Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 2nd of November 2021.
Jira No | Summary | Description | Status | Solution |
---|---|---|---|---|
SECCOM weekly scheduling/timing | We start every Tuesday at 1 PM UTC (currently 2 PM CET) | |||
TSC meeting report |
Security tests below 100% were traced to two problems
- no exception in Java 8 in versions_xfail.txt for artifact-broker - Multicloud will add exception
- no exception for non-ssl endpoint in nonssl_endpoints.txt for sndc-callhome - SDNC will add exception
TSC approval for Istanbul RC and moved release signoff to 4 November.
Discussion of project and repo statuses
Requirements subcommittee: just few reqs for Jakarta: OOM repos moving to GitLab 1 week after Istanbul release – what will be the interface for end user. | ||
Istanbul security achievements | Draft slides presented to SECCOM. |
- Action Item: present Logging, feature template, and SBOM to other LFN projects
ongoing | Deck is ready to be presented at the next TSC meeting. | |||
ONAP code quality improvement | Kevin created a fake project to check the feature. Toine to be contacted by Fabian. | ongoing | Toine's detail to be provided by Pawel to Fabian. | |
SBOM update | To be confirmed if LFN would run SBOMs, as LFN signs the ONAP code. Kenny was contacted at least twice but no feedback. | ongoing | LF IT ticket to be |
opened by Muddasar |
Logging feedback: questions about fields; confirmation that the proposal is approved by SECCOM; need sidecar to provide metadata
We keep on using Friday's calls for topics to be discussed.
Moving bridge to zoom (ONAP13). Jess and David will be reached out by Muddassar as well to know where is the best step in the CI/CD pipeline for the SBOM creation. | ||||
PTLs meeting update | Meeting on November 1st was cancelled. | |||
Integration/OOM synch | Prometheus maintenance - OOM team does not want to maintain it outside of keeping most recent release due to limited resources. Dashboard already predefined and available for Prometheus in OOM: https://docs.onap.org/projects/onap-oom/en/latest/oom_setup_paas.html#prometheus-stack-optional Using basic image global requirement for Jakarta release. | ongoing | ||
CII Badging | Jira tickets to be created for remaining critical and blocking issues and tight them to req-443 for Jakarta release | ongoing | Tony and Amy will hadle it. | |
Jakarta release schedule | https://wiki.onap.org/display/DW/Release+Planning%3A+Jakarta Istanbul sign-off date is November 4th. | done | ||
Security requirements | Bob has templates for requirments submission. We will have to provide our reqs presentation to Requirements Subcommittee. | ongoing | Alla to be contacted. | |
Kubescape | Fabian had a meeting with Michal Jagiello. Fabian will do the comparison between Kube-scape and existing tools. | ongoing | ||
OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 9th OF NOVEMBER'21. | Reviewing requirements by SECCOM as part of the process. | Catherine to be addressed. To be discussed with Amy on Friday. |
Recording:
View file | ||||
---|---|---|---|---|
|
SECCOM presentation:
View file | ||||
---|---|---|---|---|
|