Agenda

Antitrust Policy

• Action Items Review

• OSSF for porch repo/project

  • Scorecard - https://github.com/nephio-project/porch/security/code-scanning?query=is%3Aopen+branch%3Amain+tool%3AScorecard

  • Badge in progress - https://www.bestpractices.dev/en/projects?q=porch

• Sonar for nephio & porch repos?

  • https://jira.linuxfoundation.org/plugins/servlet/desk/portal/2/IT-27825

Minutes

Topic 1

• CommentsProposed use of Sonarqube for Porch.. We may need to check with LFN whether we can use the Sonarqube Cloud (and more importantly who pays for it). Jira ticket already created.

• oss-fuzz as an action item? maybe we can consider porch for oss-fuzz.

Action items

•  OSSF for porch is handled. We may need to handle this for other repos as well.
•  LFX Insights… Reach out to LFIT team Rahul Jadhav
•  Rahul Jadhav list all the relevant repos for whom we need to handle security best practices from nephio-project GH org.
•  oss-fuzz for porch?