2022-03-01 Security Subcommittee Meeting Notes
- Paweł Pawlak
- Byung-Woo Jun
Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 1st of March 2022.
Jira No | Summary | Description | Status | Solution |
|---|---|---|---|---|
| ONAP Security logging PoC requirements - Byung | https://lists.onap.org/g/onap-requirements-sub/viewevent?eventid=1437425&calstart=2022-02-28 Presentation available at the bottom of this page. Security Logging Requirements were presented to Use Case Subcommittee. Toine agreed to be a project for a PoC. | started | Presentation on proposed logging fields to be provided to PTLs community on 14th of March. To be folloed by architecture information as a separate presentation/topic. |
Unmaintained projects – ticket creation for failing Jenkins jobs | Issue seems to be finally resolved. homas asked to propose a patch for the composite release notes that includes info from slide 6. | done |
| |
| LFN preparing document on ONAP security | https://wiki.lfnetworking.org/display/LN/2022+LFN+Security+whitepaper Contribution needed for SBOM part – Sean/Bob done -NTIA paper could be a good reference. | done |
|
| Unmaintained projects | Discussion on how to represent unmainained project, yaml vs. Json file, type of information. | ongoing |
|
IT-23622 API documentation for SonarCloud (continuation of IT-23519) | Tony and Amy will try to use AT&T leverage as SonarCloud customer to get info on API documentation. | ongoing |
| |
| Unmaintained projects - Istanbul Maintenance Release Notes | Ticket creation for failing Jenkins jobs. Thomas asked to propose a patch for the composite release notes that includes info from slide 6 but we first need to solve failing Jenkins jobs. | done | Failing Jenkins jobs issue to be escalated. |
| Security logging update | https://wiki.onap.org/display/DW/Jakarta+Best+Practice+Proposal+for+Standardized+Logging+Fields Some more clarifications planned, naming causing some confusion.
| ongoing | One more session (on 25th of February) to complete fields review. Next to be reviewed with PTLs. |
| SonarCloud findings | Tony will open direct tickets to projects. | started | Tickets to be open by Tony. |
| Badging - no update | Tony working with David and Dave on getting projects moved from having owner from project and replacing with David for Badging. Some owners gone away... Additional editors do not have rights to remove somebody from the project (can only add additional people). No movement. Waiting for an answer from David Wheeler. |
| Tony to reach out David. |
| Final SCA scan for Istanbul Maintenance release. | List of projects with transitive dependencies to be provided by Amy. |
|
|
| Quality gates | No update so far from Seshu. | ongoing | To join SO meeting. To drop an e-mail to Toine. |
| Issue with Wiki creation by Tony | Ticket to be created to solve the issue |
|
|
|
|
|
|
|
| SECCOM MEETING CALL WILL BE HELD ON 8th OF MARCH'22. | Quality gates for code quality improvements - continuation of the discussion. 5Y review criteria.
|
|
|
Recording:
SECCOM presentation:
Use Case Realization subcommittee presentation on February 28 2022: ONAP-Security-Logging-Architecture-Requirements-2022-02-28.pptx