Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Jira No
SummaryDescriptionStatusSolution

CPS Road to gold 

Idea of submitting presentation proposal for DTF virtual event on CPS road to gold with Tony’s contribution (few additional slides on why CPS could not get to gold and what are the missing pieces in the infrastructure).

Main blocker: lack of second verification - 2FA is missing at the LF IT infra.

First priority to get it supported for committers (MFA at the gerrit level), other group with lower priority are code submitters (MFA at the git level).

started

2FA is missing at the LF IT infra – Amy to share with TAC.

To be checked if gerrit supports MFA.

Tony could present this issue to TSC (next week?)

Pawel to share with Lee Anjella the proposal for a joint presentation. 


Building a better 5G future...Muddasar is presenting today at the ONE conference in Vancouver - crossing fingers!


LFX Security Dashboard

https://security.lfx.linuxfoundation.org/ 

Amy had a meeting with Jess. 

-LFX is a security framework - open for different pipelines, no dictated tools, and absolutely no integration with LF purchased/licensed products: Nexus-iq or Sonarcloud.

-VEX and SBOM under exchanges

ongoingValue to ONAP projects could be increased by providing configuration templates for existing tools.

Latest weekly scans

Marek was able to initiate latest run of scans.

Results are progressing, cassandra and zk-tunnel-svc to be further elaborated.


Pawel to check with Marek if he recalls zk-tunnel-svc is part of which project.

PTL meeting (May 8th)

Liam confirmed interest in questionnaire review

Discussion on Java 17 recommendation impact and dependency with other upgrades (Spring 6 and Springboot 3). Database, Java, Python, Docker, Kubernetes, and Image Versions


Tony to be contacted by Policy team member for 5 Year security review.

TSC meeting (May 4th)

Final list of unmaintained by Amy presented to TSC.

If there is no PTL, tickets shall be assigned to Pawel as TSC Chair who could reassigned further.




SECCOM Montreal requirements

Existing Global requirements

-Epic REQ-437: COMPLETION OF PYTHON LANGUAGE UPDATE (v2.7 → v3.8)

  • Montreal Task: TBC
  • OOM-2900 - Update or Remove Python 2

-Epic REQ-438: COMPLETION OF JAVA LANGUAGE UPDATE (v8 → v11)

  • Montreal : TBC
  • OOM-2554 - Common pods have java 8

-Epic REQ-439: CONTINUATION OF PACKAGES UPGRADES IN DIRECT DEPENDENCIES

  • Montreal Task: TBC

-Epic REQ-443: CONTINUATION OF CII BADGING SCORE IMPROVEMENTS FOR SILVER LEVEL

  • Montreal Task: TBC

-Logging for Java

  • Montreal Task: TBC


  • New Best Practice requirements
- Java 17 support

Bob to share Jira as a reference.

JIRA ticket for the security logging for Java containers.

https://jira.onap.org/browse/REQ-1072


Integration in SubcommitteesRequirements Subcommittee will be integrated under Architecture Subcommittee.


SECCOM MEETING CALL WILL BE HELD ON 23rd May 2023. 

SBOM Types & Minimum Requirements for VEX Documents







Recordings: 

2023-05-16_SECCOM_week.mp4

SECCOM presentation: