2020-08-04 Security Subcommittee Meeting Notes

Owned by Paweł Pawlak
Last updated: Aug 05, 2020
2 min read

Please find below the Minutes of Meetings and recording for the  SECCOM meeting that was held on 4th of August 2020.

Jira No

Summary

Description

Status

Solution

Jira No

Summary

Description

Status

Solution

 

M2/M3 status update

SECCOM non finctional requirements leaders are requested to update their jiras for M2/M3 status update.

 

 

 

Whitesource and NEXUS-IQ SCA demo for Fabian

Demo with Whitesouce executed. For NEXUS-IQ access was not working, so ticket was opened to LFN support team and now access is reestablished.

 

Organize a session with Fabian for NEXUS-IQ demo - scheduled slot on 5th of August.

 

Extending Whitesource SCA scans to entire ONAP.

For the moment CCSDK and AAI are scanned. Jessica from LFN was requested to extend scans to entire ONAP.

 

 

 

Last PTL's meeting (3rd of August) update

-REQ-323 - Upgrading packages, some of the projects are gdoing good job, but some are in the delay. ODL related projects wait for their upgrades, so delay expected

-REQ-351 - ONAP must complete update of the java language (from v8 -> v11) - > TSC to be warned, we are at risk! 4 projects do not have capacity (MSB, Modelling, Multicloud and possibly AA&I).

-REQ-373 - ONAP must complete update of the Python language (from 2.7 -> 3.8) - pretty good shape, support from Michal. 3 projects (SDC, DCAE and Logging (out of Guilin scope)).

-Flow matrix to be updated by remaining PTLs.

 

 

Free public updates for Java v8 doe personal use is December'20.

For a commercial use, it ended January'19. 

 

 

 

Slide to be prepared to warn TSC.

 

 

 

SECCOM elections

Waiting for Kenny to start election process 

ongoing

 

 

Honolulu SECCOM requirements

After Service Mesh PoC - new requirements might arrive.

Harbor requirement. In Harbor:

  • you can sign the image and you can share the key with an application that has an account to pull or to push the image

  • possibility to scan the image all the time and send warning

Harbor deployed in run time while Whitesource and Nexus-IQ during the development. 

Logs management

SIEM inegration

CII Badging - session planned on the PTLs call.

 

 

 

 

 

 

 

 

OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 4th OF AUGUST'20. 

Topics proposed:

  • Certificates management update – Krzysztof

  • Security Documentation – Harald

 

 

 

Recording

SECCOM presentation