Software Bill of Materials (SBOMs) help in improving software development, supply chain management, vulnerability management, asset management, procurement, and high assurance processes.
There are several benefits of creating and using SBOM include reducing cost, security risk, license risk, and compliance risk.
SBOMs available formats were reviewed with an explanation of selected SPDX as ISO standard for an ONAP SO pilot and real ONAP SBOM generation in LFN CI pipeline.
Adding SBOM capability in the pipeline has no roadblocks, call for action was to implement it sooner as it does not require a lot of efforts on project teams.
Reviewed changes to release process approved by TSC last spring and rolled out in Istanbul. General agreement that changes were useful.
Reviewed Istanbul lessons learned and discussed actions for each item. Ran out of time for the last few items, so we will plan time during the PTL meeting to finish up.
Reviewed the essential problem statement of Telcos wanting to leverage cloud infrastructure and capabilities but needing the flexibility, choice to be able to support multiple cloud environments
Support public, private and hybrid
Consensus that many solution providers were seeking to create Single Pane of Glass management solutions but without some common requirements, specifications and perhaps APIs, this could lead to more chaos
Consensus that it seem to be appropriate for ANuket to consider adding requirements in this area.
Bob Monkman also suggested collaboration with EMCO, which is a multi cluster orchestration sister project in LFN, could be beneficial in conjunction with such specification work.