Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 25th of January 2022.
Jira No | Summary | Description | Status | Solution |
---|---|---|---|---|
Issue with ONAP zoom13 | Waiting room seems to be not disabled, we had to use Pawel's zoom instead. | started | Kenny to be contacted to help in solving the issue. | |
https://jira.linuxfoundation.org/plugins/servlet/theme/portal/2/IT-23423 | Log4j upgrade | Log4j 2.17.1 was released. It provides a fix for a vulnerability: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832.
Muddasar shared https://github.com/lfscanning by Gary O'Neall (lfScanningAgent) <garylegal@sourceauditor.com> Following the exchanges with Jess under the LFN IT ticket, there is a need to create new branches by each PTL for Istanbul maintenance release and then configure jjb with Nexus-IQ scans for it. | ongoing | For tracking purpose dedicated Jira tickets to be opened per project and per both releases. David to be contacted to coordinate building Istanbul Maintenance branches. |
Update of https://lists.onap.org/g/onap-security/members - updated list | List of the participants was reviewed and updated inline with contributions. | done | Added people to this distribution list. | |
SECCOM presentations for DTF (January). | Thank you SECCOM team for great presentations and all exchanges during the event!
| done | ||
Sonarcloud API documentation | As discussed SonarCloud has changed their API and available documentation is insufficient. Need to open a ticket to Jess to help in exchanges with SonarCloud and obtain better API documentation. | done | Ticket to LFN IT was opened: | |
ONAP quality gates | Quality asessment mainly for the submitted code (=delta)
| ongoing | ||
SECCOM MEETING CALL WILL BE HELD ON 1st OF FEBRUARY'22. | Quality gates for code quality improvements - continuation of the discussion. SBOM next steps - which repos/projects to take into account? |
Recording:
SECCOM presentation: