Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 16th of May 2023.
Jira No | Summary | Description | Status | Solution |
---|---|---|---|---|
Good news! | Byung as the new Architecture Subcommittee Chair - congratulations! | |||
CPS Road to gold | Tony prepared his part of the deck for a common presentation. | ongoing | Tony to send a copy to broader team and check with Lee Angella. | |
Building a better 5G future... | Muddasar was presenting Accelerating 5G Innovation at the ONE conference in Vancouver. Recording shall be available in few weeks. Muddasar provided a quick summary. Maggie will be speaking to 5G superblueprint on network slicing and network configuration on Wednesday (11.00 AM EST). | |||
LFX Security Dashboard | Amy had a meeting with Jess. -LFX is a security framework - open for different pipelines, no dictated tools, and absolutely no integration with LF purchased/licensed products: Nexus-iq or Sonarcloud. -ongoing VEX and SBOM under exchanges | ongoing | Value to ONAP projects could be increased by providing configuration templates for existing tools. | |
Latest weekly scans | Marek was able to initiate latest run of scans. Results are progressing, cassandra and zk-tunnel-svc to be further elaborated. Marek does not know which project is using zk-tunnel-svc - it is not in Jenkins ONAP-discuss question was raised but no feedback so far. | Pawel to check with Marek if he recalls zk-tunnel-svc is part of which project. | ||
PTL meeting (May 15th) | PTL Agenda Topic: Confluence and JIRA alternatives – no issue anymore M4 status update RC for London June 1st. Montreal M1 planning (June 22nd) | Tony to be contacted by Policy team member for 5 Year security review. | ||
TSC meeting (May 11th) | Voting on modified ONAP mission statement and chapter modifications Preparation of the deck for Governance Board (presentation today!) 2FA issue raised – follow-up with Andreas and LF- IT today at 5 PM CEST. | |||
SECCOM Montreal requirements | Existing Global requirements -Epic REQ-437: COMPLETION OF PYTHON LANGUAGE UPDATE (v2.7 → v3.8)
-Epic REQ-438: COMPLETION OF JAVA LANGUAGE UPDATE (v8 → v11)
-Epic REQ-439: CONTINUATION OF PACKAGES UPGRADES IN DIRECT DEPENDENCIES
-Epic REQ-443: CONTINUATION OF CII BADGING SCORE IMPROVEMENTS FOR SILVER LEVEL
-Logging for Java
| Bob to share Jira as a reference. JIRA ticket for the security logging for Java containers. | ||
SECCOM MEETING CALL WILL BE HELD ON 23rd May 2023. | SBOM Types & Minimum Requirements for VEX Documents - we move it to the next week, Muddasar will prepare some info on SPDX 3.0 and different types of SBOMs. |
Recordings:
SECCOM presentation:
2023-05-18 ONAP Implementing 2FA.pptx