2021-03-02 Security Subcommittee Meeting Notes
Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 2nd of March 2021.
Jira No | Summary | Description | Status | Solution |
| SDC request for exeption for Honolulu | Slides presented by Xue: | done | As it is planned to finalize in Istanbul, SECCOM recommends an exception for SDC. All other exceptions to be reviewed by March 4th. |
| SECCOM slides for Requirements Subcommittee | https://lf-onap.atlassian.net/wiki/display/DW/Template+to+be+fulfilled+per+each+requirement SECCOM requirements for Honolulu and Istanbul were presented at the session on March 1st. Best practices and global requirements period is open for Instanbul release. CII Badging - as best practice for Istanbul to be moved to global requirements. The same for packages upgrades. New requirement to be linked to existing best practice one. SonarCloud 55% code coverge history - difficult for PTL and committers to know if the code proposed is improving the coverage or not as analysis is visible only on Master = you get to know after the code is merged. Good target is not to reduce the coverage and trying to improve. | ongoing | To document SECCOM non-functional requirements for Instanbul release at the Wiki created by Alla. Jiras to be created with linkage under jira. Best practices proposal to be submitted to TSC for an approval. |
| Sonarcloud issue | Problem integrating jacoco unit test results with SonarCloud to create code coverage reports. | ongoing | Jess to be informed. |
| Logs management – follow up by Samuli | Update from Samuli on ONAP xNF O&M requirements have an audit logging requirement – “all changes to the configuration (or: the system) must be logged”.
| ongoing | VNF logging requirements to be checked. |
| How to create secure applications | Following last request from Chaker and discussion at the last PTLs meeting. Secure design should cover that. | pending | Tony will start Wiki with the initial proposal and SECCOM will support by reviewing it and providing feedback. Toine from CPS to be addressed. |
SECCOM presentation: