2022-03-29 Security Subcommittee Meeting Notes
Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 29th of March 2022.
Jira No | Summary | Description | Status | Solution |
---|---|---|---|---|
| Updates to Secure Design Questionnaire - Maggie | Maggie merged the changes on the Wiki. Tony's comment to keep naming convention from headings as it corresponds to Badging questionaire. Most of the changes are usefull. Thank you Maggie! | ongoing |
Muddasar will prepare grade rate assessment proposal. |
| ONAP policy update | Ramesh (ONAP Policy) gave a presentation again on enabling cluster role in policy k8s-participant’s OOM chart since they have implemented the security requirements suggested by SECCOM. REST endpoints disabled by default.
| ongoing | E-mail to be sent by Ramesh to Sylvain before end of march. |
| Badging dashboard | For dynamic code analysis the answer from projects should be answered Unmet. We have static analysis buit not dynamic. Jenkins jobs for SonarCloud configured on a weekly basis - licence level we are using. | ongoing |
|
| Linux Security Summit - CFP | Linux Security Summit, happening June 23-24 in Austin, Texas + Virtual!
| started | Amy and Pawel to submit proposal. Tony and Maggie to provide proposal as well. |
| SECCOM MEETING CALL WILL BE HELD ON 5th OF April'22. | Quality gates for code quality improvements - Fabian's presentation. 5Y review criteria - finalization of the proposal. SonarCloud fixing with new code focus.
|
|
|
Recording:
SECCOM presentation: