...
| Jira No | Summary | Description | Status | Solution | SDC request for exeption for Honolulu | |||
|---|---|---|---|---|---|---|---|---|
| Last TSC update | done | As it is planned to finalize in Istanbul, SECCOM recommends an exception for SDC. All other exceptions to be reviewed by March 4th. | SECCOM slides for Requirements Subcommittee | CNF Task Force meeting on 16th of March, US governement support may help increasing open source „apps 5G”. | https://wikizoom.onap.orgus/display/DW/Template+to+be+fulfilled+per+each+requirement SECCOM requirements for Honolulu and Istanbul were presented at the session on March 1st. Best practices and global requirements period is open for Instanbul release. CII Badging - as best practice for Istanbul to be moved to global requirements. The same for packages upgrades. New requirement to be linked to existing best practice one. SonarCloud 55% code coverge history - difficult for PTL and committers to know if the code proposed is improving the coverage or not as analysis is visible only on Master = you get to know after the code is merged. Good target is not to reduce the coverage and trying to improve. | ogoing | SECCOM representatives will join this session with US military on open source secure software development for 5G. | |
| Exceptions for Java and Python | Requests were reviewed and recommendations will be provided to TSC for an approval. Still missing ones (38 for Java and 40 for Python). | ongoing | To find a solution to encourage PTLs to raise exception requests or simply complete the cleaning in their containers. | |||||
| SECCOM requirements for Istanbul release | Template to be fulfilled per each requirement | ongoing | To be checked whether for global requirements we could | |||||
| Next PTLs meeting SECCOM topics | For next meeting open point for justification – not using basic image. SonarCloud scans percentage target. | ongoing | to be proposed to meeting agenda | |||||
| Sonarcloud scans | Problem integrating jacoco (for an automated testing) | ongoing | To document SECCOM non-functional requirements for Instanbul release at the Wiki created by Alla. Jiras to be created with linkage under jira. Best practices proposal to be submitted to TSC for an approval. | Sonarcloud issue | Problem integrating jacoco unit test results with SonarCloud to create code coverage reports – ticket was opened to Sonatype. Impact: so 55% code coverage might be not reached by some projects (SDC, SO...). | ongoing | Jess status of the ticket submitted to be informedchecked with Jess. | |
Logs management – follow up by Samuli | Update from Samuli on ONAP xNF O&M requirements have an audit logging requirement – “all changes to the configuration (or: the system) must be logged”: security audit logs must be produced. What types of events to logging to security and what information must be logged to each log entry. Syslog RFC5424. | ongoing | Logging requirements for containers and what it means to manage logs. Stdout usage document to be shared by Fabian VNF logging requirements to be checked. | |||||
| How to create secure applications | Following last request from Chaker and discussion at the last PTLs meeting . Secure design should cover that. | pending | Tony prepared proposal: https://wiki.onap.org/display/DW/Secure+Programming+Practices | pending | SECCOM will provide comments, proposals by next week. Chaker to be informed about this draft. In 2 weeks PTLs to be updated with this proposal. | |||
| Daylight savings | We keep for the moment UTC reference time, even if next week in US there is time shift. If there would be an alternative proposal, let's review it together. | done Tony will start Wiki with the initial proposal and SECCOM will support by reviewing it and providing feedback. Toine from CPS to be addressed. | ||||||
| OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 16th OF MARCH'21. |
...