...
| Jira No | Summary | Description | Status | Solution | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TSC meeting updateSECCOM contribution to ONAP qualityincreaseappreciated!!! | ongoing | ||||||||||||||||||||
| DCAE update |
| ongoing | mTLS to be further elaborated | |||||||||||||||||
Honolulu maintenance release approved Jakarta timeline proposed: Release Planning Jakarta Participants reminded to vote for TSC membership | |||||||||||||||||||||
| PTL meeting update | Michal to remove vid from OOM Investigating portal-sdk removal Reminded projects to update Security Vulnerabilities tables on protected wiki (CLI, EXTAPI, VNFSDK have made no progress; AAI, MSB have not reported status) | ||||||||||||||||||||
| Angular experience on dependencies | Jared presented his development results on app dependency cluster graph. Slides presented - please refer to thebottom of this page for a link. | started | |||||||||||||||||||
ONAP release notes and dependencies | Thomas was contacted. He is retrieving info via script about all the components. Output:
Dependencies between components or with external projects are not tracked here. | ongoing | To review the context of this request. | ||||||||||||||||||
| Feature template follow-up | Muddasar had a meeting with Alla. Muddasar is preparing a slide deck to be presented at the TSC. | ongoing | Slides with the proposal to be presented at the TSC. | ||||||||||||||||||
| SonarCloud coverage for Jakarta release | Focus on security vulnerabilities that have blocker or critical rank. In Sonar it is called hotspot. | started | |||||||||||||||||||
[REQ-441] | New Global Requirement | [REQ-441] LOGS MANAGEMENT - PHASE 1: COMMON PLACE FOR DATA – PROPOSAL FOR JAKARTA | ongoing | Next PTLs meeting on 18th of October - agenda | |||||||||||||||||
| Kubernetes hardening | Shared by Brian: https://deploy-preview-29791--kubernetes-io-main-staging.netlify.app/blog/2021/10/05/nsa-cisa-kubernetes-hardening-guidance/ CubeCon next week, slack channel exists for Kubernetes security. | started | Jakarta proposed dates | Global Requirements/Best Practice deadline for submission: 2nd of December by SECCOM:
| ongoing | Last PTL meeting | Portal and VID dependencies (i.e., portal, portal-sdk & vid repos): Portal -> SDC UI (user authentication) -> Other projects are dependent on SDC (e.g., CLAMP GUI) VID to be removed , portal SDK as well. Projects unmaintained shall have their repos excluded from scans. EoL/EoS nomenclature could be used, open source communities do not maintain older versions, but encouraging to use latest greatest. | ongoing | SCA automation efforts | We are xploring automation capabilities for moving data from Nexus-IQ to Wiki. | strated | New Best practice for Jakarta release – new req to be open for Security logging | Set of questions prepared by Bob, to be addressed. Sidecar for logging - to be further decided by TSC who is going to maintain it. | ongoing | PTLs meeting to be used for collecting info on logging capabilities per project. | Feature intake template | Muddasar did not find prove of tracking the feature after its approval. | ongoing | To reach out PTLs on what could be the best way to tackle Jira template. Muddasar will propose some initial template, contributions are welcome. Muddasar will also reach out Alla as a follow up, feedback from testers might be also valuable. | ||
| OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 12th OF OCTOBER'21. | Kubernetes hardening (Brian) CADI and AAF replacement (Byung) |
Recording:
| View file | ||||
|---|---|---|---|---|
|
SECCOM presentation:
| View file | ||||
|---|---|---|---|---|
|
ApplicationVisualization_2021_05_10.pptx