Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 8th of March 2022.

Jira No
SummaryDescriptionStatusSolution

ONAP Security logging PoC requirements - Byung

https://lists.onap.org/g/onap-requirements-sub/viewevent?eventid=1437425&calstart=2022-02-28

Presentation available at the bottom of this page. Security Logging Requirements were presented to Use Case Subcommittee.

Toine agreed to be a project for a PoC.

startedPresentation on proposed logging fields to be provided to PTLs community on 14th of March. To be folloed by architecture information as a separate presentation/topic.
IT-23650Unmaintained projects – ticket creation for failing Jenkins jobs 

Issue seems to be finally resolved.

homas asked to propose a patch for the composite release notes that includes info from slide 6.

done

LFN preparing document on ONAP security

https://wiki.lfnetworking.org/display/LN/2022+LFN+Security+whitepaper

Contribution needed for SBOM part – Sean/Bob done

-NTIA paper could be a good reference.

done

Unmaintained projects Discussion on how to represent unmainained project, yaml vs. Json file, type of information.ongoing
IT-23622IT-23622 API documentation for SonarCloud (continuation of IT-23519)

Tony and Amy will try to use AT&T leverage as SonarCloud customer to get info on API documentation.

ongoing

Unmaintained projects - Istanbul Maintenance Release NotesTicket creation for failing Jenkins jobs. Thomas asked to propose a patch for the composite release notes that includes info from slide 6 but we first need to solve failing Jenkins jobs.doneFailing Jenkins jobs issue to be escalated.

Security logging update 

https://wiki.onap.org/display/DW/Jakarta+Best+Practice+Proposal+for+Standardized+Logging+Fields

Some more clarifications planned, naming causing some confusion.


ongoing

One more session (on 25th of February) to complete fields review.

Next to be reviewed with PTLs.


SonarCloud findingsTony will open direct tickets to projects.startedTickets to be open by Tony.

Badging - no update

Tony working with David and Dave on getting projects moved from having owner from project and replacing with David for Badging. Some owners gone away... Additional editors do not have rights to remove somebody from the project (can only add additional people).

No movement. Waiting for an answer from David Wheeler.


Tony to reach out David.

Final SCA scan for Istanbul Maintenance release.List of projects with transitive dependencies to be provided by Amy.


Quality gatesNo update so far from Seshu.ongoing

To join SO meeting.

To drop an e-mail to Toine.


Issue with Wiki creation by TonyTicket to be created to solve the issue







SECCOM MEETING CALL WILL BE HELD ON 15th OF MARCH'22. 

Quality gates for code quality improvements - continuation of the discussion.

5Y review criteria.





Recording: 


SECCOM presentation:








  • No labels