...
Jira No | Summary | Description | Status | Solution | SBOM global implementation in ONAP | -Ticket was opened by Muddasar to LF IT - Signed SBOM implementation for all ONAP project at Global level (IT-25341) -TSC conditionally approved, PTL no objections -Jess confirmed turing on at the global JJB config. | ongoing | Muddasar is doing follow up – check at the release date. | Security test cases review | ongoing | Assessment criteria comments are welcome. Muddasar to follow up with LF IT. Pawel to share information with TSC for ONAP CI/CD Security Review. | Security Questionnaire for CPS | Lee Anjella confirmed the completion of the updates on her side. | ongoing | We agreed for a final review next week. | TSC meeting (April 6th) | Marek elected as new Integration PTL | ONAP model changes | -Follow more CNCF approach – independent projects driven by use cases -Integration assures network connectivity -Complementary to Nephio which seems to be more infra focus while ONAP is application -Minimum security and logging guidance is required |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
API review for Montreal as part of Architecture Review Template | Byung to address with Chaker | SECCOM members to be invited for API review. | What version of ONAP would be merging with Nephio | Ongoing discussions. We shall wait for Nephio's first release delivery in May'23. Nephio is CRD based, custom API is generated dynamically. Subproject created for HELM support by Nephio with Nokia and E/// support. | Review of the deck prepared by Muddasar | "Building a better 5G future..." for OSS associated conference (May 9th). | started | ||||||||||||
SBOM Types & Minimum Requirements for VEX Documents - shared by Muddasar | Improvements in SBOMs and sharing info on vulnerabilities. The Types of SBOM document summarizes common types of SBOMs that tools may create in the industry today, along with the data typically presented for each type of SBOM. As software goes from planning to source to build to deployed and used, tools may be able to detect subtle differences in the underlying components. These types will allow for better differentiation of tools and in the broader marketplace. The Minimum Requirements for VEX document specifies the minimum elements to create a VEX document. This will allow interoperability between different implementations and data formats of VEX. It will also help promote integration of VEX into novel and existing security tools. This document also specifies some optional VEX elements. Today ONAP supports pull method for SBOM. | started | |||||||||||||||||
LFX Security Dashboard | ongoing | Amy will meet with Jess later today. | |||||||||||||||||
Final list of unmaintained and packages upgrades for London release | We wait till M4 for TSC presentation. | ongoing | Fix to be provided for packages upgrades. | ||||||||||||||||
PTL meeting (April 24th) | Liam will provide his feedback on Policy interest to participate in Security Questionnaire for next project | ongoing | |||||||||||||||||
CPS presentation for DTF virtual event | Tony is open to help and contribute. | ||||||||||||||||||
TSC meeting (April 20th) | ONAP Takeaways summary | ||||||||||||||||||
SECCOM MEETING CALL WILL BE HELD ON 9th May 2023. CPS Security updated questionnaire review by SECCOM - final round with CPS team. |
Recordings:
SECCOM presentation:
2023-04-25 ONAP Security Meeting - AgendaAndMinutes.pptx