Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 2th 27th of October 2020.
Jira No | Summary | Description | Status | Solution | MVP definition for flow matrix | ongoing | Pierre to check with Martial if we could work with CLAMP for flows documentation. Tool (Cidium?) to get flow matrix information to be elaborated by Fabian. To be checked with Eric and Catherine to get buyin from TSCs. Information to be provided by Fabian to Amy. | Harbor integration | Meeting with Jessica was organized to discuss next steps and explain activity goals. Key features of Harbor:
| ongoing | Action point for Fabian to provide requirements for Harbor to Jessica and use Jenkins sandbox. Fabian to run an internal meeting with his team and comeback to SECCOM with those 2 features utilization idea. | vF2F summary | Multiple presentations provided:
| done |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Known vulnerabilities analysis for Honolulu | Our and effort projects bring value in decreasing the rsecurity isks
| ongoing | Honolulu non functional requirements | Honolulu non functional requirements - presentation to Requirements Subcommittee | SECCOM requirements were presented on 26th of October.
| done | Test use cases and ac ceptance criteria shall be prepared for each requirement. | ONAP Release milestones | done | Java and Python upgrade | Final list of the projects that require upgrades to be created. | Amy to check with Morgan and Sylvain. | Prioritization will be done by TSC. With Fabian we made a SIEM requirement. | |
CLAMP for flows documentation provided by Pierre. | It is clear for Fabian but insufficient. | ongoing | Offline exchanges to be organized next week on (4th of November?) between Fabian and Fabien/Pierre. | |||||||||||
Harbor integration | Requirements for Harbor to be provided to Jessica and use Jenkins sandbox. Internal meetings to be organized by Fabian with his team and come back to SECCOM with 2 features utilization idea:
| in standby | ||||||||||||
Java and Python upgrade | There is abuild time test that checks the images to see if they have Python 2 (interpreter) or Java 8 (runtime) included in the image. We still have lots of components that have those in their image. Problem statement: It does not answer the question whether projects are using now only Python 3 and Java 11. In multiple cases people are using custom images and simply did not remove Python 2 and Java 8 as not used. Standard image does not have old versions in it, we shall push projects to use standard image for Honolulu release and if from some reason they need to run custom image, they must remove what they do not use. | Amy will reach out Pawel W. to run some additional tests. | ||||||||||||
Synch on latest recommended versions | Some projects made a great job , some did nothing. We shall push TSC for prioritization of this task. | ongoing | ||||||||||||
CII badging requirement | Requirement to be updated. | ongoing | Tony to update Jira Epic. | |||||||||||
CII Dashboard | 3 projects that are silver now:, and even one of those projects is 65% of gold (VVP) and 2 other are at 57 % of gold (Policy) and AAF, CLAMP is 96% silver and over 40 % gold. | ongoing | Progress was made. | |||||||||||
SIEM requirement | To be added as it is mature: Implementation is done to identify events that compromise the system. This information feedback is done because only an intervention can stop this risk. The events are logged and according to rules have intervened according to the risks. External system must be use to save and display the log Secure protocol must be use to transfert the log between ONAP and external system | done | ||||||||||||
OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 27th 3rd OF OCTOBERNOVEMBER'20. | Secrets management if possibleby Natacha. |
Recording:
View file | ||||
---|---|---|---|---|
|
...
SECCOM presentation:
View file | ||||
---|---|---|---|---|
|
...