This is a wiki page that captures the intent and planned/ongoing actions for the support of security coordination in ONAP.

This covers both the organizational setup and the operations of the onap security subcommittee. 

...

ONAP Security sub-committee Operations

Agenda for next meeting:

• Information Update
• S3P (carrier grade) - security aspects. Re: Carrier Grade Requirements (consolidated) common authentication/authorization service (amy)
  • There has been comments and discussion on the security part, this is to consolidate and finalize our input.
• Topics to advance
  • Static Code Scanning
    • Status update of using Coverity. 
    • Next steps
  • Credential protection and managementStatic Code Scanningmanagement
    • Proposal walkthrough.
  • Next steps to close on our proposal
  • If time: Sonatype CLM / Nexus IQ Tool (management of dependancies and known vulnerabilities)
• AOB

Requested Agenda Items: Please feel free to add topics here that you would like to have on the agenda (or send an email to stephen.Terrill(at)ericsson.com).

...