2023-07-18 Security Subcommittee Meeting Notes

Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 18th of July 2023.

Jira No

Summary

Description

Status

Solution

Jira No

Summary

Description

Status

Solution



ONAP disaggregation impact on SECCOM activities

Byung provided presentation on disaggregation that was initially discussed:

ONAP - Streamlining the process-2023-7-18-v2.pptx

Separation of marketing and component versions - proposal by Florian to be further elaborated at the OOM meeting on Wednesday.

Proposal: Break ONAP's monolithic version schema

Helm charts dependencies to be analyzed (by Andreas):

ONAP Helm chart dependencies

With known major version and version provided by the project SCA scans could be provided automatically.

Do we maintain a single CI/CD pipeline or individual per project.

Different namespace must be possible.

ONAP components interfaces abstraction (to serve both ONAP but alno non-ONAP) would require an additional development efforts to build adapters - it brings some risk. TM Forum brings some defined APIs.

Security controls out of ONAP:

  • run time out of the box with ONAP (most of them provided by service mesh)

  • build time (we are sending secure code)

  • security of the development pipeline within 

Logging and logs management need to be carefuly considered as one of pilars of security.

Ceremony is needed at ONAP level that finishes and summarizes efforts for a solution.

started

To be continued at ARCCOM and OOM meetings.



NEXT SECCOM MEETING CALL WILL BE HELD ON 25th JULY 2023. 

5Y security questionnaire by Policy. 







Tony to send e-mail reminder, so we would review answers before the meeting next week.



Recordings: 

2023-07-18_SECCOM_week.mp4

SECCOM presentation:

2023-07-18 ONAP Security Meeting - AgendaAndMinutes.pptx