Versions Compared

Old Version 2

changes.mady.by.user Amy Zwarico

Saved on

compared with

New Version 3

changes.mady.by.user Amy Zwarico

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Jira No
SummaryDescriptionStatusSolution

Oparent

-Only 2 PTLs responded to Amy’s e-mail

-No objections on Oparent retirement, we have no volunteer to maintain it up to date

-pom.xml contains more than cross project common package dependencies


Recommendation:

-retain oparent/pom.xml

-Make Andreas Geissler a committer and ask the integration or OOM team to update the file per release


No PTL for AAI, DCAE, OOF

-Andreas Geissler and Thomas Kulick made committers

-They will do the work necessary for the projects to participate in the release

Will AAI, DCAE, OOF have security vulnerabilities fixed?


ONAP Streamlining

-Role of SECCOM

-Prioritization of vulnerability fixes

-Prioritization of security enhancements

-Proposal: ONAP projects work with latest version of common components such as Istio, KeyCloak, Kafka

ONAP Streamlining - The Process

Deck shared with TSC: ONAP - Streamlining the process Report-2023-8-3-v2.pptx (live.com)




5 Years security questionnaire for Policy projectTony to invite Policy represenatives to one of the next SECCOM meetings

Documenting APIs


Meeting with Thomas Kulik on Thursday completed by Muddasar who shared his update. 

Thomas is short in resources. We may rely on Byung effort in documenting APIs.

Not every project exposes system data API.

Some projects are not on the Byung's list

Reference to the complete list to be added to the Byung's deckPolicy framework began the review of 5yr questionnaire and will complete the review at the 22 August meeting.

Java 17 vs. Java 21We propose ONAP project to upgrade to Java 17, packages as there might be some missing dependencies for Java 21, so projects might target it but juno from 11 directlly to 21 might be a significant effort.


LF IT CI/CD security review

85-90% information received by Muddasar. 

Good security hardening is already in place.

Muddasar shared presentation (below).

PTL meeting (August 7th)

-Java 17 vs. Java 21 info provided – we stick to Java 17, question to Amy for Jira tasks creation

-Discussion on how disaggregation impacts Release Management tasks

-Github actions intro provided by Jess, follow-up at the TSC meeting on Thursday




TSC meeting (August 3rd10rd)

-Presentation on disaggregation topics submitted by Byung, voting expected on August 10th.




NEXT SECCOM MEETING CALL WILL BE HELD ON 15th 22nd of August 2023. 







Recordings: 

2023-08-08_SECCOM_week23_08_15_audio1491690214.m4a

23_08_15_video1491690214.mp4

SECCOM presentation:

2023-08-08 ONAP Security Meeting - AgendaAndMinutes.pptx

View filenameONAP CICD Security Review.pptxheight250