Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Muddasar presented his deck:

SPDX is our preferred format for SBOM as part of ISO standard.

Jira No
SummaryDescriptionStatusSolution

SBOM global implementation in ONAP

-Ticket was opened by Muddasar to LF IT - Signed SBOM implementation for all ONAP project at Global level (IT-25341)

-TSC conditionally approved, PTL no objections

-Jess confirmed turing on at the global JJB config.

ongoing 

Muddasar is doing follow up – check at the release date.

Security test cases review ongoing

Assessment criteria comments are welcome.

Muddasar to follow up with LF IT.

Pawel to share information with TSC for ONAP CI/CD Security Review. 

Security Questionnaire for CPS

Lee Anjella confirmed the completion of the updates on her side.

ongoingWe agreed for a final review next week.

TSC meeting (April 6th)

Marek elected as new Integration PTL

ONAP model changes

-Follow more CNCF approach – independent projects driven by use cases

-Integration assures network connectivity

-Complementary to Nephio which seems to be more infra focus while ONAP is application

-Minimum security and logging guidance is required 


API review for Montreal as part of Architecture Review Template

Byung to address with Chaker

SECCOM members to be invited for API review.What version of ONAP would be merging with Nephio

Ongoing discussions. We shall wait for Nephio's first release delivery in May'23.

Nephio is CRD based, custom API is generated dynamically. 

Subproject created for HELM support by Nephio with Nokia and E/// support.

Review of the deck  prepared by Muddasar"Building a better 5G future..." for OSS associated conference (May 9th). started

SBOM Types & Minimum Requirements for VEX Documents - shared by Muddasar

Improvements in SBOMs and sharing info on vulnerabilities.

The Types of SBOM document summarizes common types of SBOMs that tools may create in the industry today, along with the data typically presented for each type of SBOM. As software goes from planning to source to build to deployed and used, tools may be able to detect subtle differences in the underlying components. These types will allow for better differentiation of tools and in the broader marketplace.

The Minimum Requirements for VEX document specifies the minimum elements to create a VEX document. This will allow interoperability between different implementations and data formats of VEX. It will also help promote integration of VEX into novel and existing security tools. This document also specifies some optional VEX elements.

Today ONAP supports pull method for SBOM.

started

LFX Security Dashboard

https://security.lfx.linuxfoundation.org/

ongoingAmy will meet with Jess later today.

Final list of unmaintained and packages upgrades for London release 

link

We wait till M4 for TSC presentation.

ongoingFix to be provided for packages upgrades.

PTL meeting (April 24th)

Liam will provide his feedback on Policy interest to participate in Security Questionnaire for next project

ongoing

CPS presentation for DTF virtual eventTony is open to help and contribute.


TSC meeting (April 20th)

ONAP Takeaways summary




SECCOM MEETING CALL WILL BE HELD ON 9th May 2023. 

CPS Security updated questionnaire review by SECCOM - final round with CPS team.








Recordings: 

2023-04-25_SECCOM_week.mp4

SECCOM presentation:

2023-04-25 ONAP Security Meeting - AgendaAndMinutes.pptx

...