Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 9th 16th of August 2022.
| Jira No | Summary | Description | Status | Solution |
|---|---|---|---|---|
| Update on Unmaintained Projects task group | -Policy-mariadb is no longer used by any project and can be removed -Steps to remove unused repo
-RACI matrix: https://wiki.onap.org/display/DW/Project+State%3A+Unmaintained OOM contains unused/orphan code: discuss at next unmaintained projects call because it affects security and maintainability | |||
| Update on the Security Logging Fields and Global Requirement | -Bob will socialize python & javascript POCs with PTLs -Use language indicator on SonarCloud dashboard to determine programming language
| ongoing | ||
| SBOM creation | dcaegen2-collectors-ves SBOM successful CPS SBOM failing because project not following ONAP versioning rules | ongoing | ||
Superblueprint | Use cases to be added, limited resources to go with E2E solution integration. Weekly meetings: https://wiki.lfnetworking.org/pages/viewpage.action?pageId=50528282 Architecture: https://wiki.lfnetworking.org/pages/viewpage.action?pageId=53609061 Roadmap: https://wiki.lfnetworking.org/display/LN/5G+Super+Blueprint+Roadmap Requirements and Use case Advisory Group: https://wiki.lfnetworking.org/display/LN/Requirements+and+Use+Case+Advisory+Group Use cases: https://wiki.lfnetworking.org/pages/viewpage.action?pageId=68792322 Use cases to be added, limited resources to go with E2E solution integration. Muddasar tasked with specifying detailed use case requirements for creating secure slices: least privilege Eric Kline performing streaming analytics on data to use in closed loop slicing automation | ongoing | Logistic from program perspective needs to be improved. | |
| OOM | Ericsson OOM team is focused on the ONAP security reference implementation. Logging reference implementation is second priority work item for now. Code link was shared with SECCOM before (nordix), but not yet contributed to ONAP | |||
PTL meeting – August 15th | Meeting cancelled - bank holiday in part of Europe | |||
TSC meeting – August 11th | No one on SECCOM call attended | |||
Pawel and Amy submitted proposal: ONAP’s Recipe for Managing CVEs and Securing Open Source Software Byung will present service descriptor and potentially new ONAP security architecture with service mesh. | ||||
| LFN Developer & Testing Forum NA | Productization of Assured Opensource Software - Muddasar SBOM implementation and challenges in ONAP - Muddasar 5G orchestration with ONAP, AI and ML. - Maggie | Brian to be asked by Muddasar as co-presenter for SBOM. | ||
SECCOM MEETING CALL WILL BE HELD ON 23rd OF August'22. |
...