-
Story
-
Resolution: Unresolved
-
High
-
None
-
None
Security be design is forming as a TSC requirement, but it needs to be created into a proposal. See TSC-52
“Security by Design” – Re-enforce the awareness at each milestone of a release starting with M1. So PTLs are already reporting on their remaining vulnerabilities/security issues.
Note it is not only about issues detected by tools but also key security requirements
• Security scan on ONAP code (coverity, bandit)
• Replacement of Unsecured 1/3 party libraries
TSC Task Force: Stephen Terrill and the Security Subcommittee
Suggestions:
- Ensure that when a library is first used by a project that a scan of the vulnerability is done and see what could be done about it. Alternatives; ..
- Gatejobs - to execute the test, check vulnerabilities, ....
SECCOM: 2018-12-19
------------
–
SECCOM 2018-11-05
walked through https://wiki.onap.org/download/attachments/45309376/2018-12-05%20Security%20by%20design.pptx?api=v2 cand got feedback
SECCOM 2018-12-19
Review proposed security deliverables documented in Release Checklists
2019-02-13 TSC Chair Email to SECCOM and PTLS
Dear SECCOM, PTLs,
I would like to inform you that 72+% of our ONAP TSC already voted positively to integrate v13 of Security checklist proposal
As a result, I have updated the following templates
M2 - https://wiki.onap.org/display/DW/Deliverables+for+Functionality+Freeze+Milestone+Checklist+Template
M3 - https://wiki.onap.org/display/DW/Deliverables+for+API+Freeze+Milestone+Checklist+Template
M4 - https://wiki.onap.org/display/DW/Deliverable+for+Code+Freeze+Milestone+Checklist+Template
Best regards
Catherine
- relates to
-
CIMAN-260 Add Jenkins job for static code analysis by Coverity Scan service
- In Progress