2023-04-04 Security Subcommittee Meeting Notes

SBOM global implementation in ONAP

-Ticket was opened by Muddasar to LF IT - Signed SBOM implementation for all ONAP project at Global level (IT-25341)

-TSC conditionally approved

-PTL no objections

ongoing 

Muddasar will check with Jess if she completed the work on SBOM signing.

Security Questionnaire for CPS

CPS made some updates but we will check if this activity is completed.

ongoing

Pawel to chec kwith Lee Anjella.

Wrapping up the unmaintained repo task force – Amy: link

We wait till M4 for TSC presentation

PTL meeting (April 3rd)

SBOM global implementation – go decision

Security test cases review 

https://logs.onap.org/onap-integration/weekly/onap-weekly-dt-oom-kohn/2023-02/25_04-42/

-CI/CD pipeline aspects - infrastructure ans security test cases to be further elaborated

-Objective is to identify opportunity for improvement to reduce risk of unwanted behavior and software build pipeline.

-Improve automated test coverage for Security tests at integration stage.

We move this topic to next week agenda.

PTL meeting (March 27th)

-New dates (1 week delay) for M3 (March 30th) and M4 (April 20th)

TSC meeting (March 30th)

TSC 2023-03-30

-China Telecom takeaways – why not using ONAP commercially

-Dashboard could be the reason of CT customization

New ONAP contribution for Integration

Marek from DT might propose his candidature to become Integration PTL.

ONAP model changes

-Follow more CNCF approach – independent projects driven by use cases

-Integration assures network connectivity

-Complementary to Nephio which seems to be more infra focus while ONAP is application

-Minimum security and logging guidance is required 

SECCOM MEETING CALL WILL BE HELD ON 11th April 2023. 

CPS Security updated questionnaire review by SECCOM - final round with CPS team.

Muddasar will share deck for supply chain security via seccom distribution list.