2022-12-13 Security Subcommittee Meeting Notes

Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 13th of December 2022.

Jira No	Summary	Description	Status	Solution

Summary	Description	Status	Solution
TSC meeting (8th December)	ONAP consumers requested to provide their feedback TSC approved the creation of the Portal NG as a new ONAP project Commiters from DCAE, AAI and OOF were asked by David to fulfill Release Management tasks while there is no PTL in the project. TSC approved removal of OOM helm charts for appc and vid Vijay was asked to provide his feedback
PTL meeting (5th December)	CPS as next project for ONAP security review questionnaire
Weekly scanning report	With latest weekly scans https://logs.onap.org/onap-integration/weekly/onap-weekly-dt-oom-kohn/2022-11/28_09-30/ noticed that srimzi-zk-entrance is indicated as having some old Java.
SCA - Automated NEXUS-IQ scans and recommendations for packages upgrades for London release	AAI – 2 items missing proposed release Groovy – 3.0.7 Spring-boot – 2.5.14		Amy to check with the team.
Unmaintained projects	LFX insights v2, get rid of old repos, it does not make sense to run jobs for repos that are not going to be fixed.		PTLs to be asked to remove Jenkins jobs that are not needed anymore.
ONAP security review questionnaire	Review provided by Muddasar and Amy – Thank you! Some details in few responses are missing. Some equestions could be expanded into multiple questions (Assurance related).	ongoing	Muddasar to provide proposals for questions improvements. Amy to share the link with ONAP SECCOM security requirements - done: ONAP Security Requirements SNMP version used in DCAE to be asked to Vijay.
SECCOM MEETING CALL WILL BE HELD ON January 10th 2023.

Recordings:

2022-12-13_SECCOM_week.mp4

SECCOM presentation:

2022-12-13 ONAP Security Meeting - AgendaAndMinutes.pptx