Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 11th of April 2023.
| Jira No | Summary | Description | Status | Solution |
|---|---|---|---|---|
SBOM global implementation in ONAP | -Ticket was opened by Muddasar to LF IT - Signed SBOM implementation for all ONAP project at Global level (IT-25341) -TSC conditionally approved, PTL no objections -Jess confirmed turing on at the global JJB config. | ongoing | Muddasar is doing follow up – check at the release date. | |
| Security test cases review | Muddasar presented his deck: SPDX is our preferred format for SBOM as part of ISO standard. | ongoing | Assessment criteria comments are welcome. Muddasar to follow up with LF IT. Pawel to share information with TSC for ONAP CI/CD Security Review. | |
| Security Questionnaire for CPS | Lee Anjella confirmed the completion of the updates on her side. | ongoing | We agreed for a final review next week. | |
TSC meeting (April 6th) | Marek elected as new Integration PTL | |||
ONAP model changes | -Follow more CNCF approach – independent projects driven by use cases -Integration assures network connectivity -Complementary to Nephio which seems to be more infra focus while ONAP is application -Minimum security and logging guidance is required | |||
API review for Montreal as part of Architecture Review Template | Byung to address with Chaker | SECCOM members to be invited for API review. | ||
| What version of ONAP would be merging with Nephio | Ongoing discussions. We shall wait for Nephio's first release delivery in May'23. Nephio is CRD based, custom API is generated dynamically. Subproject created for HELM support by Nephio with Nokia and E/// support. | |||
SECCOM MEETING CALL WILL BE HELD ON 18th April 2023. | CPS Security updated questionnaire review by SECCOM - final round with CPS team. |
Recordings:
SECCOM presentation:
2023-04-11 ONAP Security Meeting - AgendaAndMinutes.pptx