Agenda

Antitrust Policy

• IaC Code scanning update

• Updates from 5G SBP

• Secrets manager integration update

•  

Minutes

• LFN Security & Quality TAC needs Nephio contribution (https://lf-networking.atlassian.net/wiki/spaces/LN/pages/177995779/2025+Quality+Security+Goals#Participants )

• @Gaurav Kumar … reducing the noise from IaC report. Currently, severity is not reported in the context of failed checks by default. There are other approaches (output formats) that could be tried to get the severity. We are down to <50 issues from the report.

  • Next call we can have the discussion on the final report.

• @Prashant Mishra : In case of multi-cluster deployments, we have an issue where the secrets injection cannot be handled outside of the cluster where vault is deployed. @Gaurav Kumar will share a possible solution.

  • Review/Update the user story for secrets manager (https://docs.google.com/document/d/1Ce_cR7afovjWsdECkV8kNbPreG5GirfJXP5IrSiABjg/edit?tab=t.0 )

  • Identify which apps can be targeted for using secrets manager and propose this to SIG Automation

Action items