...
| Jira No | Summary | Description | Status | Solution | TSC elections | upcoming TSC Chair/Vice Chair elections - no candidates so far. | Unmaintained meeting update | -Connecting images to repos is nested within the JJBs -Options: (1) use tagging to connect images to repos, (2) POM files have container names, (3) multi-image repos have info in JJB, (4) use logs of jenkins build jobs -Repo Tagging: https://help.sonatype.com/repomanager3/nexus-repository-administration/tagging Jessica will attend the 31 October Unmaintained Repo meeting | ongoing | Tony Hansen proposed an automated solution using POM and JJBs to associated images to repos | SBOM update | PTLs or LF IT to be responsible for configuration change (JJB template). If no PTL, the change shall be on LF IT. | Where SBOMs are not produced, troubleshooting needs to be done by LF IT and SECCOM. Jiras per projects to be issued by Muddasar. IF PTL exists, it would be assigned to him/her, otherwise to LF IT (Jess?). | Logging requirement - Bob and Byung | -Python PoC, PTL to be targeted, internal resource available, library to be prepared -Update on presentation to PTLs -Recommendation from Vijay – work with Integration team -GR for Java – pushback from PTLs
-Decision: proceed with java GR for London | Agreement for PoC to be achieved with Vijay. | Security asessment questionnaire – ongoing Tony with Vijay | -DCAE - ONAP Security Review Questionnaire Template -SECCOM next steps: define a scoring methodology | Add to Nov 1 SECCOM agenda as first item: discuss scoring methodology |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Security Call Data Record (SCDR) presentation by David | Secure slicing capability in 5G is seemed almost equivalent VLAN capability. https://wiki.lfnetworking.org/pages/viewpage.action?pageId=74647627 Byung presented yesterday, one of the things was Intent Based Networking, Maggie will present as well around this topics (metrics). | ||||||||||||||||||
| Logging Global Requirement | Choice of application logging standardout and standarderr - security challenged. Problem statement: Fluentbit can not access logs in other pod. Changing base image with modifying permissions for standardout and standarderr. Potential compliance issue to be studied. Long term solution would deal with security mesh (ISTIO based). Log format - not specified in GR. Java POC for CPS is in JSON, but at this stage it might be an impact. | Bob to come back to Vijay with Berth in copy. | |||||||||||||||||
| Unmaintained meeting | New time line - after PTLs call - to be confirmed with David. | ||||||||||||||||||
| SBOM crossproject | Muddasar is working with LF support. Changing version of output file was causing problems. | ||||||||||||||||||
| London SECCOM requirements | Approved by TSC. | ||||||||||||||||||
| TSC meeting on November 3rd | Kohn Release notes Ongoing TSC Chair/Vice Chair elections LFN Governance Board ONAP status update – slide deck preparation ONAP transformation - presentation by Magnus ONAP cross-community topic for LFN DDF - SBOM https://wiki.lfnetworking.org/pages/viewpage.action?pageId=80281797, TSC are in agreement on the topic for first day of D&TF | ||||||||||||||||||
| Architecture subcommittee | Checking what could be the input to Magnus' Mainstream (to be presented at the DTF). Presentation about security by Andrew with Byung assistance. | ||||||||||||||||||
| Operational Security Assurance for Open Source 5G Mobile Networks | Will be presented by Maggie at the DTF | LFN Developer & Testing Forum NA |
| Daylight saving time | To be further elaborated. In US in the week of November 4th, last weekend of October for Europe/Poland. | ||||||||||||||
SECCOM MEETING CALL WILL BE HELD ON 1st 29th OF November'22. |
Recordings:
SECCOM presentation:
London SECCOM Requirements - revised.pptx
...