Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 20th of June 2023.
| Jira No | Summary | Description | Status | Solution |
|---|---|---|---|---|
LF IT CI/CD security review | Muddasar is not getting support for the ticket opened 1 month ago: IT-25429 Review of ONAP CI Threat Model and Security Controls | Pawel to check with Sandra on Wednesday's meeting. | ||
| DTF virtual event | Presentation provided by Pawel and SECCOM team to share security goals for Montreal release and latest achievements/news. Tony participated in the road to gold presentation by CPS. APIs in ONAP shall be well cataloguized and standards around those APIs well secured (TLS communication etc.). We are still looking at infrastructure-as-a-code and not yet data-as-a-code. Bob participates in Working Group 11. User side is missing or is insufficient, while product security is more leveraged. | done | Byung to share with CPS team SECCOM Kudos for their great work done around CPS security. | |
| CPS Road to gold | CPS PoC under preparation – Jess is configuring 2FA for committers - done. OJSI list communication with Jess. | |||
| 5 Years security questionnaire for Policy project | -https://wiki.onap.org/display/DW/PF+-+ONAP+Security+Review+Questionnaire | strated | Pawel to check with Liam if the work is completed on Policy project side. DONE | |
Security review in ARCCOM | For ONAP architecture review security is part of the template. | |||
PTL meeting (June 12th) | Presentation on new Global Requirement: Use Native Service Mesh Authentication and Authorization for Intra-ONAP Communication
Gerrit upgrade planned by Kevin right after RC milestone (after TSC meeting on Thursday) | Pawel to invite Infosys (Gnanapriya) team to OOM meeting. Andreas to be informed. DONE | ||
TSC meeting (June 1st) | Intro provided for new Global Requirement | |||
Badging Dashboard | Projects in unmaintained status still have active badging questionnaire David was asked to help in marking quesionnaire as unmaintained, Tony organized meeting with David to show what needs to be done. | |||
| Latest weekly scans | Marek was able to initiate latest run of scans. Results are progressing, cassandra and zk-tunnel-svc to be further elaborated. Marek does not know which project is using zk-tunnel-svc - it is not in Jenkins. ONAP-discuss question was raised but still no feedback so far. Robert Heinemann No references of "zk-tunnel-svc" were found in: - https://nexus-iq.wl.linuxfoundation.org/assets/index.html#/dashboard/ | ongoing | Bob will try to review gerrit logs | |
SECCOM MEETING CALL WILL BE HELD ON 27th JUNE 2023. |
Recordings:
SECCOM presentation: