Page Comparison

Updates of associated Jira epics and stories

HELMv3

CII Badging

• Packages

LFN Developer & Testing Forum - Feb 1 - 4, 2021.

SECCOM proposals:

• Global requirements and DCAE testimony on Java migration with packages upgrades – Focus on most commonly used packages
• CII Badging – 3 items: additional verification test for crypto weakness (integration team to be addressed), crypto credentials, secure design
• Service Mesh update (TBC with Krzysztof)?

Discussion with Michal and commitment from his side to support DCAE

• DCAE jiras review:

Python: DCAEGEN2-2494, DCAEGEN2-2427

Java: DCAEGEN2-2428, DCAEGEN2-2381

ODL prepares ONAP distribution for each of their releases. Dan will be basing our Honolulu release on their Aluminum release.  Right now working on porting to the current Aluminum service release ( SR1).  There’s another service release (SR2) that should be available before our code freeze, so Dan anticipates that we’d upgrade to SR2 when it’s available.

• - crypto verification private and implement secure design
• PoC Security documentation and assurance cases:with DCAE and CPS
• Integrate SonarCloud crypto findings as an integration test
• Integrate SonarCloud coverage results as integration test: block on decreases in code coverage, provide exception process
• PoC Service Mesh

Sonarcloud crypto takeaways

Weak crypto report from Sonarcloud. Jiras to be opened. How to get a report with API to be figured out. 5 cathegories of findings: certificate validation, host name of certificate, using secure mode and padding, using weak protocols, encoding passwords as plain text.  

Logs management – what to do next?

We come back to this topic during next meeting (in February 9th)