2023-01-10 Security Subcommittee Meeting Notes

Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 10th of January 2023.

Summary	Description	Status	Solution
Weekly scans re-enabled with Michal’s support:	https://logs.onap.org/onap-integration/weekly/onap-weekly-dt-oom-kohn/2022-11/28_09-30/ -Fiachra responded with srimzi-zk-entrance: This container is required by dmaap message router to connect directly to the strimzi zk for storing some metadata. Strimzi locks it's zk cluster by default and this was advised as a "hack/temporary" solution for MR. https://github.com/scholzj/zoo-entrance I do see that the base image was updated recently though so not sure where the old java version is coming from. AP: to identify where it is getting picked up from	ongoing	E-mail with feedback was shared with Fiachra
Security issues raised by External researchers	-IT-24999 Security Issue - Sensitive information leakage -IT-25000 vulnerability detected(DMARC RECORD MISSING)	ongoing	Details to be reviewed by Pawel and Amy on January 13th.
Unmaintained projects	Repos without merge (for last 1 year) identified, at the next PTL meeting Jan 23rd list to be reviewed. Merges by Thomas and Cedric to be excluded.	ongoing
TSC meeting (5th January)	Synch on January 11th with OSC (Martin Skorupski) New idea of special squad team to deal with projects without PTLs Updated London release schedule
PTL meeting (9th January)	Check with Fiachra on srimzi container
Logging security discussion (starting from 17:15)	Justin Garrard (jagarra@uwe.nsa.gov) presented application logging presentation and demo.	started
SECCOM MEETING CALL WILL BE HELD ON January 17th 2023.

Recordings:

2023-01-10_SECCOM_week.mp4

SECCOM presentation:

2023-01-10 ONAP Security Meeting - AgendaAndMinutes.pptx