Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

ongoing
Jira No
SummaryDescriptionStatusSolutionUpdate on Unmaintained Projects task group

Unmaintained Project tg reviewing RACI matrix: https://wiki.onap.org/display/DW/Project+State%3A+Unmaintained

Use Jira TSC epic and project/work group tasks to track the retirement of a capability (project/repos) – create template

OOM contains unused/orphan code: discuss at next unmaintained projects call because it affects security and maintainability (step in the RACI matrix)

DCAEMOD repos are being removed in London

Test RACI process with AAF (unmaintained project) and DCAEMOD (unmaintained repos) – Muddasar will contact Vijay


PTLs meeting – August 29th

Tool for automated gerrit reviews – presented by Tony and Vijay, Focus on quality of the push, versions compatibility, copy rights notices consistency. Operational in DCAE. Trial for python and java projects.


ongoingThis could be shared at the DTF with all LFN projects. Amy will try to share information about this tool with LFN Governance Board as tool is applicable widely.

Update on the Security Logging Fields and Global Requirement

 

Bob updated PTLs at the 8/22 PTL call

DCAE will deliver logging updates in London

will socialize python & javascript POCs with PTLs: May need python & js POCs

Use language indicator on SonarCloud dashboard to determine programming language

ongoingSBOM creation 

dcaegen2-collectors-ves SBOM successful

CPS SBOM working

4 successful project SBOMs created

ongoing

Superblueprint

Update from 8/16 Super Blueprint meeting (Muddasar)

  • Use cases to be added, limited resources to go with E2E solution integration.
    • Ultra low latency use case – video monitoring
  • Status of lab infrastructure – decided which labs to use
  • Open source
    • Core: open 5GC & Aarna Networks 5G core based on open source.
    • gNodeB
    • Orchestrator: ONAP
  • Amy will invite Martial to demo his work to SECCOM

Use cases to be added, limited resources to go with E2E solution integration.

Weekly meetings: https://wiki.lfnetworking.org/pages/viewpage.action?pageId=50528282

Architecture: https://wiki.lfnetworking.org/pages/viewpage.action?pageId=53609061

Roadmap: https://wiki.lfnetworking.org/display/LN/5G+Super+Blueprint+Roadmap

Requirements and Use case Advisory Group: https://wiki.lfnetworking.org/display/LN/Requirements+and+Use+Case+Advisory+Group

Use cases: https://wiki.lfnetworking.org/pages/viewpage.action?pageId=68792322

Use cases to be added, limited resources to go with E2E solution integration.

Muddasar tasked with specifying detailed use case requirements for creating secure slices: least privilege

Eric Kline performing streaming analytics on data to use in closed loop slicing automation

ongoingLogistic from program perspective needs to be improved.OOM

Ericsson OOM team is focused on the ONAP security reference implementation.

Logging reference implementation is second priority work item for now.

Code link was shared with SECCOM before (nordix), but not yet contributed to ONAP

PTL meeting – August 22th

Short meeting (Bob attended)

  • Bob presented logging
  • Upcoming events
  • Release updates

TSC meeting – August 18th

No one on SECCOM call attended

Pawel and Amy submitted proposal: ONAP’s Recipe for Managing CVEs and Securing Open Source Software

Byung will present service descriptor and potentially new ONAP security architecture with service mesh.

LFN Developer & Testing Forum NA 

Productization of Assured Opensource Software - Muddasar

SBOM implementation and challenges in ONAP - Muddasar

5G orchestration with ONAP, AI and ML. - Maggie

Brian to be asked by Muddasar as co-presenter for SBOM.

by Bob, info about languages used by ONAP projects based on SonarCloud. 

Image Added

Python project volunteer needed.

ongoingBob to open a ticket to LF IT- done: https://jira.linuxfoundation.org/plugins/servlet/theme/portal/2/IT-24461 with Sonarcloud scaning capabilities enhancements.

ODL code transition to ONAP

Potentially better maintained in ONAP.

startedScans to be done as for every other 

SECCOM MEETING CALL WILL BE HELD ON 6th OF September'22. 






Recordings: 

View file
name2022-08-30_SECCOM_week.mp4
height150

SECCOM presentation:

View file
name2022-08-30 ONAP Security Meeting - AgendaAndMinutes.pptx
height150