...
| Jira No | Summary | Description | Status | Solution | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
SBOM global implementation in ONAP | -Ticket was opened by Muddasar to LF IT - Signed SBOM implementation for all ONAP project at Global level (IT-25341) -TSC conditionally approved-, PTL no objections -Jess confirmed turing on at the global JJB config. | ongoing | Muddasar will check with Jess if she completed the work on SBOM signing. | Security Questionnaire for CPS | CPS made some updates but we will check if this activity is completed. | ongoing | Pawel to chec kwith Lee Anjella. | Wrapping up the unmaintained repo task force – Amy: link | We wait till M4 for TSC presentation | PTL meeting (April 3rd) | SBOM global implementation – go decision | Security test cases review | https://logs.onap.org/onap-integration/weekly/onap-weekly-dt-oom-kohn/2023-02/25_04-42/ -CI/CD pipeline aspects - infrastructure ans security test cases to be further elaborated -Objective is to identify opportunity for improvement to reduce risk of unwanted behavior and software build pipeline. -Improve automated test coverage for Security tests at integration stage. | We move this topic to next week agenda. | PTL meeting (March 27th) | -New dates (1 week delay) for M3 (March 30th) and M4 (April 20th) | TSC meeting (March 30th) | -China Telecom takeaways – why not using ONAP commercially -Dashboard could be the reason of CT customization | New ONAP contribution for Integration | Marek from DT might propose his candidature to become Integration PTL. is doing follow up – check at the release date. | |
| Security test cases review | Muddasar presented his deck:
SPDX is our preferred format for SBOM as part of ISO standard. | ongoing | Assessment criteria comments are welcome. Muddasar to follow up with LF IT. Pawel to share information with TSC for ONAP CI/CD Security Review. | ||||||||||||||||||
| Security Questionnaire for CPS | Lee Anjella confirmed the completion of the updates on her side. | ongoing | We agreed for a final review next week. | ||||||||||||||||||
TSC meeting (April 6th) | Marek elected as new Integration PTL | ||||||||||||||||||||
ONAP model changes | -Follow more CNCF approach – independent projects driven by use cases -Integration assures network connectivity -Complementary to Nephio which seems to be more infra focus while ONAP is application -Minimum security and logging guidance is required | ||||||||||||||||||||
API review for Montreal as part of Architecture Review Template | Byung to address with Chaker | SECCOM members to be invited for API review. | |||||||||||||||||||
| What version of ONAP would be merging with Nephio | Ongoing discussions. We shall wait for Nephio's first release delivery in May'23. Nephio is CRD based, custom API is generated dynamically. Subproject created for HELM support by Nephio with Nokia and E/// support. | ||||||||||||||||||||
SECCOM MEETING CALL WILL BE HELD ON 18th April 2023. | CPS Security updated questionnaire review by SECCOM - final round with CPS team.Muddasar will share deck for supply chain security via seccom distribution list. |
Recordings:
SECCOM presentation:
2023-04-11 ONAP Security Meeting - AgendaAndMinutes.pptx