Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 4th of February 2020.
| | | | |
|---|
| Java and the new model of licensing for Oracle JDK versus Open JDK – Natacha | Oracle JDK which is commercial - benefits updates Open JDK - like open source so free of charge but support for java 11 but not earlier versions. | Presentation was submitted to recent TSC meeting to ensure the common understanding of the risk. | TSC wants to know which distribution of the OpenJDK is used – Integration team/OOM to be contacted - discussion planned for next status meeting on Wednesday. SECCOM cares Java 11 and not particular distribution - we appreciate common image from governance perspectiveand harmonization - coordination on release manager side. Next steps: E-mail to be sent to Morgan with Pawel B. in copy to confirm if image is already created. |
| Secrets management | Agreement achieved last week (Krzysztof and Samuli) | Written description is needed on the Wiki. | Once we have a written recommendation, it would be reviewed at the next SECCOM meeting and further presented at the TSC for an prroval - once gained it would become best practice. |
| Script for automatic jira ticket generation of direct dependencies to be upgraded was successfully tested with CLAMP by Julien and Pierre. | 2 scripts were created in Python - script 1: uses maven and creates json of direct dependencies to be upgraded
- script 2: takes json generated by script 1 and creates Jira tickets for each package to be upgraded
| Scripts were reviewed as well as CLAMP. No specific feedback from SECCOM received from demo till today. | Nexts steps: - Wiki with script description to be created
- Before creating a ticket script could check if it does not exist.
- Scripts available under Julien's github: https://github.com/JulienBe/onap-dep
- Present solution to PTLs and get feedback on how to integrate the scripts into the ONAP development cycle to generate the project jiras for package upgrades
|
| New xtesting security docker has been integrated end of last week. |
| Meeting on Wednesday with OOM and Integration. | Update next week. |
| Frankfurt M2/M3 scorecard SECCOM requirements update | Items reviewed: | Jira Legacy |
|---|
| server | System Jira |
|---|
| columns | key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution |
|---|
| serverId | 4733707d-2057-3a0f-ae5e-4fd8aff50176 |
|---|
| key | REQ-207 |
|---|
|
|
SECCOM Code coverage| Jira Legacy |
|---|
| server | System Jira |
|---|
| columns | key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution |
|---|
| serverId | 4733707d-2057-3a0f-ae5e-4fd8aff50176 |
|---|
| key | REQ-215 |
|---|
|
|
SECCOM Containers configured per secure recommendation| Jira Legacy |
|---|
| server | System Jira |
|---|
| columns | key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution |
|---|
| serverId | 4733707d-2057-3a0f-ae5e-4fd8aff50176 |
|---|
| key | REQ-219 |
|---|
|
|
SECCOM Java 11 migration from v8| Jira Legacy |
|---|
| server | System Jira |
|---|
| columns | key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution |
|---|
| serverId | 4733707d-2057-3a0f-ae5e-4fd8aff50176 |
|---|
| key | REQ-223 |
|---|
|
|
SECCOM CII badging – meet targeted Silver and Gold requirements| Jira Legacy |
|---|
| server | System Jira |
|---|
| columns | key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution |
|---|
| serverId | 4733707d-2057-3a0f-ae5e-4fd8aff50176 |
|---|
| key | REQ-227 |
|---|
|
|
SECCOM Complete the OJSI backlog| Jira Legacy |
|---|
| server | System Jira |
|---|
| columns | key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution |
|---|
| serverId | 4733707d-2057-3a0f-ae5e-4fd8aff50176 |
|---|
| key | REQ-231 |
|---|
|
|
SECCOM HTTPS communication vs. HTTP| Jira Legacy |
|---|
| server | System Jira |
|---|
| columns | key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution |
|---|
| serverId | 4733707d-2057-3a0f-ae5e-4fd8aff50176 |
|---|
| key | REQ-235 |
|---|
|
|
SECCOM Password removal from OOM HELM charts| Jira Legacy |
|---|
| server | System Jira |
|---|
| columns | key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution |
|---|
| serverId | 4733707d-2057-3a0f-ae5e-4fd8aff50176 |
|---|
| key | REQ-239 |
|---|
|
|
SECCOM Communication Matrix| Jira Legacy |
|---|
| server | System Jira |
|---|
| columns | key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution |
|---|
| serverId | 4733707d-2057-3a0f-ae5e-4fd8aff50176 |
|---|
| key | REQ-243 |
|---|
|
|
SECCOM Containers and Kubernetes secure configuration recommendation| Jira Legacy |
|---|
| server | System Jira |
|---|
| columns | key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution |
|---|
| serverId | 4733707d-2057-3a0f-ae5e-4fd8aff50176 |
|---|
| key | REQ-247 |
|---|
|
|
SECCOM Coverity integration by end of Frankfurt| Jira Legacy |
|---|
| server | System Jira |
|---|
| columns | key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution |
|---|
| serverId | 4733707d-2057-3a0f-ae5e-4fd8aff50176 |
|---|
| key | REQ-251 |
|---|
|
|
SECCOM Ingress controller| Jira Legacy |
|---|
| server | System Jira |
|---|
| columns | key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution |
|---|
| serverId | 4733707d-2057-3a0f-ae5e-4fd8aff50176 |
|---|
| key | REQ-263 |
|---|
|
|
SECCOM Perform Software Composition Analysis - Vulnerability tablesTemplate to be created.
| OJSI status update - projects to be reasked - if no feedback - slot to be assigned on the next PTL call CII Badging - Jira tickets to be isued with script usage. Some answers from hardening questions. |
| ONES NA CFP | SECCOM presentations submitted: - ODL and ONAP (Pawel & Luis)
- Password generation with ONAP (Krzysztof)
- Cloudnative deployment of ONAP with ingress controller (Krzysztof)
- Kubernetes and security aspects (Samuli & Amy)
| To be further discussed the scope of SECCOM F2F in LA: ONAP security requirements and allignment with VNF security requirements VNF security requirements CMPv2 update Buiding containers in an unified way for ONAP |
|
| OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 11TH OF FEBRUARY'20 |
|
|
|
| View file |
|---|
| name | 2020-02-04_SECCOM_week.mp4 |
|---|
| height | 150 |
|---|
|
...