2021-04-06 Security Subcommittee Meeting Notes

Owned by Paweł Pawlak
Last updated: Apr 07, 2021
2 min read

Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 6th of April 2021.

Jira No

Summary

Description

Status

Solution

Jira No

Summary

Description

Status

Solution

 

ONAP enterprise business workgroup OPS 5G update

Workgroup Wiki:

https://wiki.onap.org/display/DW/TSC+Task+Force%3A+ONAP+for+Enterprise+Business

Meeting recording: 

recording

Global view on LFN projects landscape and 5G E2E implementation:

-CNF Task Force/ORAN enterprise workgroup meeting on 31st of March,

-5G OPS – Open Programmable Software, as much of open source as possible

-All work within community unclassified

-Magma – orchestrator – could be orchestrated by ONAP SO.

-4 uses cases: enhanced mobile broadband, multimachine type communication, ultra low latency, voice over new radio

Open source to be part of commercial solutions.

ongoing

Next meeting is scheduled for April 14th.

 

Slide deck for new Global Requirements

No slot at the last TSC, although booked.

For CII Badging requirement is that the projects will exhibit continous improvements towards achieving and maintaining CII Badging Gold - that is an aspirational goal.

ongoing

To be presented at the incoming TSC meeting - slot in the next agenda to be booked..

 

Training for SonarCloud

Meeting last Thursday done. Questions collection to be addressed by training:

  • take a look at how we are using SonarCloud to benefit from it even more

  • how to automatically eliminate unmaintained projects

  • how to ensure that PTLs have right authority to be able to use SonarCloud capabilities and be able to do the lifecycle, it does support, example: marking false positive, right now we can only change the code to not reappear anymore 

ongoing

 

 

Last PTL meeting

Global Requirements on the project level: 2 Factor Authentication, Site Hardening, code review standard, copyright profile at every source file. Some CII Badging questions have answers ONAP wide.

ongoing

Infrastructure changes at the LF level will need some more time

 

LF Internships

Deadline soon... Bus factor requirment could be a good use case.

ongoing

 

 

Logging management follow-up

In Honolulu it was PoC and not best practice.

Feedback from David: https://lf-onap.atlassian.net/wiki/x/zRv7, action: first step is to review and socialize with the PTLs, good to request time in the weekly PTL meeting for this.  Next, need to propose it as a best practice for the Istanbul release, which will require approval by the TSC before M1.

ongoing

To book a slot for next PTLs meeting.

 

CII Badging – automation

Support for Tony, volunteers are welcome

 

 

 

NEXUS-IQ scans analysis

We wait with the SCA analysis untill code is stable, post RC1?

on standby

 

 

OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 13th OF APRIL'21. 

 

 

 

 

Recording:

 

SECCOM presentation: