...
Jira No | Summary | Description | Status | Solution | |||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Last TSC update | CNF Task Force meeting on 16th moved to 31st of March, US governement support may help increasing open source „apps 5G”. https://zoom.us/j/219945081?pwd=ZEN3U3daem9oMGJuZ3BXZExCdldkUT09 | ogoing | SECCOM representatives will join this session with US military on open source secure software development for 5G. | ||||||||||||||||||||
Last PTL meeting |
| Requests were reviewed and recommendations will be provided to TSC for an approval. Still missing ones (38 for Java and 40 for Python). | ongoing | To find a solution to encourage PTLs to raise exception requests or simply complete the cleaning in their containers. | SECCOM requirements for Istanbul release | Template to be fulfilled per each requirement Associated Jira epics and stories to be created. | ongoing | To be checked whether for global requirements we could | Next PTLs meeting SECCOM topics | For next meeting open point for justification – not using basic image. SonarCloud scans percentage target. | ongoing | to be proposed to meeting agenda | Sonarcloud scans | Problem integrating jacoco (for an automated testing) unit test results with SonarCloud to create code coverage reports – ticket was opened to Sonatype. Impact: so 55% code coverage might be not reached by some projects (SDC, SO...). | ongoing | status of the ticket submitted to be checked with Jess. | Logs management – follow up by Samuli | Update from Samuli: security audit logs must be produced. What types of events to logging to security and what information must be logged to each log entry. Syslog RFC5424. | ongoing | Logging requirements for containers and what it means to manage logs. Stdout usage document to be shared by Fabian.
| Separate meetings with projects to be organized on SonarCloud code coverage target goals per project. Sonarcloud, gerrit and Jenkins feedback to be shared by Fabian. | ||
How to create secure applications | Following last request from Chaker and discussion at the last PTLs meeting Tony prepared proposal: https://wikilf-onap.onapatlassian.orgnet/wiki/display/DW/Secure+Programming+Practices | pending | SECCOM will provide comments, proposals by next week.Comments/proposals/modifications were provided. | pending | Chaker to be informed about this draft - e-mail to be sent by Pawel. In 2 weeks Next week PTLs to be updated with this proposal. Daylight savings | We keep for the moment UTC reference time, even if next week in US there is time shift. If there would be an alternative proposal, let's review it together. | done | ||||||||||||||||
OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 23rd OF MARCH'21. |
Recording:
View file | ||||
---|---|---|---|---|
|
SECCOM presentation:
View file | ||||
---|---|---|---|---|
|