Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Jira No
SummaryDescriptionStatusSolution

ONAP disaggregation impact on SECCOM activities

Disaggregation is getting its momentum.

5-10% of projects time to be focussed on integration efforts.

Aarna used EMCO to deploy slices, the same could be done with ONAP.

ONAP is still handling high level orchestration if it comes to CNF orchestration it is delegated to Nephio. EMCO is talking about connecting to Nephio.

We are looking at dev side of the security which is half part picture.

Imact analysis is needed for ONAP disaggregation with focus on security, testing etc.




LF IT CI/CD security review

Muddasar is not getting support for the ticket opened 1 month ago:

 IT-25429 Review of ONAP CI Threat Model and Security Controls

Pawel to check with Sandra on Wednesday's meeting.DTF virtual event

Presentation provided by Pawel and SECCOM team to share security goals for Montreal release and latest achievements/news.

Tony participated in the road to gold presentation by CPS.

APIs in ONAP shall be well cataloguized and standards around those APIs well secured (TLS communication etc.).

We are still looking at infrastructure-as-a-code and not yet data-as-a-code.

Bob participates in Working Group 11.

User side is missing or is insufficient, while product security is more leveraged.

doneByung to share with CPS team SECCOM Kudos for their great work done around CPS security.

Matt confirmed he will setup a meeting with Muddasar to better understand what is expected




CPS Road to gold 

CPS PoC under preparation – Jess is configuring 2FA for committers - done.

OJSI list communication with Jess -some members should be removed/added


Amy to check with Jess on updated list for OJSI distribution list.

5 Years security questionnaire for Policy project

-https://wikilf-onap.onapatlassian.orgnet/wiki/display/DW/PF+-+ONAP+Security+Review+Questionnaire

stratedPawel to check with Liam if the work is completed on Policy project side. DONE

Security review in ARCCOM

For ONAP architecture review security is part of the template

-Confirmation from Policy project received about review completion.

ongoingTony to share initial feedback with Policy team. Next discussion point is 18th of July.

Latest weekly scans – still looking for owner of zk-tunnel-svc

Bob reviewed gerrit logs.




PTL meeting (June 12th19th)

Cancelled




TSC meeting (June 15th)

Presentation Update on new Global Requirement: Use Native Service Mesh Authentication and Authorization for Intra-ONAP Communication

  • Meeting with Infosys team still to be organized on Wednesday June 21st.

Gerrit upgrade re-planned by Kevin right - after RC milestone (after TSC meeting on Thursday)

Pawel to invite Infosys (Gnanapriya) team to OOM meeting. Andreas to be informed. DONE

TSC meeting (June 1st)

Intro provided for new Global RequirementAndreas will let Kevin know when upgrade could be provided

Kevin to prepare info on which version and what are the drivers for an upgrade 


Meeting with Infosys done. They will do the analysis. Access to environment will be crucial.

Jira ticket for the new Global Requirement to be issued.


Badging Dashboard

Projects in unmaintained status still have active badging questionnaire

David was asked to help in marking quesionnaire as unmaintained, Tony organized meeting with David to show what needs to be done.

Latest weekly scans

Marek was able to initiate latest run of scans.

Results are progressing, cassandra and zk-tunnel-svc to be further elaborated.

Marek does not know which project is using zk-tunnel-svc - it is not in Jenkins.

ONAP-discuss question was raised but still no feedback so far.

Robert Heinemann No references of "zk-tunnel-svc" were found in:

- https://nexus-iq.wl.linuxfoundation.org/assets/index.html#/dashboard/

- https://nexus.onap.org/

- https://nexus3.onap.org/

ongoing

Bob will try to review gerrit logs

Changes are made.




SECCOM MEETING CALL WILL BE HELD ON 27th JUNE 2023. 







Recordings: 

2023-06-20_SECCOM_week.mp4

SECCOM presentation:

2023-06-20 ONAP Security Meeting - AgendaAndMinutes.pptx