Versions Compared

Old Version 1

changes.mady.by.user Paweł Pawlak

Saved on

compared with

New Version Current

changes.mady.by.user Paweł Pawlak

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 17th of January 2023.

Jira No
SummaryDescriptionStatusSolution

Weekly scans re-enabled with Michal’s support:

https://logs.onap.org/onap-integration/weekly/onap-weekly-dt-oom-kohn/2022-11/28_09-30/

-Fiachra responded with srimzi-zk-entrance:

  • This container is required by dmaap message router to connect directly to the strimzi zk for storing some metadata.
  • Strimzi locks it's zk cluster by default and this was advised as a "hack/temporary" solution for MR.
  • https://github.com/scholzj/zoo-entrance
  • I do see that the base image was updated recently though so not sure where the old java version is coming from.
  • AP: to identify where it is getting picked up from
ongoingE-mail with feedback was shared with Fiachra

Logging security discussion 

Follow-up by Byung:

After meeting Justin shared his script and mentioned node level Fluentbit deployment (different name space with different privilege level). 

Adrien is working on node level logging.

ongoing

Andrew from Byung's team will check feasibility for pod level logging.

Next week conclusion expected.



Security issues raised by External researchers-
  • IT-24999 Security Issue - Sensitive information leakage
-
  • – Fiachra was contacted, waiting for his feedback
  • IT-25000 vulnerability detected (DMARC RECORD MISSING) – feedback shared with researcher
ongoingDetails to be reviewed by Pawel and Amy on January 13th. 

Unmaintained projects Unmaintained projects

Repos without merge (for last 1 year) identified, at . Merges by Thomas and Cedric to be excluded.

ongoingAt the next PTL meeting Jan 23rd list to be reviewed. Merges by Thomas and Cedric to be excluded.ongoing

Security review questionaire CPS team has mostly completed their security review. Tony will be scheduling a meeting with them to answer a few questionsongoing

Update to SECCOM to be provided by Tony next week


TSC meeting (5th 12th January)

  • Synch Summary from meeting held on January 11th with OSC (Martin Skorupski)
  • New ODL feedback on projects without PTL and new idea of special squad team to deal with projects without PTLsUpdated London release schedulefrom Lukasz
  • China Mobile feedback for ONAP



PTL meeting (9th 16th January)

Check with Fiachra on srimzi container

Logging security discussion (recording reference: starting from 17:15)

Justin Garrard (jagarra@uwe.nsa.gov) presented onap-log-inject.pptx and demo.

ONAP logging requirements:  ONAP Next Generation Security & Logging Architecture.

OOM wanted to have logging at the node level.

Moving Collection Agent to PoD level from Node level avoids security issue. 

startedFurther exchanges to be done on that topic, pushing Fluentbit to the pod makes sense from security perspective

Cancelled due to day off in US




London recommended versions

https://lf-onap.atlassian.net/wiki/display/DW/Database%2C+Java%2C+Python%2C+Docker%2C+Kubernetes%2C+and+Image+Versions




Latest weekly scans

https://logs.onap.org/onap-integration/weekly/onap-weekly-dt-oom-kohn/2022-11/28_09-30/security/versions/versions.html




Tickets for Global Requirements

-Epic REQ-437: COMPLETION OF PYTHON LANGUAGE UPDATE (v2.7 → v3.8)

-Epic REQ-438: COMPLETION OF JAVA LANGUAGE UPDATE (v8 → v11)

ongoingWaiting for a feedback from Andreas.

SECCOM MEETING CALL WILL BE HELD ON January 24th 2023. 

Node vs. pod level logging update by Byung.

CPS Security review questionaire by Tony.





Recordings: 

2023-01-17_SECCOM_week.mp4


SECCOM presentation:

2023-01-17 ONAP Security Meeting - AgendaAndMinutes.pptx