Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 17th of January 2023.

Jira No
SummaryDescriptionStatusSolution

Weekly scans re-enabled with Michal’s support:

https://logs.onap.org/onap-integration/weekly/onap-weekly-dt-oom-kohn/2022-11/28_09-30/

-Fiachra responded with srimzi-zk-entrance:

  • This container is required by dmaap message router to connect directly to the strimzi zk for storing some metadata.
  • Strimzi locks it's zk cluster by default and this was advised as a "hack/temporary" solution for MR.
  • https://github.com/scholzj/zoo-entrance
  • I do see that the base image was updated recently though so not sure where the old java version is coming from.
  • AP: to identify where it is getting picked up from
ongoingE-mail with feedback was shared with Fiachra

Security issues raised by External researchers

-IT-24999 Security Issue - Sensitive information leakage

-IT-25000 vulnerability detected (DMARC RECORD MISSING)

ongoingDetails to be reviewed by Pawel and Amy on January 13th. 

Unmaintained projects 

Repos without merge (for last 1 year) identified, at the next PTL meeting Jan 23rd list to be reviewed. Merges by Thomas and Cedric to be excluded.

ongoing

TSC meeting (5th January)

  • Synch on January 11th with OSC (Martin Skorupski)
  • New idea of special squad team to deal with projects without PTLs
  • Updated London release schedule



PTL meeting (9th January)

Check with Fiachra on srimzi container




Logging security discussion (recording reference: starting from 17:15)

Justin Garrard (jagarra@uwe.nsa.gov) presented onap-log-inject.pptx and demo.

ONAP logging requirements:  ONAP Next Generation Security & Logging Architecture.

OOM wanted to have logging at the node level.

Moving Collection Agent to PoD level from Node level avoids security issue. 

startedFurther exchanges to be done on that topic, pushing Fluentbit to the pod makes sense from security perspective.

SECCOM MEETING CALL WILL BE HELD ON January 24th 2023. 







Recordings: 



SECCOM presentation:







  • No labels