Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 17th of January 2023.
Jira No | Summary | Description | Status | Solution |
---|---|---|---|---|
Weekly scans re-enabled with 2023-01-17_SECCOM_week.mp4support: | https://logs.onap.org/onap-integration/weekly/onap-weekly-dt-oom-kohn/2022-11/28_09-30/ -Fiachra responded with srimzi-zk-entrance:
| ongoing | E-mail with feedback was shared with Fiachra | |
Security issues raised by External researchers | -IT-24999 Security Issue - Sensitive information leakage -IT-25000 vulnerability detected (DMARC RECORD MISSING) | ongoing | Details to be reviewed by Pawel and Amy on January 13th. | |
Unmaintained projects | Repos without merge (for last 1 year) identified, at the next PTL meeting Jan 23rd list to be reviewed. Merges by Thomas and Cedric to be excluded. | ongoing | ||
TSC meeting (5th January) |
| |||
PTL meeting (9th January) | Check with Fiachra on srimzi container | |||
Logging security discussion (recording reference: starting from 17:15) | Justin Garrard (jagarra@uwe.nsa.gov) presented onap-log-inject.pptx and demo. ONAP logging requirements: ONAP Next Generation Security & Logging Architecture. OOM wanted to have logging at the node level. Moving Collection Agent to PoD level from Node level avoids security issue. | started | Further exchanges to be done on that topic, pushing Fluentbit to the pod makes sense from security perspective. | |
SECCOM MEETING CALL WILL BE HELD ON January 24th 2023. |
Recordings:
SECCOM presentation: