2021-03-16 Security Subcommittee Meeting Notes

Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 16th of March 2021.

Jira No	Summary	Description	Status	Solution

Summary	Description	Status	Solution
Last TSC update	CNF Task Force meeting moved to 31st of March, US governement support may help increasing open source „apps 5G”. https://zoom.us/j/219945081?pwd=ZEN3U3daem9oMGJuZ3BXZExCdldkUT09	ogoing	SECCOM representatives will join this session with US military on open source secure software development for 5G.
Last PTL meeting	Exceptions for Honolulu - still for some scans we lack exception requests (see Honolulu Impact View per Component) - exceptions to be merged. Moving best practice requirements (CII Badging, upgrading packages) to global - no feedback received. Discussion point on SonarCloud code coverage separate targets per project, results are seen by the project after the merge. Discussion point on why basic images are sometimes not used by projects, Alpine basic image does not work. CCSDK and SDNC moved to basic image - more documentation is needed - Morgan provided it. In some cases JDK needed in runtime - basic image does not have it. Basic Image Documentation: How can I use the Python baseline image? Where can I find a java 11 baseline image for my component?		Separate meetings with projects to be organized on SonarCloud code coverage target goals per project. Sonarcloud, gerrit and Jenkins feedback to be shared by Fabian.
How to create secure applications	Following last request from Chaker and discussion at the last PTLs meeting Tony prepared proposal: https://lf-onap.atlassian.net/wiki/display/DW/Secure+Programming+Practices Comments/proposals/modifications were provided.	pending	Chaker to be informed about this draft - e-mail to be sent by Pawel. Next week PTLs to be updated with this proposal.
OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 23rd OF MARCH'21.

Recording:

SECCOM presentation: