2023-05-16 Security Subcommittee Meeting Notes

Owned by Paweł Pawlak
Last updated: May 19, 2023
2 min read

Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 16th of May 2023.

Jira No

Summary

Description

Status

Solution

Jira No

Summary

Description

Status

Solution



Good news!

Byung as the new Architecture Subcommittee Chair - congratulations! 







CPS Road to gold 

Tony prepared his part of the deck for a common presentation.

ongoing

Tony to send a copy to broader team and check with Lee Angella.



Building a better 5G future...

Muddasar was presenting Accelerating 5G Innovation at the ONE conference in Vancouver. Recording shall be available in few weeks. Muddasar provided a quick summary.

Maggie will be speaking to 5G superblueprint on network slicing and network configuration on Wednesday (11.00 AM EST). 







LFX Security Dashboard

https://security.lfx.linuxfoundation.org/ 

Amy had a meeting with Jess. 

-LFX is a security framework - open for different pipelines, no dictated tools, and absolutely no integration with LF purchased/licensed products: Nexus-iq or Sonarcloud.

-ongoing VEX and SBOM under exchanges

ongoing

Value to ONAP projects could be increased by providing configuration templates for existing tools.



Latest weekly scans

Marek was able to initiate latest run of scans.

Results are progressing, cassandra and zk-tunnel-svc to be further elaborated.

Marek does not know which project is using zk-tunnel-svc - it is not in Jenkins

ONAP-discuss question was raised but no feedback so far.



Pawel to check with Marek if he recalls zk-tunnel-svc is part of which project.



PTL meeting (May 15th)

PTL Agenda Topic:  Confluence and JIRA alternatives – no issue anymore

M4 status update RC for London June 1st.

Montreal M1 planning (June 22nd)



Tony to be contacted by Policy team member for 5 Year security review.



TSC meeting (May 11th)

Voting on modified ONAP mission statement and chapter modifications

Preparation of the deck for Governance Board (presentation today!)

2FA issue raised – follow-up with Andreas and LF- IT today at 5 PM CEST.







SECCOM Montreal requirements

Existing Global requirements

-Epic REQ-437: COMPLETION OF PYTHON LANGUAGE UPDATE (v2.7 → v3.8)

  • Montreal Task: TBC

  • OOM-2900 - Update or Remove Python 2

-Epic REQ-438: COMPLETION OF JAVA LANGUAGE UPDATE (v8 → v11)

  • Montreal : TBC

  • OOM-2554 - Common pods have java 8

-Epic REQ-439: CONTINUATION OF PACKAGES UPGRADES IN DIRECT DEPENDENCIES

  • Montreal Task: TBC

-Epic REQ-443: CONTINUATION OF CII BADGING SCORE IMPROVEMENTS FOR SILVER LEVEL

  • Montreal Task: TBC

-Logging for Java

  • Montreal Task: TBC



  • New Best Practice requirements

- Java 17 support



Bob to share Jira as a reference.

JIRA ticket for the security logging for Java containers.

https://jira.onap.org/browse/REQ-1072



SECCOM MEETING CALL WILL BE HELD ON 23rd May 2023. 

SBOM Types & Minimum Requirements for VEX Documents - we move it to the next week, Muddasar will prepare some info on SPDX 3.0 and different types of SBOMs.













Recordings: 

2023-05-16_SECCOM_week.mp4

SECCOM presentation:

2023-05-18 ONAP Implementing 2FA.pptx