-
Task
-
Resolution: Unresolved
-
High
-
None
-
None
As an alternative to
https://wiki.onap.org/display/SV/Security+Vulnerabilities+Home
Microsoft has turned on Vulnerability mails for all public github projects including ONAP - mails will be sent to the owners of the repos on pom.xml verification - started getting mails yesterday on my spring security issues - putting this out there as another avenue to CLM that we already have - not as good as nexus-iq yet though
https://help.github.com/articles/about-security-alerts-for-vulnerable-dependencies/
Canadian Security Intelligence Service(~like the CIA) and Communications Security Establishment Canada (~like the NSA)
use for example this malware information sharing platform
https://www.misp-project.org/features.html
https://www.circl.lu/doc/misp/
https://github.com/MISP
will post mail later today
20181025
Ran into the following public database http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753
2019-06-25
We first focus on benchmarking Nexus-IQ with Whitesoftware. CCSDK project is a volunteer for that. Waiting for a confirmation from Dan that he has an access to Whitesoftware.
- blocks
-
-
- Closed
-
-
-
- Closed
-
- is blocked by
-
CIMAN-225 CLM nexus-iq server error 20181204:1100 EDT - [ONAP Helpdesk #65225]
-
- Done
-
- relates to
-
TSC-49
Grant access to nexus-iq for non-committer contributors
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
TSC-75
CVE security governance of deployment undercloud (Docker, Kubernetes, Helm, Rancher) - propose new CLM job
-
- Closed
-