2021-10-05 Security Subcommittee Meeting Notes

TSC meeting update

Honolulu maintenance release approved

Jakarta timeline proposed: Release Planning Jakarta

Participants reminded to vote for TSC membership

PTL meeting update

Michal to remove vid from OOM

Investigating portal-sdk removal

Reminded projects to update Security Vulnerabilities tables on protected wiki (CLI, EXTAPI, VNFSDK have made no progress; AAI, MSB have not reported status)

Angular experience on dependencies

Jared presented his development results on app dependency cluster graph.

Slides presented - please refer to thebottom of this page for a link.
 

started

ONAP release notes and dependencies

Thomas was contacted. He is retrieving info via script about all the components. Output:

Open

Dependencies between components or with external projects are not tracked here.

ongoing

To review the context of this request.

Feature template follow-up

Muddasar had a meeting with Alla. Muddasar is preparing a slide deck to be presented at the TSC.

ongoing

Slides with the proposal to be presented at the TSC.

SonarCloud coverage for Jakarta release

Focus on security vulnerabilities that have blocker or critical rank. In Sonar it is called hotspot.

started

[REQ-441]

New Global Requirement

 [REQ-441] LOGS MANAGEMENT - PHASE 1: COMMON PLACE FOR DATA – PROPOSAL FOR JAKARTA

ongoing

Next PTLs meeting on 18th of October - agenda

Kubernetes hardening

Shared by Brian: https://deploy-preview-29791--kubernetes-io-main-staging.netlify.app/blog/2021/10/05/nsa-cisa-kubernetes-hardening-guidance/

CubeCon next week, slack channel exists for Kubernetes security.

started

OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 12th OF OCTOBER'21. 

Kubernetes hardening (Brian)

CADI and AAF replacement (Byung)