Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Jira No
SummaryDescriptionStatusSolution

Logging security discussion by Byung

Node vs. pod level logging update, pods logs visible but not yet with content, kyverno used for policy management

ongoing

Andrew from Byung's team continues working on pod level logging.

.

Meeting with Justin and Maggie scheduled later today by Byung.

ongoing

Next week conclusion expected.



CPS Security review questionaire by Tony

Slot for a meeting with CPS team still under setup.

ongoing

Security issues raised by External researchers
  • IT-24999 Security Issue - Sensitive information leakage – Fiachra was contacted, still waiting for his feedback
ongoing

Upcoming D&TF 

Please register!, TopicsPageis OPEN! 

London release requirements - update

-SECCOM proposals (TBD):

  • Container signing
  • SBOMs – next steps
  • https://wiki.lfnetworking.org/display/LN/2023-02+LFN+Developer+Event+Topics+February#id-202302LFNDeveloperEventTopicsFebruary-ONAPTopics 

    ongoing

    Python PoC by Bob

    Environment for testing is available

    ORAN SC is actively using Pylog, libraries under testing, 

    ongoingWork in progress. Fiachra still to be contacted.

    TSC meeting (19th 26th January)

    • Bell Canada feedback for ONAP
    • LF Networking Mentorship Program
    • SECCOM: OOM upgrades for Java and Python.
    • What to do with projects without PTL and Global Requirements related tickets for London release.
    • Nephio exchanges initiated

    PTL meeting (23rd January)

    London recommended versions

    https://wiki.onap.org/display/DW/Database%2C+Java%2C+Python%2C+Docker%2C+Kubernetes%2C+and+Image+Versions

    Architecture Subcommittee shared London status: niorttech.net




    PTL meeting (30th January)

    Review of Release Management tasks – started

    • Looks like there is overlap between Architecture Subcommittee and PTLs tasks.



    Unmaintained projects update

    Jira tickets to be issued for repos (34!) where no changes for last 12 months done.

    ongoing

    Adoption of security practices

    TAC meeting will be addressing it on Wedesday.

    • SBOMs autogeneration
    • signing artifacts - Maven central does not support Sigstore - to be elaborated
    • ORAN Alliance has some signing recommendations already

    NTIA recommendation on integrity protections on SBOMs to be reviewed by Amy


    NSA has just joined ORAN Alliance.

    Security logging support by Bob for AI/ML - 25 use cases proposed.




    SECCOM MEETING CALL WILL BE HELD ON January 7th February 2023. 

    Node vs. pod level logging update by Byung.

    CPS Security review questionaire by Tony.





    Recordings: 

    2023-01-31_SECCOM_week.mp4


    SECCOM presentation:

    2023-01-31 ONAP Security Meeting - AgendaAndMinutes.pptx