...
| Jira No | Summary | Description | Status | Solution | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
ONAP disaggregation impact on SECCOM activities | Disaggregation is getting its momentum. 5-10% of projects time to be focussed on integration efforts. Aarna used EMCO to deploy slices, the same could be done with ONAP. ONAP is still handling high level orchestration if it comes to CNF orchestration it is delegated to Nephio. EMCO is talking about connecting to Nephio. We are looking at dev side of the security which is half part picture. Imact analysis is needed for ONAP disaggregation with focus on security, testing etc. | |||||||||
LF IT CI/CD security review | Muddasar is not getting support for the ticket opened 1 month ago: IT-25429 Review of ONAP CI Threat Model and Security Controls | Pawel to check with Sandra on Wednesday's meeting. | DTF virtual event | Presentation provided by Pawel and SECCOM team to share security goals for Montreal release and latest achievements/news. Tony participated in the road to gold presentation by CPS. APIs in ONAP shall be well cataloguized and standards around those APIs well secured (TLS communication etc.). We are still looking at infrastructure-as-a-code and not yet data-as-a-code. Bob participates in Working Group 11. User side is missing or is insufficient, while product security is more leveraged. | done | Byung to share with CPS team SECCOM Kudos for their great work done around CPS security. | CPS Matt confirmed he will setup a meeting with Muddasar to better understand what is expected | |||
| CPS Road to gold | CPS PoC under preparation – Jess is configuring 2FA for committers - done. OJSI list communication with Jess -some members should be removed/added | Amy to check with Jess on updated list for OJSI distribution list. | ||||||||
| 5 Years security questionnaire for Policy project | -https://wiki.onap.org/display/DW/PF+-+ONAP+Security+Review+Questionnaire | strated | Pawel to check with Liam if the work is completed on Policy project side. DONE | Security review in ARCCOM | For ONAP architecture review security is part of the template -Confirmation from Policy project received about review completion. | ongoing | Tony to share initial feedback with Policy team. Next discussion point is 18th of July. | |||
Latest weekly scans – still looking for owner of zk-tunnel-svc | Bob reviewed gerrit logs. | |||||||||
PTL meeting (June 12th19th) | Cancelled | |||||||||
TSC meeting (June 15th) | Presentation Update on new Global Requirement: Use Native Service Mesh Authentication and Authorization for Intra-ONAP Communication
Gerrit upgrade re-planned by Kevin right after RC milestone (- after TSC meeting on Thursday) | Pawel to invite Infosys (Gnanapriya) team to OOM meeting. Andreas to be informed. DONE | TSC meeting (June 1st) | Intro provided for new Global Requirement | Andreas will let Kevin know when upgrade could be provided Kevin to prepare info on which version and what are the drivers for an upgrade | Meeting with Infosys done. They will do the analysis. Access to environment will be crucial. | ||||
Badging Dashboard | Projects in unmaintained status still have active badging questionnaire David was asked to help in marking quesionnaire as unmaintained, Tony organized meeting with David to show what needs to be done. | Latest weekly scans | Marek was able to initiate latest run of scans. Results are progressing, cassandra and zk-tunnel-svc to be further elaborated. Marek does not know which project is using zk-tunnel-svc - it is not in Jenkins. ONAP-discuss question was raised but still no feedback so far. Robert Heinemann No references of "zk-tunnel-svc" were found in: - https://nexus-iq.wl.linuxfoundation.org/assets/index.html#/dashboard/ | ongoing | Bob will try to review gerrit logs | Changes are made. | ||||
SECCOM MEETING CALL WILL BE HELD ON 27th JUNE 2023. |
...
SECCOM presentation:
2023-06-20 ONAP Security Meeting - AgendaAndMinutes.pptx