2021-07-27 Security Subcommittee Meeting Notes

Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 27th of July 2021.

Summary	Description	Status	Solution
Seccom criteria for the integration tests to pass a release	Add Python and Java version checks Achieve 100% level Follow exception process if relevant	ongoing	To be presented at the TSC meeting
Last PTLs meeting	Few (3 or 4) projects should add ONAP wording in their description as they do not show up in CII Badging dasboard. https://logs.onap.org/onap-integration/daily/onap_daily_pod4_master/2021-07/15_02-27/ For the security testing we score at 40% as of today - our target is to add java and python version testing ar reach 100% to release. Please update statuses of your Jira tickets for SECCOM Global Requirements	ongoing	Waiting for a list of project not participating in Istanbul release.
ESR Waiver	Currently 3 use cases are using ESR: ETSI alignement (AAI external system directory API) Network slicing (ESR server) but can use AAI external system directory API CCVPN case (using ESR GUI server) , they can use AAI sending notification oto DMaaP and SDNC and VFC can pick-up SO currently ESR in maintenance mode but can be obsolete. If nobody is using ESR, let's remove it from the Istanbul release.	ongoing	CCVPN to be check by Byung if they will use AAI.
Software BOMs, Hardware BOMs - Muddasar	Presentation:	ongoing
Dependency confusion attacks vs. ONAP SW build process	Packages are downloaded from Internet for ONAP. To be further elaborated with Bob and Samuli.	ongoing	E-mail to be sent to SECCOM distribution list/ONAP distribute.
Update from LFN	(IT-22333by Pawel, and IT-22334by Thierry) Waiting for Thierry’s return	ongoing
Code quality and SonarCloud	Achievements to be presented to TSC	ongoing	Pawel to work with Fabian to present progress and achievements to TSC in this domain.
OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 3rd OF AUGUST'21.	SBOM/HBOM continuation.

Recording:

SECCOM presentation:

Space shortcuts

Page tree