2021-11-02 Security Subcommittee Meeting Notes

Owned by Paweł Pawlak
Last updated: Nov 03, 2021 by Tony Hansen
2 min read

Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 2nd of November 2021.

Jira No

Summary

Description

Status

Solution

Jira No

Summary

Description

Status

Solution

 

SECCOM weekly scheduling/timing

We start every Tuesday at 1 PM UTC (currently 2 PM CET)

 

 

 

TSC meeting report

Requirements subcommittee: just few reqs for Jakarta:

-https://lf-onap.atlassian.net/wiki/display/DW/Jakarta+release+-+functional+requirements+proposed+list

OOM repos moving to GitLab 1 week after Istanbul release – what will be the interface for end user.

 

 

 

Istanbul security achievements 

Draft slides presented to SECCOM.

ongoing

Deck is ready to be presented at the next TSC meeting.

 

ONAP code quality improvement 

Kevin created a fake project to check the feature. Toine to be contacted by Fabian.

ongoing

Toine's detail to be provided by Pawel to Fabian.

 

SBOM update

To be confirmed if LFN would run SBOMs, as LFN signs the ONAP code. Kenny was contacted at least twice but no feedback. 

ongoing

LF IT ticket to be opened by Muddasar. Jess and David will be reached out by Muddassar as well to know where is the best step in the CI/CD pipeline for the SBOM creation.

 

PTLs meeting update

Meeting on November 1st was cancelled.

 

 

 

Integration/OOM synch 

Prometheus maintenance - OOM team does not want to maintain it outside of keeping most recent release due to limited resources. Dashboard already predefined and available for Prometheus in OOM: https://docs.onap.org/projects/onap-oom/en/latest/oom_setup_paas.html#prometheus-stack-optional

Using basic image global requirement for Jakarta release.

ongoing

 

 

CII Badging

Jira tickets to be created for remaining critical and blocking issues and tight them to req-443 for Jakarta release

ongoing

Tony and Amy will hadle it.

 

Jakarta release schedule 

https://wiki.onap.org/display/DW/Release+Planning%3A+Jakarta

Istanbul sign-off date is November 4th.

done

 

 

Security requirements

Bob has templates for requirments submission. We will have to provide our reqs presentation to Requirements Subcommittee.

ongoing

Alla to be contacted.

 

Kubescape 

Fabian had a meeting with Michal Jagiello. Fabian will do the comparison between Kube-scape and existing tools.

ongoing

 

 

OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 9th OF NOVEMBER'21. 

Reviewing requirements by SECCOM as part of the process. 

 

Catherine to be addressed. To be discussed with Amy on Friday.

 

Recording: 

SECCOM presentation: