2021-01-19 Security Subcommittee Meeting Notes
- Paweł Pawlak
Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 19th of January 2021.
Jira No | Summary | Description | Status | Solution |
|---|---|---|---|---|
REQ-437: COMPLETION OF PYTHON LANGUAGE UPDATE (v2.7 → v3.x)In Progress REQ-438: COMPLETION OF JAVA LANGUAGE UPDATE (v8 → v11)In Progress | SECCOM global requirements | Updates of associated Jira epics and stories for REQ-437 (Python 2 -> 3) and REQ-438 (Java 8 -> 11) | ongoing | Statuses changed into In progress |
REQ-442: COMPLETION OF HELM MIGRATION (v2 → v3)Done REQ-443: CONTINUATION OF BEST PRACTICES BADGING SCORE IMPROVEMENTS FOR SILVER LEVELIn Progress REQ-439: CONTINUATION OF PACKAGES UPGRADES IN DIRECT DEPENDENCIESIn Progress | SECCOM best practices | Updates of associated Jira epics and stories HELMv3 CII Badging Packages upgrades | ongoing | Statuses changed into In progress |
| SECCOM proposals:
| done |
| |
| Synch with DCAE | Discussion with Michal and commitment from his side to support DCAE
Python: DCAEGEN2-2494, DCAEGEN2-2427 Java: DCAEGEN2-2428, DCAEGEN2-2381 | ongoing |
|
| ONAP and ODL synch | ODL prepares ONAP distribution for each of their releases. Dan will be basing our Honolulu release on their Aluminum release. Right now working on porting to the current Aluminum service release ( SR1). There’s another service release (SR2) that should be available before our code freeze, so Dan anticipates that we’d upgrade to SR2 when it’s available. | ongoing | E-mail sent to Dan and feedback received. |
| Sonarcloud crypto takeaways | Weak crypto report from Sonarcloud. Jiras to be opened. How to get a report with API to be figured out. 5 cathegories of findings: certificate validation, host name of certificate, using secure mode and padding, using weak protocols, encoding passwords as plain text. |
|
|
| Logs management – what to do next? |
|
|
|
| OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 26th OF JANUARY'21. |
|
|
|
Recording:
SECCOM presentation:
