Page History

We reviewed updated responses from CPS team and provided some comments.

• Security requirements were added by CPS team
• Architecture diagram is pretty old and should be updated. Reference link: London-R12 Architecture Diagram

• Please elaborate this statement: "Usernames and passwords are configurable by the clients via configuring the application .yml file".

  Expectation: passwords are not in yml file. The yml should point to user store (e.g. LDAP or K8s secrets). 

• Please add these statements to a new Security Assurance section just after: Configuration Persistence Service Project#CPSSECURITYREQUIREMENTS. 

  Also add statements that indicate how you protect your username and password configurations. (See other questions on hashing of secrets, use of crypto and permissions on files.)

Wrapping up the unmaintained repo task force – Amy: link

We wait till M4 for TSC presentation

https://logs.onap.org/onap-integration/weekly/onap-weekly-dt-oom-kohn/2023-02/25_04-42/

-CI/CD pipeline aspects - infrastructure ans security test cases to be further elaborated

-Objective is to identify opportunity for improvement to reduce risk of unwanted behavior and software build pipeline.

-Improve automated test coverage for Security tests at integration stage.

PTL meeting (March 13th)Unmaintained process review by Amy27th)

-New dates (1 week delay) for M3 (March 30th) and M4 (April 20th)

TSC meeting (March 9th23rd)

SBOM global implementation in ONAP

-Ticket was opened by Muddasar to LF IT - Signed SBOM implementation for all ONAP project at Global level (IT-25341)

DT ONAP Takeaways by Andreas

Requirements Subcommittee merged with Architecture Subcommittee

SECCOM MEETING CALL WILL BE HELD ON 4th April 2023. 

CPS Security updated questionnaire review by SECCOM - final round with CPS team.