Topic Leader(s)
Topic Description
Sharing ONAP SECCOM goals for Kohn release:
Topic Overview
Sharing ONAP SECCOM security goals for incoming ONAP Kohn release and collecting feedback from ONAP community.
Slides & Recording
YouTube
- Live Interactive Session
LFN Staff may elect to publish some videos to YouTube. Please indicate here if you do not want your session to be published to YouTube.
Live Session to be recorded for YouTube
Recording:
2022-dtf-ONAP SECCOM security goals for Kohn release_final.mp4
Agenda
- Global Requirements and Best Practices
- Security PoCs:
- security log fields
- logging req
- code quality
- service mesh
- SBOM enablement and maintenance, and packaging
- Waiver policy update
- On the road to gold badging
- Reducing technical debt
- Container signing
- Container scanning
- 5Y project review
- Removing unmaintained code
Minutes
- Review of current Global Requirements/Best Practices/Waivers
- Service Mesh POC
- SBOM (also discussed in previous session)
- Container Signing Notary vs Cosign - Cosign is supported by the LF
- 5Y Project Review
- Path to remove 'Unmaintained Code'
Action Items
- Lots of different wiki pages about ONAP Service Mesh - can we consolidate i.e. Service Mesh POC, ONAP on Service Mesh - Developer Wiki - Confluence, Service Mesh Risk, Analysis - Developer Wiki - Confluence (onap.org), Service Mesh - Developer Wiki - Confluence (onap.org), Service Mesh PoC plan - Developer Wiki - Confluence (onap.org)
- Any ONAP project to participate to "Container Signing"- Present the concept to the next PTL call - June 20Th, 2022?
- Path to remove 'Unmaintained Code' - Need to update the slide
- Check Scancode.onap.eu for License dependency