Versions Compared

Old Version 2

changes.mady.by.user Pawel Pawlak

Saved on

compared with

New Version Current

changes.mady.by.user Pawel Pawlak

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Jira No
SummaryDescriptionStatusSolution

2021 LFN Developer & Testing Forum June 2021-06-07 - 2021-06-10 

Register to  LFN Developer & Testing Forum June

Proposals:  2021 LFN Developer & Testing Forum June 

SECCOM proposal: ONAP: SECCOM activities for Istanbul release

ongoingPlease register to the event.

SonarCloud questions review

Permission problems - Jess to rely on community - e-mail was sent to Jess, waiting for her feedback.

ongoingJess to contact with Alex. Jess was reasked for an update.

ONAP CII discussion – last PTL meeting

Questions to be considered by ONAP community as special focus in Instanbul release presented at the last PTLs meeting:

  • application weak cryptography,
  • server side request forgery,
  • XML external entity,
  • cross site scripting
ongoingNEXUS-IQ – SCA analysis done

Jira tickets (tasks) were created per project for Instanbul release.

Ongoing work on some projects.

PTLs were remainded yesterday to start working on packages upgrades.

ongoingDirect vs. indirect dependencies with container scansAmy opened a ticket at Sonatype (IT-22048) for direct vs. indirect dependencies with container scansFeedback from Bengt to move on with ticket at Sonatype by opening a feature request.ongoingLogging management follow-up

A slide deck draft "ONAP Next Generation Architecture & Logging Architecture, Design and Roadmap"  was presented (link below) by Byung-Woo Jun from Architecture Subcommittee. Work with OOM team (Sylvain and Krzysztof).

ElasticSearch - licensing problems?

Limitations in Keycloak - 200 tenants.

ongoingAmy will open a feature request at Sonatype.

DCAE Transformation stories in Istanbul 

Introduction of common registry within ONAP deployment by Vijay and Krzysztof:

View file
nameONAP-HelmRegistrySupport_v1.0.pdf
height150

ongoing

It was agreed that for Istanbul reelase DCAE implements BasicAuth and for next release as ulitimate goal HTTPS.

Vijay to check authorization options with HelmMuseum.

Vijay to contact OOM and Architecture Subcommittee with this proposal.


Analysis of the container logging requirements against the ATT&CK container matrix

Update provided by Bob, 

View file
nameLogging - ATTACK to SECCOM_v3.pptx
height150

ongoingslides 15 – 21 to be covered next week.


Logging requirements analyssi update by Bob

Bob's Intro

NSA - Jess intro

Looing at the logging requirements.

https://attack.mitre.org/ → enterprise metrix, container metrix. and telecom matrix: https://web.tresorit.com/l/lN841#uqbRHdXCFzVVX8obs1OEUw&viewer=1yoh8gKZ0tA9WqU9asFUHKl2Jp024UTo

ongoingOUR NEXT SECCOM MEETING CALL WILL BE HELD ON 1st OF JUNE'21. 

We will continue Bob's presentation on Analysis of the container logging requirements against the ATT&CK container matrix.




Recording:

View file
name2021-05-25_SECCOM_week.mp4
height150

SECCOM presentation:

View file
name2021-05-25 ONAP Security Meeting - AgendaAndMinutes.pptx
height150