Versions Compared

Old Version 1

changes.mady.by.user Pawel Pawlak

Saved on

compared with

New Version Current

changes.mady.by.user Pawel Pawlak

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Jira No
SummaryDescriptionStatusSolution

M2/M3 status updateSECCOM non finctional requirements leaders are requested to update their jiras for - all projectes passed M2/M3 status updategate.


Whitesource and NEXUS-IQ SCA demo for FabianDemo with Whitesouce executed. For NEXUS-IQ access was not working, so ticket was opened to LFN support team and now access is reestablished.Organize a session with Fabian for NEXUS-IQ demo - scheduled slot on 5th of August.Extending Whitesource SCA scans to entire ONAP.For the moment CCSDK and AAI are scanned. Jessica from LFN was requested to extend scans to entire ONAP.executed. Waiting for Harbor feedback once established.

Last PTL's meeting (3rd 10th of August) update

-REQ-323 - Upgrading packages, some of the projects are gdoing good job, but some are in the delay. ODL related projects wait for their upgrades, so delay expected

-REQ-351 - ONAP must complete update of the java language (from v8 -> v11) - > TSC to be warned, we are at risk! 4 projects do not have capacity (MSB, Modelling, Multicloud and possibly AA&I).

-REQ-373 - ONAP must complete update of the Python language (from 2.7 -> 3.8) - pretty good shape, support from Michal. 3 projects (SDC, DCAE and Logging (out of Guilin scope)).

-Flow matrix to be updated by remaining PTLs.

Free public updates for Java v8 doe personal use is December'20.

For a commercial use, it ended January'19. 

376  - Flow matrix to be updated by remaining PTL – Fabian

-REQ-350 CII Badging - Tony

  • Tony updated description part
  • List of the projects who have not responded yet 


ongoing



During next PTL meeting identify next projects.

Fabian will be off for the next 2 weeks - proxy to be identified.


TSC meeting outputs 

Most of the meeting was focussed on tracking M2/M3 status.

Amy has an action item on how many projects are still dependent on Java 8.

Removal of GPLv3 license - to be removed from all containers that contain ONAP codeSlide to be prepared to warn TSC.




SECCOM elections

Waiting for Kenny to start election process 

ongoing



Honolulu SECCOM requirements

Reminder from the previous discussion:

After Service Mesh PoC - new requirements might arrive.

Harbor requirement. In Harbor:

  • you can sign the image and you can share the key with an application that has an account to pull or to push the image
  • possibility to scan the image all the time and send warning

Harbor deployed in run time while Whitesource and Nexus-IQ during the development. 

Logs management (SECCOM discussion on 17th of March)

SIEM integration: 

  • integration like for the other applications with SIEM, have the same protocol used
SIEM inegration
  • logs from ONAP to SIEM, falco tool to be considered (IDS for Kubernetes)
  • alarms when security issue 

CII Badging - session planned on the PTLs call.











Action: to work on non functional use case requirement for logs collection - important for project maturity.


Service Mesh updteFabian is working on authorization of how to deploy and manage connectivity between the apps.


Java v8

Data collection for projects currently using Java 8 - e-mail was sent by Amy to Morgan if possible to obtain results. 

Dependency on Java to be tracked. 

waiting for a feedback.

Package upgrade update to PTL meeting As Pierre will be not available, Amir could present to PTLs.


OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 18th OF AUGUST'20. 

Topics proposed:

  • Certificates management update – Krzysztof
  • Security Documentation – Harald



Recording

View file
name2020-08-11_SECCOM_week.mp4
height150

SECCOM presentation

View file
name2020-08-04 11 ONAP Security Meeting - AgendaAndMinutes.pptx
height150

...