You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Current »

Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 12th of July 2022.

Jira No
SummaryDescriptionStatusSolution

Logging update based on Tata Communication

How ONAP is used in their production environment. They use logging aggregation (Logstash). There is collaboration oportunity for PoC.

Byung presented differences between generic ONAP and Tata Communication. They use syslog for metrics and Logstash for logs aggregation. We are not using sidecar while Tata is using it.

In our reference architecture we separate generation from aggregation. Removing Filebit implementation is for London release. 

Folo logging architecture there is no Best Practice yet. PoC shall be satisfying first.

ongoing

Bob to send information on Byung who are the key players.

Details to be discussed next week.


SBOM status updateOngoing escalation with Ranny, Jess close to complete SBOM with CPS


5G securitySecurity was not explicitly stated in ONAP but some features are part of the implementation.


Waiver Analysis

Waiver analysis was reviewed.

  • Testing components are never part of the release.
  • Upstream components will not be solved as well
  • For a code produced in ONAP we are in a very good position.
  • Have we moved to shared DBs?
  • To be checked with Buyng on shared DBs.
  • Why ESR is still showing up? It is not part of Jenkins jobs, so some cleaning is needed.

Pawel to check formatting for versions_xfail.txt and Jakarta - checked it is ok.

Specific tickets to be opened for projects.



Next LFN events

ONE Summit NARegistration Open

  • CFP - Deadline: July 8th; 2022
  • Nov. 15 & 16 2022 Seattle, WA, USA
  • In Person

LFN Developer & Testing Forum NARegistration Open

  • Nov. 17 & 18 2022 Seattle, WA, USA
  • In Person
  • Securiung software supply chain by LFN - new topic to be proposed

Proposals to be submitted.





David to be contacted and invited by Maggie to SECCOM meeting.


Update on Jakarta release

TSC approved the sign off of the Jakarta release on June 30th

Security tests results at 60%: https://logs.onap.org/onap-integration/daily/onap-daily-dt-oom-jakarta/2022-06/30_04-01/

https://wiki.onap.org/display/DW/Jakarta%3A++Lessons+Learned




SBOM status updateMuddasar contacted with several PTLs and waiting for their feedback.
We need LF IT support, GB was informed by Amy. We ned to run SBOM in the pipeline. Amy to talk to Kenny, Muddasar and Ranny.

Technical debt

Muddasar reviewed Jira tickets recently. Some PTLs are using TechnicalDebt tagging and some not at all. Grooming the tickets would be helpful.

Updating packages is technical debt for us.




OSA branchWE have not had any vulnerability raised within the process, so nothing to be added in OSA for Jakarta release.
Thomas to be contacted during unmaintained meeting on Monday.

Last SECCOM meeting link2022-06-28 Security Subcommittee Meeting Notes


DevOPS Pipelines IRS presentation

Youtube link disappears ;-(

https://www.cloudbees.com/customers/IRS




SECCOM MEETING CALL WILL BE HELD ON 19th OF July'22. 

Potentially session with David Wheeler on SBOM.

logging implementation discussion continuation.






Recording: 

SECCOM presentation:






  • No labels