Versions Compared

Old Version 3

changes.mady.by.user Amy Zwarico

Saved on

compared with

New Version 4

changes.mady.by.user Amy Zwarico

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Jira No
SummaryDescriptionStatusSolution

5 Years security questionnaire for Policy project

Review of Policy questionnaire with Policy representative meetings

PF - ONAP Security Review Questionnaire - Developer Wiki - Confluence


Policy framework began the review of 5yr questionnaire and will complete the review at the 22 August meeting.

Adheli Tavares will attend 2023/08/29 meeting to complete review.


Oparent

2023/08/22: Not Covered

Update from 2023-08-21 PTL meeting

-CPS (Toine Siebelink): will test building CPS without oparent/pom.xml (results 2023-10-01)

-Integration (Marek Szwałkiewicz): will perform a test build with the profiles commented out

2023-08-15 SECCOM notes

-Only 2 PTLs responded to Amy’s e-mail

-No objections on Oparent retirement, we have no volunteer to maintain it up to date

-pom.xml contains more than cross project common package dependencies


Recommendation:

-retain oparent/pom.xml

-Make Andreas Geissler a committer and ask the integration or OOM team to update the file per release

-Proposal:

  • Option 1 (short term): ask the integration or OOM team to update the file per release
  • Option 2 (long term): split into multiple pieces that could be independently maintained: dependencies, build directives, profiles

-Byung will discuss with Andreas and OOM team and report at 8/22 SECCOM

-Amy will contact Liam Fallon  and Pam for history


No PTL for AAI, DCAE, OOF

2023/08/22: Not Covered

-Andreas Geissler and Thomas Kulik made committers

-They will do the work necessary for the projects to participate in the release

Will AAI, DCAE, OOF have security vulnerabilities fixed?

-Byung will discuss with Andreas and Thomas to coordinate release tasks such as backlog prioritization

-Muddasar: someone needs to take backlog management role

-Muddasar: no mandated best practice to manage technical debt; call for a statement about code quality – all code will be secure

-Muddasar & Amy: bring mandate for code quality to LFN TAC 2023/8/16


ONAP Streamlining

2023/08/22: Not Covered

-Role of SECCOM

-Prioritization of vulnerability fixes

-Prioritization of security enhancements

-Proposal: ONAP projects work with latest version of common components such as Istio, KeyCloak, Kafka

ONAP Streamlining - The Process

Deck shared with TSC: ONAP - Streamlining the process Report-2023-8-3-v2.pptx (live.com)




TSC meeting (August 17th)

2023/08/22: Not Covered




LFN-TAC (August 16th)

2023/08/22: Not Covered

Review of security best practice recommendations for LFN projects: Security Best Practices




NEXT SECCOM MEETING CALL WILL BE HELD ON 29th of August 2023. 







Recordings: 

23_08_22_audio1582474276.m4a

23_08_22_video1582474276.mp4


SECCOM presentation:

2023-08-22 ONAP Security Meeting - AgendaAndMinutes.pptx