL meeting (9th 16th January) | Check with Fiachra on srimzi container | Logging security discussion (recording reference: starting from 17:15) | Justin Garrard (jagarra@uwe.nsa.gov) presented onap-log-inject.pptx and demo. ONAP logging requirements: ONAP Next Generation Security & Logging Architecture. OOM wanted to have logging at the node level. Moving Collection Agent to PoD level from Node level avoids security issue. | started | Further exchanges to be done on that topic, pushing Fluentbit to the pod makes sense from security perspective Cancelled due to day off in US | ||||
London recommended versions | |||||||||
Latest weekly scans | |||||||||
Tickets for Global Requirements | -Epic REQ-437: COMPLETION OF PYTHON LANGUAGE UPDATE (v2.7 → v3.8) -Epic REQ-438: COMPLETION OF JAVA LANGUAGE UPDATE (v8 → v11) | ongoing | Waiting for a feedback from Andreas. | ||||||
SECCOM MEETING CALL WILL BE HELD ON January 24th 2023. | Node vs. pod level logging update by Byung. CPS Security review questionaire by Tony. |
Recordings:
SECCOM presentation:
2023-01-17 ONAP Security Meeting - AgendaAndMinutes.pptx