/
2025-03-11 Security Minutes

2025-03-11 Security Minutes

Owned by Rahul
Last updated: Mar 11, 2025 by Byung-Woo Jun
1 min read

 

Community Attendees:

@Byung-Woo Jun

@Tom Kivlin

@Gaurav Kumar

@Rahul Jadhav

Community Attendees:

LF Staff:

Agenda

Antitrust Policy

  • Action Items Review

  • UNH is currently focussed on creating blueprints for 5G workloads only

  • Using Sonarqube for SAST scanning, Nexus-IQ (trivy, clair) for image scanning

    • @Byung-Woo Jun , this is confirmation from Amy Zwarico (ATT)

      • Has it been integrated with ONAP’s CI/CD pipeline so that scanning  is performed automatically and periodically? Yes

        How often is the software scanned? every weekend

        Did we write any scripts to run it, or is it part of ONAP CI/CD? It is part of the ONAP CI/CD process and handled by the LFIT

  • @Gaurav Kumar went through checkov … trying to deploy

    • Scan nephio repo using checkov

    • Prioritizing the findings

    • Fixing code based on findings

    • Creating a baseline

    • Creating a prow job

  • OpenSSF Badging work for Porch (Fiachra Corcoran)

Minutes

 

Topic 1

  • Comments

Action items

Related content