Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 12th of October 2021.
| Jira No | Summary | Description | Status | Solution |
|---|---|---|---|---|
| Google is investing in open source security | Google is investing $1 million in the Linux Foundation's Secure Open Source (SOS) pilot program to make open source projects more secure (Amy). Payment for fixing the bugs. According to Google, SOS is "the starting point for future efforts that will hopefully bring together other large organizations and turn it into a sustainable, long-term initiative under the OpenSSF (Open Source Security Foundation)," a cross-industry forum that collaborates on the improvement of open source software security. Samuli shared also: https://openssf.org/ | started | ||
| Kubernetes hardening | https://deploy-preview-29791--kubernetes-io-main-staging.netlify.app/blog/2021/10/05/nsa-cisa-kubernetes-hardening-guidance/ ,v2 version is coming! New tool Kube-scape based on like Kube-bench based on CIScat guidance. Kube- | ongoing | ||
| TSC meeting update | Honolulu maintenance release approved Jakarta timeline proposed: Release Planning Jakarta Participants reminded to vote for TSC membership | |||
| Angular experience on dependencies | Jared presented his development results on app dependency cluster graph. Slides presented - please refer to thebottom of this page for a link. | started | ||
ONAP release notes and dependencies | Thomas was contacted. He is retrieving info via script about all the components. Output: Dependencies between components or with external projects are not tracked here. | ongoing | To review the context of this request. | |
| Feature template follow-up | Muddasar had a meeting with Alla. Muddasar is preparing a slide deck to be presented at the TSC. | ongoing | Slides with the proposal to be presented at the TSC. | |
| SonarCloud coverage for Jakarta release | Focus on security vulnerabilities that have blocker or critical rank. In Sonar it is called hotspot. | started | ||
[REQ-441] | New Global Requirement | [REQ-441] LOGS MANAGEMENT - PHASE 1: COMMON PLACE FOR DATA – PROPOSAL FOR JAKARTA | ongoing | Next PTLs meeting on 18th of October - agenda |
| Kubernetes hardening | Shared by Brian: https://deploy-preview-29791--kubernetes-io-main-staging.netlify.app/blog/2021/10/05/nsa-cisa-kubernetes-hardening-guidance/ CubeCon next week, slack channel exists for Kubernetes security. | started | ||
| OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 19th OF OCTOBER'21. | Kubernetes hardening (Brian) CADI and AAF replacement (Byung) |
Recording:
SECCOM presentation: