...
Jira No | Summary | Description | Status | Solution |
---|---|---|---|---|
ONAP disaggregation impact on SECCOM activities | Byung provided presentation on disaggregation that was initially discussed: ONAP - Streamlining the process-2023-7-18-v2.pptx Separation of marketing and component versions - proposal by Florian to be further elaborated at the OOM meeting on Wednesday. Proposal: Break ONAP's monolithic version schema Helm charts dependencies to be analyzed (by Andreas): With known major version and version provided by the project SCA scans could be provided automatically. Do we maintain a single CI/CD pipeline or individual per project. Different namespace must be possible. ONAP components interfaces abstraction (to serve both ONAP but alno non-ONAP) would require an additional development efforts to build adapters - it brings some risk. TM Forum brings some defined APIs. Security controls out of ONAP:
Logging and logs management need to be carefuly considered as one of pilars of security. Ceremony is needed at ONAP level that finishes and summarizes efforts for a solution. | started | To be continued at ARCCOM and OOM meetings. | |
NEXT SECCOM MEETING CALL WILL BE HELD ON 25th JULY 2023. | 5Y security questionnaire by Policy. | Tony to send e-mail reminder, so we would review answers before the meeting next week. |
Recordings:
SECCOM presentation:
2023-07-18 ONAP Security Meeting - AgendaAndMinutes.pptx