2023-08-08 Security Subcommittee Meeting Notes

Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 8th of August 2023.

Jira No

Summary

Description

Status

Solution

Jira No

Summary

Description

Status

Solution

 

Oparent

-Only 2 PTLs responded to Amy’s e-mail

-No objections on Oparent retirement, we have no volunteer to maintain it up to date

-We need explicit directions on alternative usage (including list of packages to be used by each project)

 

Amy needs to get a copy of the code. Meeting between Tony and Amy is planned on Thursday.

 

Documenting APIs

Meeting with Thomas Kulik on Thursday completed by Muddasar who shared his update. 

Thomas is short in resources. We may rely on Byung effort in documenting APIs.

Not every project exposes system data API.

Some projects are not on the Byung's list

 

 

Reference to the complete list to be added to the Byung's deck.

 

Disaggregation impact on quality assurance and testing 

Byung shared security and logging updated slides

ONAP Streamlining - The Process (Link)

 

 

 

5 Years security questionnaire for Policy project

Tony to invite Policy represenatives to one of the next SECCOM meetings

 

 

 

Java 17 vs. Java 21

We propose ONAP project to upgrade to Java 17, packages as there might be some missing dependencies for Java 21, so projects might target it but juno from 11 directlly to 21 might be a significant effort.

 

 

 

LF IT CI/CD security review

85-90% information received by Muddasar. 

Good security hardening is already in place.

Muddasar shared presentation (below).

 

 

 

PTL meeting (August 7th)

-Java 17 vs. Java 21 info provided – we stick to Java 17, question to Amy for Jira tasks creation

-Discussion on how disaggregation impacts Release Management tasks

-Github actions intro provided by Jess, follow-up at the TSC meeting on Thursday

 

 

 

TSC meeting (August 3rd)

-Presentation on disaggregation topics submitted by Byung, voting expected on August 10th.

 

 

 

NEXT SECCOM MEETING CALL WILL BE HELD ON 15th of August 2023. 

 

 

 

 

 

 

Recordings: 

2023-08-08_SECCOM_week.mp4

SECCOM presentation:

2023-08-08 ONAP Security Meeting - AgendaAndMinutes.pptx