Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 3 Current »

Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 13th of April 2021.

Jira No
SummaryDescriptionStatusSolution

NSA contribution proposal for ONAP security

Slides presented by Maggie:

ongoingBoth Vijay and Tony to provide support for NSA team, establishing contact with relevant ONAP community memebers.

CNF Task Force enterprise business workgroup 

Next meeting on April 14th at 2:30 UTCongoing

Progress tracking for Python and Java upgrades

In begining of March still Python 2.7  (40) and Java 8 (38) the containers -> last week: (23/67) Java (28/105), so considerable progress observed!

Some items might be due to LF pipeline.

ongoingWe will track upgrades with Jira tickets in Instanbul release.

Slide deck for new Global Requirements

No slot again at the last TSC, although booked.

ongoing

To be presented at the incoming TSC meeting - slot in the next agenda to be booked again and e-mail to be sent to TSC districution list.


Security and critical vulns per projectOrange developer strated with DMaap: 421 issues down to 53!ongoingNext step for PTL to merge the code.

SonarCube and integration with Gerrit

Slides presented by Fabian:

Sonar only checks the Master. We need to analyse the code beefore merge.

ongoingMeeting to be organized by Pawel with Jess and Orange team.

Training for SonarCloud

Meeting last Thursday done. Questions collection to be addressed by training:

  • take a look at how we are using SonarCloud to benefit from it even more
  • how to automatically eliminate unmaintained projects
  • how to ensure that PTLs have right authority to be able to use SonarCloud capabilities and be able to do the lifecycle, it does support, example: marking false positive, right now we can only change the code to not reappear anymore 
ongoing

Last PTL meeting

Global Requirements on the project level: 2 Factor Authentication, Site Hardening, code review standard, copyright profile at every source file. Some CII Badging questions have answers ONAP wide.

ongoingInfrastructure changes at the LF level will need some more time

LF InternshipsDeadline soon... Bus factor requirment could be a good use case.ongoing

Logging management follow-up

In Honolulu it was PoC and not best practice.

Feedback from David: https://wiki.onap.org/x/gymLBQ, action: first step is to review and socialize with the PTLs, good to request time in the weekly PTL meeting for this.  Next, need to propose it as a best practice for the Istanbul release, which will require approval by the TSC before M1.

ongoingTo book a slot for next PTLs meeting.

CII Badging – automationSupport for Tony, volunteers are welcome


NEXUS-IQ scans analysis

We wait with the SCA analysis untill code is stable, post RC1?

on standby


OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 20th OF APRIL'21. 





Recording:


SECCOM presentation:




  • No labels