...
Jira No | Summary | Description | Status | Solution | |||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Good news! | Byung as the new Architecture Subcommittee Chair - congratulations! SPDX 3.0 update | Muddasar provided an update on SPDX version 3 and SBOM update. SLIDES Effort to move SPDX 3.0 to ISO standard still to be done. | |||||||||
CPS Road to gold | Tony prepared his part of the deck for a common presentation . | ongoing | Tony to send a copy to broader team and check and shared with Lee Angella. | Building a better 5G future... | Muddasar was presenting Accelerating 5G Innovation at the ONE conference in Vancouver. Recording shall be available in few weeks. Muddasar provided a quick summary. Maggie will be speaking to 5G superblueprint on network slicing and network configuration on Wednesday (11.00 AM EST). | LFX Security Dashboard | Amy had a meeting with Jess. -LFX is a security framework - open for different pipelines, no dictated tools, and absolutely no integration with LF purchased/licensed products: Nexus-iq or Sonarcloud. -ongoing VEX and SBOM under exchanges | ongoing | Value to ONAP projects could be increased by providing configuration templates for existing tools.ongoing | Tony will join next TSC and share SECCOM recommendation for 2FA. OJSI list of people to be reviewed. Amy will contact Jess. | |
DTF event and SECCOM presentation | Let's have a common SECCOM voice towards ONAP community. Slide with packages upgrades to be added as well as security template in architecture review template. | ||||||||||
Latest weekly scans | Marek was able to initiate latest run of scans. Results are progressing, cassandra and zk-tunnel-svc to be further elaborated. Marek does not know which project is using zk-tunnel-svc - it is not in Jenkins ONAP-discuss question was raised but still no feedback so far. Pawel to check with Marek if he recalls zk-tunnel-svc is part of which project. | ongoing | |||||||||
PTL meeting (May 15th) | PTL Agenda Topic: Confluence and JIRA alternatives – no issue anymore M4 status update RC for London June 1st. Montreal M1 planning (June 22nd) | Tony to be contacted by Policy team member for 5 Year security review. | TSC meeting (May 11th) | Voting on modified ONAP mission statement and chapter modifications Preparation 22nd) | -PTLs upgrades for London release 2023-05-22 ONAP London release pakages upgrades.pptx - total vulns reduced significantly! -Issue raised for images creation (Sigul signing problem) – jira ticket opened by Liam last week: https://jira.linuxfoundation.org/plugins/servlet/desk/portal/2/IT-25552 -RC blocker! | ||||||
TSC meeting (May 18th) | -Review of the deck for Governance Board (presentation today!last week) -2FA issue raised – follow-up with presented as summary of meeting Andreas and LF- IT today at 5 PM CEST. | SECCOM Montreal requirements | Existing Global requirements -Epic REQ-437: COMPLETION OF PYTHON LANGUAGE UPDATE (v2.7 → v3.8)
-Epic REQ-438: COMPLETION OF JAVA LANGUAGE UPDATE (v8 → v11)
-Epic REQ-439: CONTINUATION OF PACKAGES UPGRADES IN DIRECT DEPENDENCIES
-Epic REQ-443: CONTINUATION OF CII BADGING SCORE IMPROVEMENTS FOR SILVER LEVEL
-Logging for Java
Bob to share Jira as a reference. JIRA ticket for the security logging for Java containers. https://jira.onap.org/browse/REQ-1072last week – still some actions pending… but -Feedback from Andy received ;-)
| ||||||||
SECCOM MEETING CALL WILL BE HELD ON 30th May 2023. SBOM Types & Minimum Requirements for VEX Documents - we move it to the next week, Muddasar will prepare some info on SPDX 3.0 and different types of SBOMs. |
|
Recordings:
SECCOM presentation:
2023-05-23 ONAP Security Meeting - AgendaAndMinutes.pptx