Security Best Practices

Share your community's best practices that might be applicable to other projects.

Documentation

CI/CD best practices

Automating rejection of insecure merges (planned PoC in ONAP)

Software Bill Of Materials (SBOM)

ONAP work - https://wiki.onap.org/display/DW/Software+Bill+of+Materials
ONAP presentation - SBOM_DBOM.pptx
Scripts for automated SBOM generation by Maven - <placeholder>

Architecture

Software packaging

How to secrete supply chain? signing and authentication. Are there common ways to package software in the LF? There are differences in tooling, that depend on things like the programming language. There may not be one tool that fits all.

How to test security (as part of CI/CD)?

How to manage dependencies?

Direct dependencies are simpler
Indirect dependencies may be more tricky
How to automate the mitigation?

Space shortcuts

Page tree