2021-04-13 Security Subcommittee Meeting Notes

Owned by Paweł Pawlak
Last updated: Apr 14, 2021
2 min read

Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 13th of April 2021.

Jira No

Summary

Description

Status

Solution

Jira No

Summary

Description

Status

Solution

 

NSA contribution proposal for ONAP security

Slides presented by Maggie:

Proposal on using ONAP to enhance the security of 5G Architecture to use Data Analystics. DAta Analytics system in ONAP to be used to detect anomalies.

ongoing

Both Vijay and Tony to provide support for NSA team, establishing contact with relevant ONAP community members.

 

CNF Task Force enterprise business workgroup 

Next meeting on April 14th at 2:30 UTC

ongoing

 

 

Progress tracking for Python and Java upgrades

In begining of March still Python 2.7  (40) and Java 8 (38) the containers -> last week: (23/67) Java (28/105), so considerable progress observed!

Some items might be due to LF pipeline.

ongoing

We will track upgrades with Jira tickets in Instanbul release.

 

Slide deck for new Global Requirements

No slot again at the last TSC, although booked.

ongoing

To be presented at the incoming TSC meeting - slot in the next agenda to be booked again and e-mail to be sent to TSC districution list.

 

Security and critical vulns per project

Orange developer strated with DMaap: 421 issues down to 53!

ongoing

Next step for PTL to merge the code.

 

SonarCube and integration with Gerrit

Slides presented by Fabian:

Sonar only checks the Master. We need to analyse the code beefore merge.

ongoing

Meeting to be organized by Pawel with Jess and Orange team.

 

Training for SonarCloud

Please refer to slides 4 and 5 of the slide deck below for a complete list of the questions.

ongoing

Questions to be shared by Jess with SonarCloud team.

 

Last PTL meeting

  • Feedback from follwoing projects: DCAE, DMaaP, SDC and SDNC/CCSDK – need to directly discuss with those projects

  • Phase 1: move existing logs to STDOUT

  • Phase 2: to see how we can decide something that is usable by any component (pattern for logs)

  • Phase 3: add request id

  • Chaker’s feedback on Logging guidelines v1.1

ongoing

To check with Chaker where logging guidelies doc is located on the Wiki - already found:

ONAP Application Logging Guidelines v1.1.

 

 

OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 20th OF APRIL'21. 

 

 

 

 

Recording:

 

SECCOM presentation: