Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Current »

Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 19th of January 2021.

Jira No
SummaryDescriptionStatusSolution

REQ-437 - Getting issue details... STATUS

REQ-438 - Getting issue details... STATUS

SECCOM global requirements

Updates of associated Jira epics and stories for REQ-437 (Python 2 -> 3) and REQ-438 (Java 8 -> 11) 

ongoingStatuses changed into In progress

REQ-442 - Getting issue details... STATUS

REQ-443 - Getting issue details... STATUS

REQ-439 - Getting issue details... STATUS

SECCOM best practices

Updates of associated Jira epics and stories

HELMv3

CII Badging

Packages upgrades

ongoingStatuses changed into In progress

LFN Developer & Testing Forum - Feb 1 - 4, 2021.

SECCOM proposals:

  • Global requirements and DCAE testimony on Java migration with packages upgrades – Focus on most commonly used packages

  • CII Badging – 3 items: additional verification test for crypto weakness (integration team to be addressed), crypto credentials, secure design

  • Service Mesh update (TBC with Krzysztof)?
done

Synch with DCAE

Discussion with Michal and commitment from his side to support DCAE

  • DCAE jiras review:

Python: DCAEGEN2-2494, DCAEGEN2-2427

Java: DCAEGEN2-2428, DCAEGEN2-2381

ongoing

ONAP and ODL synch

ODL prepares ONAP distribution for each of their releases. Dan will be basing our Honolulu release on their Aluminum release.  Right now working on porting to the current Aluminum service release ( SR1).  There’s another service release (SR2) that should be available before our code freeze, so Dan anticipates that we’d upgrade to SR2 when it’s available.

ongoingE-mail sent to Dan and feedback received. 

Sonarcloud crypto takeaways

Weak crypto report from Sonarcloud. Jiras to be opened. How to get a report with API to be figured out. 5 cathegories of findings: certificate validation, host name of certificate, using secure mode and padding, using weak protocols, encoding passwords as plain text.  


Logs management – what to do next?





OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 26th OF JANUARY'21. 




Recording:



SECCOM presentation:



  • No labels