Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 4th of May 2021.

Jira No
SummaryDescriptionStatusSolution

NSA proposal follow-up

Meeting on May 3rd:

  • meeting was very informative, grow ONAP platform in analytics and reacting to events
  • one of first steps joining this session: logging reqs, AA in Kubernetes,
  • NSA requirements are needed for an area needed to be enhanced
ongoing

Next meetings will be organized ad hoc.  SECCOM weekly meetings will be regularly used.

Amy will facilitate exchanges with Maggie and NSA team.


Additional 2 resources from Orange to improve ONAP securityProgress with SO – Fabian, first Focus on performance application issue.ongoing

ONAP security with the OPS 5G project

Next meeting on May 6th, deck prepred and presented by Amy:


ongoingTo be presented on May 6th

ONAP CII discussionRequirement: 

There MUST be no unpatched vulnerabilities of medium or higher severity that have been publicly known for more than 60 days.

ongoingSlot to be booked at the next PTLs meeting to present this issue.

SonarCloud  answers for our questions

Please refer to slides 4-7. ongoingWe will discuss answers next week.

Logging anagement follow-up

Fabian prepared slides with logging architecture.

Some requiremets for logging are in scope of security and some are more general (and outside of security domain).

Bob did the summary of logging specs andshared with SECOM via distribution list.

ongoing

We can start with the simple requirment.

Slide draft shall be presented at the SECCOM and then presented to Architecture Subcommittee - Amy will share the logging requirmeents slide deck.


Continuation of discussion on Fabian’s comment on logging management

Bob shared the link: ONAP Application Logging Specification v1.3 (Frankfurt)#MDC-InvocationIDMDC-InvocationID

ongoing

Fabian to present most recent logging management archiecture to Archiecture Subcommittee.

Bob to elaborate the link provided.


NEXUS-IQ – SCA analysis outputsAnalysis almost done:
  • List of recommended packages version
  • Some packages are still scanned althought planned to be unmaintained (example: policy-engine)
  • PTLs were contacted for failing Jenkins jobs



OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 11th OF MAY'21. 

Whe start pushing few other items in CII Badging or SonarCloud? To adrress it next week at the SECCOM.

Review of the document (link) provided by Bob.




Recording:


SECCOM presentation:



  • No labels