Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Time

Item

Presenter

Notes

checkov findings triage

ved ratan

  • Identify unique findings across multiple catalogs and check which findings are applicable on code that is natively written in Nephio and target those first.

  • Byung-Woo Jun - Jessica Gonzalez (Jessica Gonzalez) initiated/tested the checkov-based IaC Scanning against the ONAP CPS project. Now, she is looking for baselines/policies/best practices how to digest scanning outcome. See the first test result, https://github.com/onap/cps/actions/runs/11040721512/job/30669364326

  • Rahul provided a set of requirements for Nephio IaC scanning,

    • [P0] Scan k8s manifests, terraform, dockerfiles for findings

    • [P0] Should be able to create baseline and ignore findings in the base-charts (prerequisites)

    • [P1] Should be possible to find unique findings across multiple files

    • [P0] Should be possible to periodically report the findings to the SIG-Automation

    • [P0] Fail the PR if the changes causes a deviation in the baseline

  • ved ratan , please share your insight. I plan to discuss the best practices with ONAP SECCOM and will share its outcome.


Workload Identity PR update

Prashant


...