Versions Compared

Version Old Version 2 New Version Current
Changes made by

Paweł Pawlak

Paweł Pawlak

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Muddasar presented his deck:

SPDX is our preferred format for SBOM as part of ISO standard.

Jira No
SummaryDescriptionStatusSolution

Security Questionnaire for CPS

SECCOM reviewed final updates and completed review with positive results.

We will look for next candidate.

done

Final review is positive and will be provided by Pawel to CPS today!

Pawel to share with PTLs that we are looking for a next project.


5G suplerblueprint

Muddasar will provide presentation




LFX Security DashboardNeed to get link from Jess.
To be discussed at the next SECCOM.

SBOM global implementation in ONAP

-Ticket was opened by Muddasar to LF IT - Signed SBOM implementation for all ONAP project at Global level (IT-25341)

-TSC conditionally approved,

PTL no objections

-Jess confirmed turing turning on at the global JJB config.

ongoing 

Muddasar is doing follow up – check at the release date.

Security test cases review ongoing

Assessment criteria comments are welcome.

Muddasar to follow up with LF IT.

Pawel to share information with TSC for ONAP CI/CD Security Review. 

Security Questionnaire for CPS

Lee Anjella confirmed the completion of the updates on her side.

ongoingWe agreed for a final review next week.




Wrapping up the unmaintained repo task force

link

We wait till M4 for TSC presentation


Final list of unmaintained to be prepared for next SECCOM and M4 milestone (April 27th). 

PTL meeting (April 17th)

Matt will help us with CI pipeline review




TSC meeting (April 6th)

Marek elected as new Integration PTL

ONAP model changes

-Follow more CNCF approach – independent projects driven by use cases

-Integration assures network connectivity

-Complementary to Nephio which seems to be more infra focus while ONAP is application

-Minimum security and logging guidance is required 

API review for Montreal as part of Architecture Review Template

Byung to address with Chaker

SECCOM members to be invited for API review.What version of ONAP would be merging with Nephio

Ongoing discussions. We shall wait for Nephio's first release delivery in May'23.

Nephio is CRD based, custom API is generated dynamically. 

Subproject created for HELM support by Nephio with Nokia and E/// support13th)

Network Slicing Use Case update – we are looking for contributors

New ONAP mission statement discussion – moved to MAC for their advise

SECCOM CI/CD Security

June D&TF is the second week of June 6th -9th – virtual event only




Security test cases review Matt was contacted by Muddasar. Started exchanges on Ci/CD pipeline security.


SECCOM MEETING CALL WILL BE HELD ON 25th April 2023. CPS Security updated questionnaire review by SECCOM - final round with CPS team

Final list of unmaintained and packages upgrades for London release.

Automation, orchestration and security presentation at ONE by Muddasar.







Recordings: 

2023-04-18_SECCOM_week.mp4

SECCOM presentation:

2023-04-18 ONAP Security Meeting - AgendaAndMinutes.pptx