ONAP Security Advisory Project

Project Name:

• Proposed name for the project: OSA 

Project description:

• OSA is a documentation only project that provides an outlet for release-agnostic security advisories. 

Scope:

• Describe the functionality to be provided by the project.  Please provide the full intended scope of the project; not just what is intended for the project's first release.

• Specify any interface/API specification proposed,

• Identity a list of features and functionality will be developed.

• Identify what is in or out of scope. During the development phase, it helps reduce discussion.
  
  
  

• OSA will not participate in the release process OR project tracking - it is a release agnostic documentation project intended to inform users about discovered vulnerabilities and remediation

• The template for a single advisory has been already defined in Vulnerability Management Procedure

Architecture Alignment:

• How does this project fit into the rest of the ONAP Architecture?

  • Using a repo to provide security advisories is a common method by other open source projects (see Open Stack approach)

• How does this align with external standards/specifications?

  • N/A

• Are there dependencies with other open source projects?

  • NO

Other Information:

• link to seed code (if applicable)

  • N/A

• Vendor Neutral

  • N/A

• Meets Board policy (including IPR)

Use the above information to create a key project facts section on your project page

Key Project Facts:

Release Components Name:

Continuous Delivery - release every time a new advisory appears

Resources committed to the Release:

Note 1: No more than 5 committers per project. Balance the committers list and avoid members representing only one company. Ensure there is at least 3 companies supporting your proposal.

Note 2: It is critical to complete all the information requested, that will help to fast forward the onboarding process.