Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 1st of December 2020.
| Jira No | Summary | Description | Status | Solution |
|---|---|---|---|---|
| Root pods discussion | Change in Consul recently submitted. There are 2 ways to ensure that process is not running as root in the container:
| ongoing | Preferred option to be vlidated by Krzysztof and confirmed by e-mail. After to be presented to TSC to become a best practice. | |
| SECCOM requirements for Honolulu | Looking for junior profile to execute Java upgrades. Orange Labs Poland and LFN contacted. | ongoing | To be further elaborated. | |
| Harbor update | Item solved by e-mail exchange. | done | ||
| Secrets management update | No feedback yet from Natacha for different types of secrets existing in ONAP discussed on 10th of November. | done | ||
| Flow matrix | Fabian had a meeting with Sebatien.. Fabian explores Celium. | ongoing | No feedback from this meeting - waiting for a feedback from Sebasien. | |
| Quality of the code | Possibility to refuse the commit. There are quality issues in ONAP but we get a lot of push back. | ongoing | Meeting with Jessica to be planned. for pipeline creation. | |
| CII Dashboard | Progress was shared with the last PTLs call. | done | ||
| Versions recommended for Honolulu release | Tests checks on run time. Java 11.0.6 version selected as recommended. | ongoing | ||
| Protocols and encryption finding sfrom Sonar | 5 types of findings, 2 of them serious: 130+ projects disabled validation of server certificate or validating host name in the certificate- ignoring part of basic TLS protocol. 38 projects have problem with the way how they use encryption algorythms - broken ones used (MD5 or SHA-1). Poor practices in identity management. SSL selected instead of TLS - easy to fix. | Best practice to be formalized - Amy to provide modified wording for Cryptographic Algorithms and Protocols. Krzysztof will have later today a meeting with Chaker and David. | ||
| OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 24th OF NOVEMBER'20. |
Recording:
SECCOM presentation: