Versions Compared

Old Version 2

changes.mady.by.user Amy Zwarico

Saved on

compared with

New Version Current

changes.mady.by.user Pawel Pawlak

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Jira No
SummaryDescriptionStatusSolutionONAP security review questionnaire

We went through first iteration of ONAP security review questionnaire, DCAE - ONAP Security Review Questionnaire Template

DL-Admin - name of DCAE repository.

General comment: answers are reasonable. 

Difficult to provide a grade, so we move the score filed into SECCOM Feedback/Recommendations as actionable item. 

Jiras to be created for every project to close issues in SonarCloud with description of what needs to be done - this could be part of the template as well.

Link to the ONAP security requirements: ONAP Security Requirements

ongoing

We are to provide feedback proposal in the questionnaire by next SECCOM -December 13th.

Tony to open a ticket to LF IT on license expiration for Toggle Cloack and Cloack plugins (used for an additional description under "+" mark. - done IT-24912 - SOLVED

Projects in OOM and HELM for removal

APPC, VID, Portal - decision needs to be taken to drop those projects from OOM.startedSlot to be booked at the incoming TSC meeting to get decision on removal.

TSC meeting (8th December)

  • ONAP consumers requested to provide their feedback
  • TSC approved the creation of the Portal NG as a new ONAP project
  • Commiters from DCAE, AAI and OOF were asked by David to fulfill Release Management tasks while there is no PTL in the project.
  • TSC approved removal of OOM helm charts for appc and vid
  • Vijay was asked to provide his feedback



PTL meeting (5th December)

  • CPS as next project for ONAP security review questionnaire



Weekly scanning reportIntegration tests
  • Weekly scans re-enabled with Michal’s support:

With latest weekly scans

https://logs.onap.org/onap-integration/weekly/onap-weekly-dt-oom-kohn/2022-11/28_09-30/

  • Daily scans:
https://logs.onap.org/onap-integration/daily/onap-daily-dt-oom-kohn/2022-12/06_03-37/noticed that srimzi-zk-entrance is indicated as having some old Java.


SCA - Automated NEXUS-IQ scans and recommendations for packages upgrades for London release 

Restricted Wiki ready to be consulted for PTLs for London release - thank you Amy!

AAI – 2 items missing proposed release

  • Groovy – 3.0.7
  • Spring-boot – 2.5.14

Amy to check with the team.

Unmaintained projects 

LFX insights v2, get rid of old repos, it does not make sense to run jobs for repos that are not going to be fixed.


PTLs to be asked to remove Jenkins jobs that are not needed anymore.

ONAP security review questionnaire

Review provided by Muddasar and Amy – Thank you!

Some details in few responses are missing. Some equestions could be expanded into multiple questions (Assurance related).

ongoing

Muddasar to provide proposals for questions improvements.

Amy to share the link with ONAP SECCOM security requirements - done: ONAP Security Requirements

SNMP version used in DCAE to be asked to Vijay

TSC meeting (1st December)

-TSC Chair voting process completed – Pawel elected as new Chair

-ONAP consumers requested to provide their feedback

PTL meeting (5th December)

-ONAP Kohn release voted by TSC as ready to release

Portal PoC proposal by DT

The process I found on the Wiki: https://wiki.onap.org/display/DW/Project+Proposal+Process+Overview I see that Georg prepared the proposal inline with this process: https://wiki.onap.org/display/DW/PortalNG+Project+Proposal

PoC for NG Portal is approved by Archcom.

Byung and Chaker to provide clarification to Georg on Jira ticket as per Archicom

.


SECCOM MEETING CALL WILL BE HELD ON January 10th 2023. 







Recordings: 

2022-12-13_SECCOM_week.mp4


SECCOM presentation:

2022-12-13 ONAP Security Meeting - AgendaAndMinutes.pptx