Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Jira No
SummaryDescriptionStatusSolution

MVP definition for flow matrix

MVP definition – initial proposal for the run time shared with Architecture Subcommittee, and no specific comments received – only to take into account also new project: Configuration Persistence Service which was just approved by TSC.


Flow matrix is must have from SECCOM perspective.

Maintenance of the YAMLs:

Sylvain to be addressed.

Common repoto host YAML files:

Repo seems to be a better choice (as it has source control). Potential problem with synch between repo and Wiki.

Creating sub-wiki

Amy might help if Natacha has any problem. Impact of change of source YAML file and changes in documenattion - for a small change it is not the case.

 ongoing

Pierre to check with Martial if we could work with CLAMP for flows documentation.

Tool (Cidium?) to get flow matrix information to be elaborated by Fabian.

To be checked with Eric and Catherine to get buyin from TSCs. Information to be provided by Fabian to Amy.


Harbor integration

Meeting with Jessica was organized to discuss next steps and explain activity goals. Key features of Harbor:

  • use of Trivi to san the images
  • sign the image with Notary
ongoing

Action point for Fabian to provide requirements for Harbor to Jessica and use Jenkins sandbox.

Fabian to run an internal meeting with his team and comeback to SECCOM with those 2 features utilization idea. 


vF2F summary

Multiple presentations provided:

  • SECCOM with packages upgrades, vulns management, Guilin restrospective and Honolulu non-functional requirements
  • Service Mesh update
  • Python migrations
  • AAI usage of Keycloak for RBAC
done

Known vulnerabilities analysis for Honolulu

Our and effort projects bring value in decreasing the rsecurity isks

  • Policy, Oparent, SDNC, UsecaseUI and CLAMP are the most advanced, well done!
  • Appreciated efforts on Portal, CCSDK, OOF, SDC side
  • Amir's suport very much appreciated!
ongoing

Honolulu non functional requirements
  • Continue packages upgrades in direct dependencies (REQ-439)
  • Continue Java (REQ-438) and Python migrations (REQ-437)
  • After Service Mesh PoC - new requirements might arrive.
  • Harbor requirement. In Harbor:
    • you can sign the image and you can share the key with an application that has an account to pull or to push the image
    • possibility to scan the image all the time and send warning
    • Harbor deployed in run time while Whitesource and Nexus-IQ during the development.
  • Logs management:
    • common place for data - all applications should generate logs that can be collected by Kubernetes (target for next release) – Honolulu requirement (REQ-441)
    • common format for data - format of minimum data that we want that is useful (target for Istambul release)
  • SIEM integration:
    • integration like for the other applications with SIEM, have the same protocol used
    • logs from ONAP to SIEM, falco tool to be considered (IDS for Kubernetes)
    • alarms when security issue
  • CII Badging: (REQ-443), Focus on Application Security questions:
    • Crypto Credentials Agility – ½ od apps in met and almost half not yet answered
    • Implement Secure Design – 1/3 of projects did not answer
    • Crypto Weaknesses – tests to be applied (3 including Morgan)
  • HELMv3 migration (REQ-442)
doneTest use cases and ac ceptance criteria shall be prepared for each requirement. 

ONAP Release milestones

Non functional requirements to be provided by 16th of October

RC0 - October 12th 

RC1 - October 22nd


done

Java and Python upgradeFinal list of the projects that require upgrades to be created. 
Amy to check with Morgan and Sylvain.


OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 27th OF OCTOBER'20. 

Secrets management if possible.



...