Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

Version 1 Next »

Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 10th of August 2021.

Jira No
SummaryDescriptionStatusSolution

Last TSC meeting
  • Security checking and blocking – Jiras for David to track
  • Docs progress review
  • TSC approved ESR removed from Istanbul release!
ongoing

Last PTLs meeting

not executed, but SECCOM message remains:

-Status update for Global Requirement (https://jira.onap.org/browse/REQ-863):

-Thank you all the project taking part of recommended packages upgrades.

-All other projects not compliant with this requirement will have issues with SECCOM acceptance to be part of the Istanbul release.

ongoingto propose the same message for the next PTLs meeting

Software BOMs, Hardware BOMs - Muddasar

What is the query mechanism? (during onboarding process presentation of manifesto BOM file or during query of EM or VIM from ONAP and get that information from VIMs.


ongoing

Security Event Generation Requirements review (Byung/Chaker/Fabian/Amy):





Security Risk Assessment and Acceptance – revisit Brian’s statement





CII Badging update - Tony





Dependency confusion attacks vs. ONAP SW build process

Samuli sent an e-mail to SECCOM distribution list but as no specific feedback received so far, he will send it ot ONAP discuss.

Interesting framework by Google:

SLSA: Supply-chain Levels for Software Artifacts https://slsa.dev/

https://wiki.onap.org/display/DW/Developing+ONAP
https://wiki.onap.org/display/DW/ONAP+Security+Event+Management+-+DRAFT

Bob created a dependency security wiki snip for Samuli's and his investigation on this topic. Dependency Security

ongoing

Jess to be contacted for CI chain and Nexus for Bob's question.

Services term to be modified into Services (xNF, xApps)

Plans to be presented to Architecture Subcommittee.


Logging Requirements – meeting update (Amy



Code quality and SonarCloud – achievements deck prepared by Fabian to be presented to TSC on August 12th.





SECCOM-269 is the epic for tracking security integration tests. It is blocked by the following project jiras.

ongoing


OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 17th OF AUGUST'21. 




Recording:


SECCOM presentation:


  • No labels