Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Current »

Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 29th of March 2022.

Jira No
SummaryDescriptionStatusSolution

Updates to Secure Design Questionnaire - Maggie

Maggie merged the changes on the Wiki. Tony's comment to keep naming convention from headings as it corresponds to Badging questionaire. Most of the changes are usefull. Thank you Maggie!

ongoing

Muddasar will prepare grade rate assessment proposal.


ONAP policy update

Ramesh (ONAP Policy) gave a presentation again on enabling cluster role in policy k8s-participant’s OOM chart since they have implemented the security requirements suggested by SECCOM.

REST endpoints disabled by default.

  • In remote helm repository:
    • Allows only secure repos with https enabled
    • Allow the rewpo only if present in the permitted repo list
  • Provision included in the config file of K8s-participant helm chart to provide a list of permitted repos to consume the charts.
  • Verifies secure repository endpoints
ongoingE-mail to be sent by Ramesh to Sylvain before end of march.

Badging dashboard

Tlhansen.us/onap

For dynamic code analysis the answer from projects should be answered Unmet. We have static analysis buit not dynamic.

Jenkins jobs for SonarCloud configured on a weekly basis - licence level we are using.

ongoing

Linux Security Summit - CFP

Linux Security Summit, happening June 23-24 in Austin, Texas + Virtual!
Don't delay - submissions are due Wednesday, March 30. View suggested topics, learn more and submit here https://events.linuxfoundation.org/linux-security-summit-north-america/program/cfp/

  • We plan to submit with Amy presentation proposal for Global Security Vulnerability Summit
  • Tony’s proposal for Security principles in the implementation.
started

Amy and Pawel to submit proposal.

Tony and Maggie to provide proposal as well.


SECCOM MEETING CALL WILL BE HELD ON 5th OF April'22. 

Quality gates for code quality improvements - Fabian's presentation.

5Y review criteria - finalization of the proposal.

SonarCloud fixing with new code focus.






Recording: 


SECCOM presentation:







  • No labels