2022-06-14 - ONAP: SECCOM Kohn release security goals
Topic Leader(s)
@Pawel Pawlak
@Amy Zwarico
@Muddasar Ahmed
@Robert Heinemann
@Tony Hansen
@Byung-Woo Jun
@rouzaut
Topic Description
Sharing ONAP SECCOM goals for Kohn release:
Global Requirements and Best Practices
Security PoCs:
security log fields
logging req
code quality
service mesh
SBOM enablement and maintenance, and packaging
Waiver policy update
On the road to gold badging
Reducing technical debt
Container signing
Container scanning
5Y project review
Removing unmaintained code
Topic Overview
Sharing ONAP SECCOM security goals for incoming ONAP Kohn release and collecting feedback from ONAP community.
Slides & Recording
YouTube
Live Interactive Session
LFN Staff may elect to publish some videos to YouTube. Please indicate here if you do not want your session to be published to YouTube.
Live Session to be recorded for YouTube
Recording:
Agenda
Global Requirements and Best Practices
Security PoCs:
security log fields
logging req
code quality
service mesh
SBOM enablement and maintenance, and packaging
Waiver policy update
On the road to gold badging
Reducing technical debt
Container signing
Container scanning
5Y project review
Removing unmaintained code
Minutes
Review of current Global Requirements/Best Practices/Waivers
SBOM (also discussed in previous session)
Container Signing Notary vs Cosign - Cosign is supported by the LF
5Y Project Review
Path to remove 'Unmaintained Code'