...
| Jira No | Summary | Description | Status | Solution | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| SDC request for exeption for Honolulu | Slides presented by Xue:
| done | As it is planned to finalize in Istanbul, SECCOM recommends an exception for SDC. All other exceptions to be reviewed by March 4th. | |||||||||||||||||||||||||||||||||||||||||||||||
| SECCOM slides for Requirements Subcommittee | https://wikilf-onap.onapatlassian.orgnet/wiki/display/DW/Template+to+be+fulfilled+per+each+requirement We booked next SECCOM requirements for Honolulu and Istanbul were presented at the session on March 1st to present slide deck – confirmed with Alla | ongoing | Present slides on March 1st. | Whitesource scans of SPC vs. Nexus-IQ | Ticket was opened with Whitesource | ongoing | Whitesource will be contacted to follow-up the request on transitive dependency in their GUI. | UI from Morgan presentation | ongoing | Info to be shared with Michal | Last PTL session update | -Exceptions for Python and Java upgrade 1 week by RC0 (March 5th) -Page for exceptions in Honolulu release :https://wiki.onap.org/x/8DyLBQ | ongoing | Logs management – follow up by Amy – container logging requirements review |
First discussion point based on VNF requirements for logging. Comment on container (OS layer) and container application (application layer) for logs collection. Comment on logging modifications in the container. | ongoing | Comments for logging requirements to be reviewed at the next SECCOM meeting. | ONAP MVP |
MVP (to support simple use cases):
| ongoing | To be presented with Fabian at the PTL's meeting on March 8th. | Trivy can results |
Not possible to compare results with Whitesource or Nexus-IQ. Trivy does not provide remedy version - to be elaborated by Fabian. To be elaborated on how to integrate Trivy with the CI and what to do with the findings. | ongoing | Remedy version to be elaborated by Fabian. | No use of base images | We need to review of who is using basic image and who is not. Once the list of projects not running basic image is known, we shall contact each concerned PTL to understand the rationale behind. | ongoing | We start with discovery phase and understanding rationale. List to be checked with Morgan and start with MVP and then exapnd to remaining projects. Best practices and global requirements period is open for Instanbul release. CII Badging - as best practice for Istanbul to be moved to global requirements. The same for packages upgrades. New requirement to be linked to existing best practice one. SonarCloud 55% code coverge history - difficult for PTL and committers to know if the code proposed is improving the coverage or not as analysis is visible only on Master = you get to know after the code is merged. Good target is not to reduce the coverage and trying to improve. | ongoing | To document SECCOM non-functional requirements for Instanbul release at the Wiki created by Alla. Jiras to be created with linkage under jira. Best practices proposal to be submitted to TSC for an approval. | |||||||||||||||||||
| Sonarcloud issue | Problem integrating jacoco unit test results with SonarCloud to create code coverage reports. | ongoing | Jess to be informed. | |||||||||||||||||||||||||||||||||||||||||||||||
Logs management – follow up by Samuli | Update from Samuli on ONAP xNF O&M requirements have an audit logging requirement – “all changes to the configuration (or: the system) must be logged”. | ongoing | VNF logging requirements to be checked. | |||||||||||||||||||||||||||||||||||||||||||||||
| How to create secure applications | Following last request from Chaker and discussion at the last PTLs meeting. Secure design should cover that. | pending | Tony will start Wiki with the initial proposal and SECCOM will support by reviewing it and providing feedback. Toine from CPS to be addressed. | |||||||||||||||||||||||||||||||||||||||||||||||
| OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 9th OF MARCH'21. |
Recording:
| View file | ||||
|---|---|---|---|---|
|
SECCOM presentation:
| View file | ||||
|---|---|---|---|---|
|