Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Please find below the Minutes of Meetings and recording for the  SECCOM meeting that was held on 4th of February 2020.

Jira No
SummaryDescriptionStatusSolution

Java and the new model of licensing for Oracle JDK versus Open JDK – Natacha

Oracle JDK which is commercial - benefits updates

Open JDK - like open source so free of charge but support for java 11 but not earlier versions. 

Presentation was submitted to recent TSC meeting to ensure the common understanding of the risk. 

TSC wants to know which distribution of the OpenJDK is used – Integration team/OOM to be contacted - discussion planned for next status meeting on Wednesday. SECCOM cares Java 11 and not particular distribution - we appreciate common image from governance perspectiveand harmonization - coordination on release manager side.

Next steps:

E-mail to be sent to Morgan with Pawel B. in copy to confirm if image is already created.


Secrets managementAgreement achieved last week (Krzysztof and Samuli)Written description is needed on the Wiki.Once we have a written recommendation, it would be reviewed at the next SECCOM meeting and further presented at the TSC for an prroval - once gained it would become best practice.

Script for automatic jira ticket generation of direct dependencies to be upgraded was successfully tested with CLAMP by Julien and Pierre.

2 scripts were created in Python

  • script 1: uses maven and creates json of direct dependencies to be upgraded
  • script 2: takes json generated by script 1 and creates Jira tickets for each package to be upgraded
Scripts were reviewed as well as CLAMP. No specific feedback from SECCOM received from demo till today. 

Nexts steps: 

  • Wiki with script description to be created
  • Before creating a ticket script could check if it does not exist.
  • Scripts available under Julien's github: https://github.com/JulienBe/onap-dep
  • Present solution to PTLs and get feedback on how to integrate the scripts into the ONAP development cycle to generate the project jiras for package upgrades

New xtesting security docker has been integrated end of last week.
Meeting on Wednesday with OOM and Integration.Update next week.

Frankfurt M2/M3 scorecard SECCOM requirements update

Items reviewed:

  • REQ-207 - Getting issue details... STATUS SECCOM Code coverage
  • REQ-215 - Getting issue details... STATUS SECCOM Containers configured per secure recommendation
  • REQ-219 - Getting issue details... STATUS SECCOM Java 11 migration from v8
  • REQ-223 - Getting issue details... STATUS SECCOM CII badging – meet targeted Silver and Gold requirements
  • REQ-227 - Getting issue details... STATUS SECCOM Complete the OJSI backlog
  • REQ-231 - Getting issue details... STATUS SECCOM HTTPS communication vs. HTTP
  • REQ-235 - Getting issue details... STATUS SECCOM Password removal from OOM HELM charts
  • REQ-239 - Getting issue details... STATUS SECCOM Communication Matrix
  • REQ-243 - Getting issue details... STATUS SECCOM Containers and Kubernetes secure configuration recommendation
  • REQ-247 - Getting issue details... STATUS SECCOM Coverity integration by end of Frankfurt
  • REQ-251 - Getting issue details... STATUS SECCOM Ingress controller
  • REQ-263 - Getting issue details... STATUS SECCOM Perform Software Composition Analysis - Vulnerability tables


YELLOW

RED

YELLOW


RED

YELLOW

GREEN

YELLOW

GREEN


GREEN

RED

GREEN


RED


Template to be created. 






 OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 11TH OF FEBRUARY'20






  • No labels