2022-07-05 Security Subcommittee Meeting Notes

Owned by Paweł Pawlak
Last updated: Jul 11, 2022 by Byung-Woo Jun
2 min read

Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 5th of July 2022.

Jira No

Summary

Description

Status

Solution

Jira No

Summary

Description

Status

Solution

 

Waiver Analysis

Waiver analysis was reviewed.

  • Testing components are never part of the release.

  • Upstream components will not be solved as well

  • For a code produced in ONAP we are in a very good position.

  • Have we moved to shared DBs?

  • To be checked with Buyng on shared DBs.

  • Why ESR is still showing up? It is not part of Jenkins jobs, so some cleaning is needed.

 

Pawel to check formatting for versions_xfail.txt and Jakarta - checked it is ok.

Specific tickets to be opened for projects.

 

 

Next LFN events

ONE Summit NARegistration Open

  • CFP - Deadline: July 8th; 2022

  • Nov. 15 & 16 2022 Seattle, WA, USA

  • In Person

LFN Developer & Testing Forum NARegistration Open

  • Nov. 17 & 18 2022 Seattle, WA, USA

  • In Person

  • Securiung software supply chain by LFN - new topic to be proposed

 

Proposals to be submitted.

 

 

 

 

David to be contacted and invited by Maggie to SECCOM meeting.

 

Update on Jakarta release

TSC approved the sign off of the Jakarta release on June 30th

Security tests results at 60%: https://logs.onap.org/onap-integration/daily/onap-daily-dt-oom-jakarta/2022-06/30_04-01/

https://lf-onap.atlassian.net/wiki/display/DW/Jakarta%3A++Lessons+Learned

 

 

 

SBOM status update

Muddasar contacted with several PTLs and waiting for their feedback.

 

We need LF IT support, GB was informed by Amy. We ned to run SBOM in the pipeline. Amy to talk to Kenny, Muddasar and Ranny.

 

Technical debt

Muddasar reviewed Jira tickets recently. Some PTLs are using TechnicalDebt tagging and some not at all. Grooming the tickets would be helpful.

Updating packages is technical debt for us.

 

 

 

OSA branch

WE have not had any vulnerability raised within the process, so nothing to be added in OSA for Jakarta release.

 

Thomas to be contacted during unmaintained meeting on Monday.

 

Last SECCOM meeting link

2022-06-28 Security Subcommittee Meeting Notes

 

 

 

DevOPS Pipelines IRS presentation

Youtube link disappears ;-(

https://www.cloudbees.com/customers/IRS

 

 

 

SECCOM MEETING CALL WILL BE HELD ON 12th OF July'22. 

Potentially session with David Wheeler on SBOM.

Overview of Tata Communications DTF presentation on their production logging implementation, https://wiki.lfnetworking.org/display/LN/2022-06-DD+-+ONAP%3A+The+Path+to+a+Production-Grade+ONAP - see the "Logs and Metrics: Architecture" and "Monitoring and Troubleshooting" sections

 

 

 

 

 

Recording: 

 

SECCOM presentation: