Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 14th of September 2021.

Jira No
SummaryDescriptionStatusSolution

REQ-801

REQ-800

REQ-863

REQ-443

M4 update

Java upgrades - good progress.

Python upgrades good progress as well.

Packages upgrades - very good progress - 16 tickets closed already - vulnerabilities removed: 679/776 (based on tickets). Still some pprojects that did some upgrades but no update on the restricted Wiki.

New Sonatype function to filter direct vs. transitive dependencies.

Weak cryptography and injection items - excellent progress. There are still few there open (projects no longer maintained - e.g. Portal).  

For Jakarta, few other items that SonarCloud highlights - Jira tickets to be written for those (blocking and critical). 

ongoing

To be checked if we have waivers for all remaining ticktets.


PTLs meeting shall address the gaps on the restricted Wiki.

Projects with open status on their Jira tickets to be elaborated.

Will Portal be excluded from ONAP future releases? - Byung to investigate.


Software BOMs

Documentation review - nexus account  manager contacted. It is part of Nexus product lifecycle licence (cyclone DX format). APIs for info extraction to be checked.

Access to Nexus-IQ server - what group shall be used for that - REST API calls are possible now - will be used for SW BOMs.

ongoing

Logging requirements

Almost 50% of the metadata fields defined - good progress.

In some of the GitHub repos md (markdown) files with good description for logging - SO is a good example. 

ongoing

Dependency confusion attacks vs. ONAP SW build processBob had exchanges with Jess on filtering rules and dependencies management software.on holdTo be further elaborated with Samuli.

Security Risk Assessment and Acceptance Excel table that was initially prepared 3 years ago to be shared and reviewed at the next SECCOM, frameworks to be reviewed as well (MIST and ISO).ongoing

Feature request templateAlla leading ONAP Requirements Subcommittee to be contacted to provide details.ongoingMuddasar to be introduced to Alla by Pawel.

Last TSC meeting
  • TSC Voted to approve M3, 90% issues closed due to good progres
  • 16th of September for M4 gating
  • Jakarta release and timeline discussed
  • Michal Jagiello – new PTL for integration
ongoing

Code quality updateStatus to be checked, there were some exchanges with Thierry and Jess.ongoingSlide to be presented to next PTLs meeting.

Last PTLs meeting

Meeting was cancelled (Labor day in US)

ongoingslot to be booked for the next PTLs meeting.

CADI and AAF replacementDCAE and DMaaP communication - new proposal to be presented today at the Architecture Subcommittee.ongoingByung  to present update for the next SECCOM


OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 21st OF SEPTEMBER'21. 

M3 update - waivers review

Software BOMs

Logging requirements update

Security Risk Assessment and Acceptance – review frameworks and old excel file

Dependency confusion attacks vs. ONAP SW build process - synch with Samuli

Code quality update

CADI and AAF replacement




Recording: 

SECCOM presentation:


  • No labels