Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 20th of June 2023.
Jira No | Summary | Description | Status | Solution |
---|---|---|---|---|
ONAP disaggregation impact on SECCOM activities | Disaggregation is getting its momentum. 5-10% of projects time to be focussed on integration efforts. Aarna used EMCO to deploy slices, the same could be done with ONAP. ONAP is still handling high level orchestration if it comes to CNF orchestration it is delegated to Nephio. EMCO is talking about connecting to Nephio. We are looking at dev side of the security which is half part picture. Imact analysis is needed for ONAP disaggregation with focus on security, testing etc. | |||
LF IT CI/CD security review | Muddasar is not getting support for the ticket opened 1 month ago: IT-25429 Review of ONAP CI Threat Model and Security Controls Matt confirmed he will setup a meeting with Muddasar to better understand what is expected | |||
CPS Road to gold | CPS PoC under preparation – Jess is configuring 2FA for committers - done. OJSI list communication with Jess -some members should be removed/added | Amy to check with Jess on updated list for OJSI distribution list. | ||
5 Years security questionnaire for Policy project | -https://wiki.onap.org/display/DW/PF+-+ONAP+Security+Review+Questionnaire -Confirmation from Policy project received about review completion. | ongoing | Tony to share initial feedback with Policy team. Next discussion point is 18th of July. | |
Latest weekly scans – still looking for owner of zk-tunnel-svc | Bob reviewed gerrit logs. | |||
PTL meeting (June 19th) | Cancelled | |||
TSC meeting (June 15th) | Update on new Global Requirement: Use Native Service Mesh Authentication and Authorization for Intra-ONAP Communication
Gerrit upgrade re-planned by Kevin - after TSC meeting Andreas will let Kevin know when upgrade could be provided Kevin to prepare info on which version and what are the drivers for an upgrade | Meeting with Infosys done. They will do the analysis. Access to environment will be crucial. | ||
Badging Dashboard | Projects in unmaintained status still have active badging questionnaire David was asked to help in marking quesionnaire as unmaintained, Tony organized meeting with David to show what needs to be done. Changes are made. | |||
SECCOM MEETING CALL WILL BE HELD ON 27th JUNE 2023. |
Recordings:
SECCOM presentation:
2023-06-20 ONAP Security Meeting - AgendaAndMinutes.pptx