...
| Jira No | Summary | Description | Status | Solution | |||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Service Mesh presentation by Andreas Geissler | Andreas presented 4 networking options. Option 3 with ISTIO and Sidecar was recommended by SECCOM as default. | started | Discussion with Byung to be continued during OOM meeting. | ||||||||
| David Wheeler presnetation presentation on SBOM and digital signatures | Operationalization of OpenSSF recommendations is not an easy topic... | Centos version | Was updated by Amy, thank you Maggie for sharing info and links. | CentoS 9-stream is not yet released. | Service Mesh | Byung is working on it - it is a prioritized topic for him. Andrew is working on it. Once deplouyed, we will move avway from AAF. then Authentication and Authorization policy. | OpenSSF recommedation | How to operationalize it? LF IT needs to make those capabilites available like in Marketplace. It is important to allign OpenSSF recommendations with the budget, resources and deployment activities on LF IT sideDavid's slides: https://docs.google.com/presentation/d/1BptlMG8kV14FutTMx3s9u4EnIL1Yzxt6-NID5H5XfAE/edit#slide=id.g13d496f372e_0_110 https://openssf.org/oss-security-mobilization-plan/
SBOM recommended to be part of build process. Package managers are good first step. SPDX in SECCOM uses package manager. Dan Lorenc wrote an interesting paper on what is inside the container. | |||
| Next LFN events | ONE Summit NA Registration Open
LFN Developer & Testing Forum NA Registration Open
| Proposals to be submitted. David was contacted and invited by Maggie to SECCOM meeting. | DevOPS Pipelines IRS presentation | Youtube link disappears ;-( | |||||||
SECCOM MEETING CALL WILL BE HELD ON 26th OF July'22. Session with David Wheeler on SBOM. | logging implementation discussion continuation. |
...
| View file | ||||
|---|---|---|---|---|
|
SECCOM presentation:
| View file | ||||
|---|---|---|---|---|
|