-
Task
-
Resolution: Unresolved
-
High
-
None
-
None
As an alternative to
https://wiki.onap.org/display/SV/Security+Vulnerabilities+Home
Microsoft has turned on Vulnerability mails for all public github projects including ONAP - mails will be sent to the owners of the repos on pom.xml verification - started getting mails yesterday on my spring security issues - putting this out there as another avenue to CLM that we already have - not as good as nexus-iq yet though
https://help.github.com/articles/about-security-alerts-for-vulnerable-dependencies/
Canadian Security Intelligence Service(~like the CIA) and Communications Security Establishment Canada (~like the NSA)
use for example this malware information sharing platform
https://www.misp-project.org/features.html
https://www.circl.lu/doc/misp/
https://github.com/MISP
will post mail later today
20181025
Ran into the following public database http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753
2019-06-25
We first focus on benchmarking Nexus-IQ with Whitesoftware. CCSDK project is a volunteer for that. Waiting for a confirmation from Dan that he has an access to Whitesoftware.
- blocks
-
TSC-17 S3P Assessment prior Casablanca RC1
- Closed
-
TSC-59 CLM security page access for contributors and non-PTLs to work on nexus-iq issues
- Closed
- is blocked by
-
CIMAN-225 CLM nexus-iq server error 20181204:1100 EDT - [ONAP Helpdesk #65225]
- Done
- relates to
-
TSC-49 Grant access to nexus-iq for non-committer contributors
- Closed
-
TSC-45 Dublin Prioritization Criteria
- Closed
-
TSC-58 Dublin Toolchain Improvement
- Closed
-
TSC-29 Create a wiki page to collect Security SMEs to access CLM
- Closed
-
TSC-50 oparent CLM status must be managed daily to not block downstream project CLM work - for 20+ days
- Closed
-
TSC-75 CVE security governance of deployment undercloud (Docker, Kubernetes, Helm, Rancher) - propose new CLM job
- Closed