Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 28th of September 2021.

Jira No
SummaryDescriptionStatusSolution

TSC update
  • SECCOM contribution to ONAP quality increase appreciated!!!
  • THANK YOU for all the contributions.
ongoing

OOM-2734 - Getting issue details... STATUS

DCAE update

  • Requirement to support by DCAE registry for HELM charts. Chartmuseum is maintained by Chart team.
  • 3 types of authentication supported.
  • Proposal is to restrict the client's list, once they have user names and passwords only ones who have to update/delete charts limits writing and access considerable just for those particular clients. → separate sidecar that can do client authentication
  • FW to be used to limit the access for reading to strictly ONAP applications.
  • mTLS could be a solution for read - Tony passed this idea to right people, mTLS would have to be supported on both sides (DCAE subproject and Chartmuseum). 
  • Would service Mesh simplify authentication?
  • More readers expected in the future for things in the repository
ongoingmTLS to be further elaborated

Jakarta proposed dates

Global Requirements/Best Practice deadline for submission: 2nd of December by SECCOM:

  • [REQ-xxx] SECURITY LOGS MANAGEMENT
  • [REQ-xxx] Feature intake template
  • [REQ-xxx] Using basic image from OOM
  • [REQ-xxx] Software BOMs
ongoing

Last PTL meeting

Portal and VID dependencies (i.e., portal, portal-sdk & vid repos):

Portal -> SDC UI (user authentication) -> Other projects are dependent on SDC (e.g., CLAMP GUI)

VID to be removed , portal SDK as well.

Projects unmaintained shall have their repos excluded from scans.

EoL/EoS nomenclature could be used, open source communities do not maintain older versions, but encouraging to use latest greatest.

ongoing








SCA automation efforts

We are xploring automation capabilities for moving data from Nexus-IQ to Wiki.strated

New Best practice for Jakarta release – new req to be open for Security logging

Set of questions prepared by Bob, to be addressed.

Sidecar for logging - to be further decided by TSC who is going to maintain it.

ongoingPTLs meeting to be used for collecting info on logging capabilities per project.

Feature intake template

Muddasar did not find prove of tracking the feature after its approval.

ongoing

To reach out PTLs on what could be the best way to tackle Jira template.

Muddasar will propose some initial template, contributions are welcome.

Muddasar will also reach out Alla as a follow up, feedback from testers might be also valuable.


OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 5th OF OCTOBER'21. 
  • Angular experience on dependencies (Amy’s team)
  • CADI and AAF replacement (Byung)



Recording: 

SECCOM presentation:


  • No labels