Versions Compared

Old Version 1

changes.mady.by.user Pawel Pawlak

Saved on

compared with

New Version Current

changes.mady.by.user Pawel Pawlak

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

To remind PTLs about Flow Matrix inputs that are required from the community.

If a project is ran by a single company it has a status declined = project is at risk.

Virtual event planned end of September:

New Dates Open Networking & Edge Summit North America 2020  September 28 & 29, 2020 (Virtual Event is now confirmed) - https://lists.onap.org/g/onap-tsc/message/6513

  • ONAP TSC Abstract “ONAP and Cloud Native” was approved.
Jira No
SummaryDescriptionStatusSolution

Harbor feedback from TSC

Solene provided presentation to TSC. We have a go decision for a PoC. LFN to be contacted to be in the loop for infra on which Harbor could be installed. Harbor v2 will be used and all images for Frankfurt will be scanned.

Process for update was discussed (support for 1 release ba ck) and fixing vulnerability within 60 days period.

ongoing

To keep LFN in the loop for this PoC.

To make a SCA tools (Nexus-IQ and Whitesource) demo for Fabian.

REQ-376

Service Mesh progress

Slow but moving forward. Keyclock configuration job under migration. Automated deployment created for Cert and Cert Manager.

Service Mesh PoC plan

Phase 1: modify the code fro the components to provide possibility to use or not AAF.

Flow matrix: 

Still needs to be updated by some projects.

ongoingLast PTLs call updateongoing
REQ-323

Packages upgrades

Progress tracked:

  • SDC packages upgrade by Amir.
  • M2/M3 is August 6th
ongoingto be presented to PTLs

M2/M3 status updateSECCOM non finctional requirements leaders are requested to update their jiras for M2/M3 status update.


Whitesource and NEXUS-IQ SCA demo for FabianDemo with Whitesouce executed. For NEXUS-IQ access was not working, so ticket was opened to LFN support team and now access is reestablished.
Organize a session with Fabian for NEXUS-IQ demo - scheduled slot on 5th of August.

Extending Whitesource SCA scans to entire ONAP.For the moment CCSDK and AAI are scanned. Jessica from LFN was requested to extend scans to entire ONAP.


Last PTL's meeting (3rd of August) update

-REQ-323 - Upgrading packages, some of the projects are gdoing good job, but some are in the delay. ODL related projects wait for their upgrades, so delay expected

-REQ-351 - ONAP must complete update of the java language (from v8 -> v11) - > TSC to be warned, we are at risk! 4 projects do not have capacity (MSB, Modelling, Multicloud and possibly AA&I).

-REQ-373 - ONAP must complete update of the Python language (from 2.7 -> 3.8) - pretty good shape, support from Michal. 3 projects (SDC, DCAE and Logging (out of Guilin scope)).

-Flow matrix to be updated by remaining PTLs.



Free public updates for Java v8 doe personal use is December'20.

For a commercial use, it ended January'19. 




Slide to be prepared to warn TSC.




SECCOM elections

Waiting for Kenny to start election process 

ongoing



Honolulu SECCOM requirements

After Service Mesh PoC - new requirements might arrive.

Harbor requirement. In Harbor:

  • you can sign the image and you can share the key with an application that has an account to pull or to push the image
  • possibility to scan the image all the time and send warning

Harbor deployed in run time while Whitesource and Nexus-IQ during the development. 

Logs management

SIEM inegration

CII Badging - session planned on the PTLs call.

Licences in ONAPWaiting for TSC decision - feedback on impact provided by Krzysztof.ongoingREQ-377ONAP must implement IAM solutions

M1 scorecard to be provided by Fabian. 

ongoing









OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 4th OF AUGUST'20. 

Topics proposed:

  • Certificates management update – Krzysztof
  • Security Documentation – Harald



Recording

View file
name2020-08-04_SECCOM_week.mp4
height150

SECCOM presentation

View file
name2020-08-04 ONAP Security Meeting - AgendaAndMinutes.pptx
height150