Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Slides presented by Maggie:

Proposal on using ONAP to enhance the security of 5G Architecture to use Data Analystics. DAta Analytics system in ONAP to be used to detect anomalies.

Slides presented by Fabian:

Sonar only checks the Master. We need to analyse the code beefore merge.

Jira No
SummaryDescriptionStatusSolutionNSA contribution proposal for ONAP securityongoing

Both Vijay and Tony to provide support for NSA teamJava and python upgrades in Istanbul release

We do not plan on creating tickets for unmaintained projects, instead we should add those repos to Morgan’s exception list.

Looking for info on which projects are responsible for the following repos:(responses from PTLs in parentheses)

  • ejbca-ejbca (testing)
  • esr-gui (unmaintained - exclude)
  • esr-server (unmaintained - exclude)
  • message-router, message-router-kafkamessage-router-zookeeper (DMAAP)
  • framework-artifactbroker (MULTICLOUD)
  • awx-celery, awx-rabbit,awx-web (testing)
  • robot (testing & integration)

Additional jiras to be created excluding the ones related to testing that will go to whitelist.

Awx to be checked in what context it is used for testing - Morgan to be asked.

Security and critical vulns per project

Orange developer strated with DMaap: 421 issues down to 53 - at the last PTLs meeting DMaaP PTL promissed to review the proposed changes and merge it.

Next step will be to analyze SO.


NSA contribution proposal for ONAP security

Vijay reached-out Maggie, establishing contact with relevant ONAP community members.

ongoingNext meeting to be booked.

CNF Task Force enterprise business workgroup 

Next meeting Meeting on April 14th at 2:30 00 UTC

Work with O-RAN to use ONAP for service management and orchestration, how to handle Magma - no decision yet on how to treat access control gw? ONAP Architecture Subcommittee to be involved.

ongoingProgress tracking for Python and Java upgrades

In begining of March still Python 2.7  (40) and Java 8 (38) the containers -> last week: (23/67) Java (28/105), so considerable progress observed!

Some items might be due to LF pipeline.

ongoingWe will track upgrades with Jira tickets in Instanbul releaseFeedback collection on Magma

[WAIVERS] Set Honolulu security waiversMerge donedone

Meeting with Jess and SECCOM on Jenkins/Gerrit and SonarCloudMeeting done on April 15th - integration between Wikimedia and Sonar:

ongoingFabian will come back to us with an update.

Slide deck for new Global Requirements

No slot again at the last TSC, although booked.


To be presented at the incoming TSC meeting - slot in the next agenda to be booked again and e-mail to be - e-mail request was sent to TSC districution list.

Security and critical vulns per projectOrange developer strated with DMaap: 421 issues down to 53!ongoingNext step for PTL to merge the code.SonarCube and integration with GerritongoingMeeting to be organized by Pawel with Jess and Orange team.

distribution list


Waiting for TAC approval

Training for SonarCloud

Please refer to slides 4 and 5 of in the slide deck below for a complete list of the questions.

Additional question identified on possibility to integrate SonarCloud with Gerrit – scan before merge.

ongoingQuestions Updated list of questions to be shared by Jess with SonarCloud team.

Last PTL meeting
  • Feedback from follwoing projects: DCAE, DMaaP, SDC and SDNC/CCSDK – need to directly discuss with those projects
  • Phase 1: move existing logs to STDOUT
  • Phase 2: to see how we can decide something that is usable by any component (pattern for logs)
  • Phase 3: add request id
  • Chaker’s feedback on Logging guidelines v1.1

To check with Chaker where logging guidelies doc is located on the Wiki - already found:

ONAP Application Logging Guidelines v1.1.CII Badging – automation support for Tony
Dave Wheeler was able to create a base library that could be used to do an update. Tony created a Python script that would allow updates to big number of projects based on configuration file.ongoingNext step is to get additional people and try it out - especially David McBride. Code is available in Tony's GitHub private area.

Container logging requirements

Container application logging ok but for container not.

Logging is stored in stdout, how it gets out of the container?. 

Kubernetes can capture both stdout and stderr. Additional component is needed like FluentD to push those logs to an external system.

How does container know from which container logs come from?

It is important to know what security information in the logging has

ongoingGeneral link to requirements to be added.



View file

SECCOM presentation:

View file
name2021-04-20 ONAP Security Meeting - AgendaAndMinutes.pptx

View file