Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 16th of March 2021.
| Jira No | Summary | Description | Status | Solution |
|---|---|---|---|---|
| Last TSC update | CNF Task Force meeting on 16th of March, US governement support may help increasing open source „apps 5G”. https://zoom.us/j/219945081?pwd=ZEN3U3daem9oMGJuZ3BXZExCdldkUT09 | ogoing | SECCOM representatives will join this session with US military on open source secure software development for 5G. | |
| Exceptions for Java and Python | Requests were reviewed and recommendations will be provided to TSC for an approval. Still missing ones (38 for Java and 40 for Python). | ongoing | To find a solution to encourage PTLs to raise exception requests or simply complete the cleaning in their containers. | |
| SECCOM requirements for Istanbul release | Template to be fulfilled per each requirement Associated Jira epics and stories to be created. | ongoing | To be checked whether for global requirements we could | |
| Next PTLs meeting SECCOM topics | For next meeting open point for justification – not using basic image. SonarCloud scans percentage target. | ongoing | to be proposed to meeting agenda | |
| Sonarcloud scans | Problem integrating jacoco (for an automated testing) unit test results with SonarCloud to create code coverage reports – ticket was opened to Sonatype. Impact: so 55% code coverage might be not reached by some projects (SDC, SO...). | ongoing | status of the ticket submitted to be checked with Jess. | |
Logs management – follow up by Samuli | Update from Samuli: security audit logs must be produced. What types of events to logging to security and what information must be logged to each log entry. Syslog RFC5424. | ongoing | Logging requirements for containers and what it means to manage logs. Stdout usage document to be shared by Fabian. | |
| How to create secure applications | Following last request from Chaker and discussion at the last PTLs meeting Tony prepared proposal: https://wiki.onap.org/display/DW/Secure+Programming+Practices | pending | SECCOM will provide comments, proposals by next week. Chaker to be informed about this draft. In 2 weeks PTLs to be updated with this proposal. | |
| Daylight savings | We keep for the moment UTC reference time, even if next week in US there is time shift. If there would be an alternative proposal, let's review it together. | done | ||
| OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 23rd OF MARCH'21. |
Recording:
SECCOM presentation: