Topic Leader(s)
Topic Description
Excerpt |
---|
Sharing ONAP SECCOM goals for Kohn release:
|
Topic Overview
Sharing ONAP SECCOM security goals for incoming ONAP Kohn release and collecting feedback from ONAP community.
Slides & Recording
Info | ||
---|---|---|
| ||
LFN Staff may elect to publish some videos to YouTube. Please indicate here if you do not want your session to be published to YouTube. |
Live Session to be recorded for YouTube
Recording:
View file | ||||
---|---|---|---|---|
|
Agenda
- Global Requirements and Best Practices
- Security PoCs:
- security log fields
- logging req
- code quality
- service mesh
- SBOM enablement and maintenance, and packaging
- Waiver policy update
- On the road to gold badging
- Reducing technical debt
- Container signing
- Container scanning
- 5Y project review
- Removing unmaintained codeSummary
Minutes
- Review of current Global Requirements/Best Practices/Waivers
- Service Mesh POC
- SBOM (also discussed in previous session)
- Container Signing Notary vs Cosign - Cosign is supported by the LF
- 5Y Project Review
- Path to remove 'Unmaintained Code'
Action Items
- Lots of different wiki pages about ONAP Service Mesh - can we consolidate i.e. Service Mesh POC, ONAP on Service Mesh - Developer Wiki - Confluence, Service Mesh Risk, Analysis - Developer Wiki - Confluence (onap.org), Service Mesh - Developer Wiki - Confluence (onap.org), Service Mesh PoC plan - Developer Wiki - Confluence (onap.org)
- Any ONAP project to participate to "Container Signing"- Present the concept to the next PTL call - June 20Th, 2022?
- Path to remove 'Unmaintained Code' - Need to update the slide
- Check Scancode.onap.eu for License dependency
...