Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 23rd of February 2021.

Jira No
SummaryDescriptionStatusSolution

SECCOM slides for Requirements Subcommittee

-https://wiki.onap.org/display/DW/Template+to+be+fulfilled+per+each+requirement

As we missed last session on February 15th to present slide deck, we will try to book slot on March 1st. 

ongoingE-mail to be sent to Alla to check if we could present on March 1st. 

Whitesource scans of SPC vs. Nexus-IQ

Results for CPS scans were discussed for both Whitesource and Nexus-IQ. 

Trivi at the end of image creation - would it allow for this issue identification?

Fabian will do the scans with Trivi for CPS repo and share the results.

ongoing

Exchanges with Toine shall be done by e-mail on SCA scan finding.

Whitesource could be contacted to figure out transitive dependency in their GUI.


ODL customized repo for ONAPVersion RC1 and RC2 has some issue, so finally RC3 shall be used as an ultimate one for Honolulu release.ongoingResults to be compared between prevoius release and RC1 and RC1 and RC3

UI from Morgan presentation

Scans for jabva and Python and each container - with color coding. https://logs.onap.org/onap-integration/weekly/onap_weekly_pod4_master/02-11-2021_22-02/security/versions/versions/

A lot of project not using a standard image that Integration team formed. It is a good thing to be created. We need to get projects moving standard images.

Maybe Alpine is not enough and Debian or Ubuntu should be added?

Orange ran Trivy against those 2 images and only 2 medium CVEs for each of them identified.

We should focus on MVP. - to be discussed next week.

ongoing

It would be good to know which projects are uding standard image and which customized and know the rationale behind.

Michal to be contacted for SDNC which uses for one container (SDNC-DMaaP) still Python 2.7.

Orange MVP to be presented by Fabian.


Logs management

Policy uses stdout for logs collection.

3 tickets were opened regarding logs:

https://logs.onap.org/onap-integration/weekly/onap_weekly_pod4_master/02-11-2021_22-02/security/versions/versions/
AAI – LOG : https://jira.onap.org/browse/AAI-3273
SO – LOG : https://jira.onap.org/browse/SO-3531
AWX contrib : https://jira.onap.org/browse/INT-1858

Fabian continues to check other components for logging

ongoingToine to be asked by Amy on stdout usage.


OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 2nd OF MARCH'21. 





Recording:



SECCOM presentation:




  • No labels