Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Slides presented by Xue:

Jira No
SummaryDescriptionStatusSolutionSDC request for exeption for Honolulu

done

As it is planned to finalize in Istanbul, SECCOM recommends an exception for SDC.

All other exceptions to be reviewed by March 4th.

SECCOM slides for Requirements SubcommitteeLast TSC update

CNF Task Force meeting on 16th of March, US governement support may help increasing open source „apps 5G”. 

https://wikizoom.onap.orgus/display/DW/Template+to+be+fulfilled+per+each+requirement

SECCOM requirements for Honolulu and Istanbul were presented at the session on March 1st.

Best practices and global requirements period is open for Instanbul release.

CII Badging - as best practice for Istanbul to be moved to global requirements.

The same for packages upgrades. New requirement to be linked to existing best practice one.

SonarCloud 55% code coverge history - difficult for PTL and committers to know if the code proposed is improving the coverage or not as analysis is visible only on Master = you get to know after the code is merged.

Good target is not to reduce the coverage and trying to improve. 

ongoing

To document SECCOM non-functional requirements for Instanbul release at the Wiki created by Alla.

Jiras to be created with linkage under jira.

Best practices proposal to be submitted to TSC for an approval.

Sonarcloud issueProblem integrating jacoco

j/219945081?pwd=ZEN3U3daem9oMGJuZ3BXZExCdldkUT09

ogoingSECCOM representatives will join this session with US military on open source secure software development for 5G.

Exceptions for Java and Python

Requests were reviewed and recommendations will be provided to TSC for an approval. Still missing ones (38 for Java and 40 for Python).

ongoingTo find a solution to encourage PTLs to raise exception requests or simply complete the cleaning in their containers.

SECCOM requirements for Istanbul release

Template to be fulfilled per each requirement

Associated Jira epics and stories to be created.

ongoingTo be checked whether for global requirements we could 

Next PTLs meeting SECCOM topics

For next meeting open point for justification – not using basic image.

SonarCloud scans percentage target.

ongoingto be proposed to meeting agenda

Sonarcloud scans

Problem integrating jacoco (for an automated testing) unit test results with SonarCloud to create code coverage reports – ticket was opened to Sonatype. Impact: so 55% code coverage might be not reached by some projects (SDC, SO...).

ongoingJess status of the ticket submitted to be informedchecked with Jess.

Logs management – follow up by Samuli 

Update from Samuli on ONAP xNF O&M requirements have an audit logging requirement –  “all changes to the configuration (or: the system) must be logged”: security audit logs must be produced. What types of events to logging to security  and what information must be logged to each log entry.

Syslog RFC5424.

ongoingVNF logging requirements to be checked

Logging requirements for containers and what it means to manage logs.

Stdout usage document to be shared by Fabian.


How to create secure applications

Following last request from Chaker and discussion at the last PTLs meeting .

Secure design should cover that.

pending

Tony will start Wiki with the initial proposal and SECCOM will support by reviewing it and providing feedback.

Toine from CPS to be addressed.Tony prepared proposal: 

https://lf-onap.atlassian.net/wiki/display/DW/Secure+Programming+Practices

pending

SECCOM will provide comments, proposals by next week.

Chaker to be informed about this draft.

In 2 weeks PTLs to be updated with this proposal.


Daylight savingsWe keep for the moment UTC reference time, even if next week in US there is time shift. If there would be an alternative proposal, let's review it together.done


OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 16th OF MARCH'21. 





...