2023-01-24 Security Subcommittee Meeting Notes

Logging security discussion by Byung

Node vs. pod level logging update, pods logs visible but not yet with content, kyverno used for policy management

ongoing

Andrew from Byung's team continues working on pod level logging.

Next week conclusion expected.

CPS Security review questionaire by Tony

Slot for a meeting with CPS team under setup.

ongoing

Security issues raised by External researchers

• IT-24999 Security Issue - Sensitive information leakage – Fiachra was contacted, waiting for his feedback

ongoing

Upcoming D&TF 

Please register!, Topics Page is OPEN! 

-SECCOM proposals (TBD):

• Container signing

• SBOMs – next steps

• London release requirements - update

ongoing

Python PoC by Bob

Environment for testing is available

ORAN SC is actively using Pylog, libraries under testing, 

ongoing

Fiachra to be contacted.

TSC meeting (19th January)

• Bell Canada feedback for ONAP

• LF Networking Mentorship Program

• SECCOM: OOM upgrades for Java and Python.

• What to do with projects without PTL and Global Requirements related tickets for London release.

• Nephio exchanges initiated

PTL meeting (23rd January)

• Discussion on release management tasks - https://lf-onap.atlassian.net/wiki/display/DW/Release+Process

• Latest weekly scans:

  • https://logs.onap.org/onap-integration/weekly/onap-weekly-dt-oom-kohn/2022-11/28_09-30/security/versions/versions.html

• Andreas was asked to check with Michal on new weekly scan execution

London recommended versions

https://lf-onap.atlassian.net/wiki/display/DW/Database%2C+Java%2C+Python%2C+Docker%2C+Kubernetes%2C+and+Image+Versions

SECCOM MEETING CALL WILL BE HELD ON January 31st 2023. 

Node vs. pod level logging update by Byung.

CPS Security review questionaire by Tony.