2022-12-06 Security Subcommittee Meeting Notes

Owned by Paweł Pawlak
Last updated: Dec 08, 2022
2 min read

Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 6th of December 2022.

Jira No

Summary

Description

Status

Solution

Jira No

Summary

Description

Status

Solution



ONAP security review questionnaire

We went through first iteration of ONAP security review questionnaire, DCAE - ONAP Security Review Questionnaire Template

DL-Admin - name of DCAE repository.

General comment: answers are reasonable. 

Difficult to provide a grade, so we move the score filed into SECCOM Feedback/Recommendations as actionable item. 

Jiras to be created for every project to close issues in SonarCloud with description of what needs to be done - this could be part of the template as well.

ongoing

We are to provide feedback proposal in the questionnaire by next SECCOM -December 13th.

Tony to open a ticket to LF IT on license expiration for Toggle Cloack and Cloack plugins (used for an additional description under "+" mark. - done IT-24912 - SOLVED



Projects in OOM and HELM for removal

APPC, VID, Portal - decision needs to be taken to drop those projects from OOM.

started

Slot to be booked at the incoming TSC meeting to get decision on removal.



Integration tests

  • Weekly scans re-enabled with Michal’s support:

https://logs.onap.org/onap-integration/weekly/onap-weekly-dt-oom-kohn/2022-11/28_09-30/

  • Daily scans:

https://logs.onap.org/onap-integration/daily/onap-daily-dt-oom-kohn/2022-12/06_03-37/







SCA - Automated NEXUS-IQ scans and recommendations for packages upgrades for London release 

Restricted Wiki ready to be consulted for PTLs for London release - thank you Amy!







TSC meeting (1st December)

-TSC Chair voting process completed – Pawel elected as new Chair

-ONAP consumers requested to provide their feedback







PTL meeting (5th December)

-ONAP Kohn release voted by TSC as ready to release







Portal PoC proposal by DT

The process I found on the Wiki: https://lf-onap.atlassian.net/wiki/display/DW/Project+Proposal+Process+Overview I see that Georg prepared the proposal inline with this process: https://lf-onap.atlassian.net/wiki/display/DW/PortalNG+Project+Proposal

PoC for NG Portal is approved by Archcom.



Byung and Chaker to provide clarification to Georg on Jira ticket as per Archicom.



SECCOM MEETING CALL WILL BE HELD ON 13th OF
December'22, after next SECCOM is scheduled on January 10th 2023. 













Recordings: 

2022-12-06_SECCOM_week.mp4



SECCOM presentation:

2022-12-06 ONAP Security Meeting - AgendaAndMinutes.pptx