2022-06-14 - ONAP: SECCOM Kohn release security goals

Topic Leader(s)

  • @Pawel Pawlak

  • @Amy Zwarico

  • @Muddasar Ahmed

  • @Robert Heinemann

  • @Tony Hansen

  • @Byung-Woo Jun

  • @rouzaut

Topic Description

Sharing ONAP SECCOM goals for Kohn release:

  • Global Requirements and Best Practices

  • Security PoCs:

    • security log fields

    • logging req

    • code quality

    • service mesh

  • SBOM enablement and maintenance, and packaging

  • Waiver policy update

  • On the road to gold badging

  • Reducing technical debt

  • Container signing

  • Container scanning

  • 5Y project review

  • Removing unmaintained code

Topic Overview

Sharing ONAP SECCOM security goals for incoming ONAP Kohn release and collecting feedback from ONAP community.

Slides & Recording

YouTube

  • Live Interactive Session

LFN Staff may elect to publish some videos to YouTube.  Please indicate here if you do not want your session to be published to YouTube.

Live Session to be recorded for YouTube

Recording:

Agenda

  • Global Requirements and Best Practices

  • Security PoCs:

    • security log fields

    • logging req

    • code quality

    • service mesh

  • SBOM enablement and maintenance, and packaging

  • Waiver policy update

  • On the road to gold badging

  • Reducing technical debt

  • Container signing

  • Container scanning

  • 5Y project review

  • Removing unmaintained code

Minutes

  • Review of current Global Requirements/Best Practices/Waivers

  • Service Mesh POC

  • SBOM (also discussed in previous session)

  • Container Signing Notary vs Cosign - Cosign is supported by the LF

  • 5Y Project Review

  • Path to remove 'Unmaintained Code'

Action Items

Any ONAP project to participate to "Container Signing"- Present the concept to the next PTL call - June 20Th, 2022?
Path to remove 'Unmaintained Code' - Need to update the slide
Check Scancode.onap.eu for License dependency