Versions Compared

Old Version 1

changes.mady.by.user Pawel Pawlak

Saved on

compared with

New Version Current

changes.mady.by.user Byung-Woo Jun

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Open items from 6/21Lots of different wiki pages about ONAP Service Mesh - can we consolidate i.e. Service Mesh POCONAP on Service Mesh - Developer Wiki - ConfluenceService MeshRisk,  Analysis - Developer Wiki - Confluence (onap.org)Service Mesh - Developer Wiki - Confluence (onap.org)Service MeshPoC plan - Developer Wiki - Confluence (onap.org)
  • Any ONAP project to participate to "Container Signing"- Amy will present the concept to the next PTL call - June 27th, 2022.

Work started. Results for root_pods and unlimitted_pods from Guilin to Jakarta.

15 minutes for Muddasar to present 5G security.

Jira No
SummaryDescriptionStatusSolution

Waiver Analysis

Waiver analysis was reviewed.

  • Testing components are never part of the release.
  • Upstream components will not be solved as well
  • For a code produced in ONAP we are in a very good position.
  • Have we moved to shared DBs?
  • To be checked with Buyng on shared DBs.
  • Why ESR is still showing up? It is not part of Jenkins jobs, so some cleaning is needed.

Pawel to check formatting for versions_xfail.txt and Jakarta - checked it is ok.

Specific tickets to be opened for projects.



Next LFN events

ONE Summit NARegistration Open

  • CFP - Deadline: July 8th; 2022
  • Nov. 15 & 16 2022 Seattle, WA, USA
  • In Person

LFN Developer & Testing Forum NARegistration Open

  • Nov. 17 & 18 2022 Seattle, WA, USA
  • In Person
  • Securiung software supply chain by LFN - new topic to be proposed

Proposals to be submitted.





David to be contacted and invited by Maggie to SECCOM meeting.


Update on Jakarta release

TSC approved the sign off of the Jakarta release on June 30th

  • Consolidate ONAP ServiceMesh wiki pages
  • Present container signing to PTLs - 6/27 PTL call was used to evaluate the Jakarta release status. Present 7/1
ongoingJakarta statusRelease approval waiting for input from CLI about the failed nodeport test: port 30271 refusing a connection (

Security tests results at 60%:

https://logs.onap.org/onap-integration/daily/onap

_daily_pod4_master

-daily-dt-oom-jakarta/2022-06/

24

30_

05

04-

56/infrastructure-healthcheck/k8s/nodeport_check_certs/certificates.html)		ongoingKohn status

Package upgrade tickets created for each project and set to block REQ-1211

Infrastructure recommendations at Database, Java, Python, Docker, Kubernetes, and Image Versions

ongoingMITRE FiGHTMuddasar presented MITRE FiGHT frameworkcomplete

View file
nameFiGHT_ONAP SECCOM_ Jun2022_v3.pptx
height150

01/

https://wiki.onap.org/display/DW/Jakarta%3A++Lessons+Learned




SBOM status updateMuddasar contacted with several PTLs and waiting for their feedback.
We need LF IT support, GB was informed by Amy. We ned to run SBOM in the pipeline. Amy to talk to Kenny, Muddasar and Ranny.

Technical debt

Muddasar reviewed Jira tickets recently. Some PTLs are using TechnicalDebt tagging and some not at all. Grooming the tickets would be helpful.

Updating packages is technical debt for us.




OSA branchWE have not had any vulnerability raised within the process, so nothing to be added in OSA for Jakarta release.
Thomas to be contacted during unmaintained meeting on Monday.

Last SECCOM meeting link2022-06-28 Security Subcommittee Meeting Notes


DevOPS Pipelines IRS presentation

Youtube link disappears ;-(

https://www.cloudbees.com/customers/IRS




SECCOM MEETING CALL WILL BE HELD ON 12th OF July'22. 

Potentially session with David Wheeler on SBOM.

SBOM

Ongoing issue with SBOM - Muddasar

Muddasar contacted CPS, A&AI and SDNC to as them to try adding SBOM creation to their Jenkins jobs.

Issue with the repo structure - LFIT/LFDEV has not yet delivered a solution.

ongoingGovernance board to be escalated to for SBOM and LF IT proper focus. Ranny was contatced by e-mail as a follow-up of DTF discussion.Last TSC June 23rd

Sign-off pushed to 27th of June PTL call. CLI nodeport failure.

Conditional approval of Kohn M1

Ongoing SBOM creation issue - Muddasar to follow up with PTLs, LFIT and Ranny Haiby

Nominations for new LFNGB committer delegate underway. Candidate cannot be from ONAP this year.

Logging Global RequirementPromoting Logging Best Practice to Global Requirement  - BobBob will follow process: present GR proposal to PTLs for feedback, then request approval to make it a CR for London.

Tata Communications  production logging implementation

Overview of Tata Communications DTF presentation on their production logging implementation – Bob [move to 7/12]

https://wiki.lfnetworking.org/display/LN/2022-06-DD+-+ONAP%3A+The+Path+to+a+Production-Grade+ONAP

Bob to present on 7/12Waivers review between releasesstarted

To be completed for remaining categories by Pawel - done

Review on 7/1

Synch with OOM:

Overview of Tata communication Logging solutionOlder ONAP version used.

Overview of Tata Communications DTF presentation on their production logging implementation,

https://wiki.lfnetworking.org/display/LN/2022-06-DD+-+ONAP%3A+The+Path+to+a+Production-Grade+ONAP

To be shared what we are doing with them.Whitesource (mend.io) container scansNew ticket submitted to LFN IT: IT-24112 - Jess was asked for an update.ongoingTechnical debtPTLs to be consulted. to know how PTL thinks when looking at Jira tickets. Vijay will be on PTO for next 2 weeks, so it will not be DCAE, AAI under consideration.ongoingAsk at the next PTLs meeting for volunteering PTLs. Amy and Muddasar to synch each other on that.Automation for dependency managementhttps://github.blog/2020-06-01-keep-all-your-packages-up-to-date-with-dependabot/  

SECCOM MEETING CALL WILL BE HELD ON 5th OF July'22. 

Recording: 

- see the "Logs and Metrics: Architecture" and "Monitoring and Troubleshooting" sections






Recording: 

View file
name2022-07-05_SECCOM_week.mp4
height150


SECCOM presentation:

View file
name2022-07-05 ONAP Security Meeting - AgendaAndMinutes.pptx
height150
SECCOM presentation: