2025-03-25 Security Minutes
- Rahul
Community Attendees:
@Byung-Woo Jun
@Tom Kivlin
@Phil Porras
@Prashant Mishra
@Gaurav Kumar
@Rahul Jadhav
Community Attendees:
LF Staff:
Agenda
Antitrust Policy
IaC Code scanning update
Updates from 5G SBP
Secrets manager integration update
Minutes
LFN Security & Quality TAC needs Nephio contribution (2025 Quality & Security Goals | Participants )
@Gaurav Kumar … reducing the noise from IaC report. Currently, severity is not reported in the context of failed checks by default. There are other approaches (output formats) that could be tried to get the severity. We are down to <50 issues from the report.
Next call we can have the discussion on the final report.
@Prashant Mishra : In case of multi-cluster deployments, we have an issue where the secrets injection cannot be handled outside of the cluster where vault is deployed. @Gaurav Kumar will share a possible solution.
Review/Update the user story for secrets manager (https://docs.google.com/document/d/1Ce_cR7afovjWsdECkV8kNbPreG5GirfJXP5IrSiABjg/edit?tab=t.0 )
Identify which apps can be targeted for using secrets manager and propose this to SIG Automation