Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 20th of April 2021.

Jira No
SummaryDescriptionStatusSolution

Java and python upgrades in Istanbul release

We do not plan on creating tickets for unmaintained projects, instead we should add those repos to Morgan’s exception list.

Looking for info on which projects are responsible for the following repos:(responses from PTLs in parentheses)

  • ejbca-ejbca (testing)
  • esr-gui (unmaintained - exclude)
  • esr-server (unmaintained - exclude)
  • message-router, message-router-kafkamessage-router-zookeeper (DMAAP)
  • framework-artifactbroker (MULTICLOUD)
  • awx-celery, awx-rabbit,awx-web (testing)
  • robot (testing & integration)
ongoing

Additional jiras to be created excluding the ones related to testing that will go to whitelist.

Awx to be checked in what context it is used for testing - Morgan to be asked.



Security and critical vulns per project

Orange developer strated with DMaap: 421 issues down to 53 - at the last PTLs meeting DMaaP PTL promissed to review the proposed changes and merge it.

Next step will be to analyze SO.

ongoing

NSA contribution proposal for ONAP security

Vijay reached-out Maggie, establishing contact with relevant ONAP community members.

ongoingNext meeting to be booked.

CNF Task Force enterprise business workgroup 

Meeting on April 14th at 2:00 UTC - 

Work with O-RAN to use ONAP for service management and orchestration, how to handle Magma - no decision yet on how to treat access control gw? ONAP Architecture Subcommittee to be involved.

ongoingFeedback collection on Magma

[WAIVERS] Set Honolulu security waiversMerge donedone

Meeting with Jess and SECCOM on Jenkins/Gerrit and SonarCloudMeeting done on April 15th - integration between Wikimedia and Sonar:

https://phabricator.wikimedia.org/phame/post/view/160/introducing_the_codehealth_pipeline_beta/

ongoingFabian will come back to us with an update.

Slide deck for new Global Requirements

No slot again at the last TSC, although booked. - e-mail request was sent to TSC distribution list

ongoing

Waiting for TAC approval


Training for SonarCloud

Please refer to slides in the slide deck below for a complete list of the questions.

Additional question identified on possibility to integrate SonarCloud with Gerrit – scan before merge.

ongoingUpdated list of questions to be shared by Jess with SonarCloud team.

Last PTL meeting
  • Feedback from follwoing projects: DCAE, DMaaP, SDC and SDNC/CCSDK – need to directly discuss with those projects
  • Phase 1: move existing logs to STDOUT
  • Phase 2: to see how we can decide something that is usable by any component (pattern for logs)
  • Phase 3: add request id
  • Chaker’s feedback on Logging guidelines v1.1
ongoing

To check with Chaker where logging guidelies doc is located on the Wiki - already found:

ONAP Application Logging Guidelines v1.1.



OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 20th OF APRIL'21. 





Recording:


SECCOM presentation:



  • No labels