Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Jira No
SummaryDescriptionStatusSolution

Logging security discussion Follow-up discussion by Byung:

After meeting Justin shared his script and mentioned node level Fluentbit deployment (different name space with different privilege level). 

Adrien is working on node level logging.

Node vs. pod level logging update, pods logs visible but not yet with content, kyverno used for policy management

ongoing

Andrew from Byung's team will check feasibility for continues working on pod level logging.

Next week conclusion expected.



CPS Security review questionaire by Tony

Slot for a meeting with CPS team under setup.

ongoing

Security issues raised by External researchersLatest weekly scans
  • IT-24999 Security Issue - Sensitive information leakage – Fiachra was contacted, waiting for his feedback
  • IT-25000 vulnerability detected (DMARC RECORD MISSING) – feedback shared with researcher
ongoingUnmaintained projects

Repos without merge (for last 1 year) identified. Merges by Thomas and Cedric to be excluded.

ongoingAt the next PTL meeting Jan 23rd list to be reviewedSecurity review questionaire CPS team has mostly completed their security review. Tony will be scheduling a meeting with them to answer a few questionsongoing

Update to SECCOM to be provided by Tony next week

TSC meeting (12th January)

  • Summary from meeting held on January 11th with OSC (Martin Skorupski)
  • ODL feedback on projects without PTL and new idea of special squad team from Lukasz
  • China Mobile feedback for ONAP

PTL meeting (16th January)

Cancelled due to day off in US

London recommended versions

https://wiki.onap.org/display/DW/Database%2C+Java%2C+Python%2C+Docker%2C+Kubernetes%2C+and+Image+Versions

ongoing

Upcoming D&TF 

Please register!, TopicsPageis OPEN! 

-SECCOM proposals (TBD):

  • Container signing
  • SBOMs – next steps
  • London release requirements - update
ongoing

Python PoC by Bob

Environment for testing is available

ORAN SC is actively using Pylog, libraries under testing, 

ongoingFiachra to be contacted.

TSC meeting (19th January)

  • Bell Canada feedback for ONAP
  • LF Networking Mentorship Program
  • SECCOM: OOM upgrades for Java and Python.
  • What to do with projects without PTL and Global Requirements related tickets for London release.
  • Nephio exchanges initiated



PTL meeting (23rd January)

Waiting for a feedback from Andreas.Tickets for Global Requirements

-Epic REQ-437: COMPLETION OF PYTHON LANGUAGE UPDATE (v2.7 → v3.8)

-Epic REQ-438: COMPLETION OF JAVA LANGUAGE UPDATE (v8 → v11)

ongoing
  • Andreas was asked to check with Michal on new weekly scan execution



London recommended versions

https://lf-onap.atlassian.net/wiki/display/DW/Database%2C+Java%2C+Python%2C+Docker%2C+Kubernetes%2C+and+Image+Versions




SECCOM MEETING CALL WILL BE HELD ON January 31st 2023. 

Node vs. pod level logging update by Byung.

CPS Security review questionaire by Tony.





Recordings: 

2023-01-24_SECCOM_week.mp4


SECCOM presentation:

2023-01-24 ONAP Security Meeting - AgendaAndMinutes.pptx