1 Introduction
This section captures recommendations for handling certain security questions that are studied by the security sub-committee. These recommendations, when implemented, can lead to new best practices. The recommendation states are:
...
- ONAP Credential Management
- ....
2 ONAP Credential Management.
Status: Draft
2.1 ONAP Credential Management Overview
In order to support secure communication between the ONAP modules and also external to ONAP, then a form of credentials is required. The options for these credentials are:
...
The recommended approach is....
2.2 Credential Lifecycle
The lifecycle of the credentials are:
...
(Note: A description of the above is required)
2.3 Recommended approach
Describe recommended approach here for all steps of the lifecycle.
Architecture put (abstract)
2.4 Implications to the ONAP
Describe what this means to ONAP
3 ONAP Static Code Scans
Status: Draft
3.1 ONAP Static Code Scanning
The purpose of the ONAP static code scanning is perform static code scans of the code as it is introduced into the ONAP repositories looking for vulnerabilities.
3.2 Approaches
The ONAP sub-committee is converging on that coverity is a suitable choice for the static code scans.
The discussion now is how to include this in the git/gerrit code contribution process.
3.3 Recommendation
Capture the recommendation here
4. CII Badging process Learnings for ONAP.
Status: Draft
4.1 CII Badging process intro
This section captures the learning's of using the CII badging program in ONAP.
4.2 Learnings
CII Badging Program - Feedback
...