/
2024-10-01 Meeting notes

2024-10-01 Meeting notes

 Date

Oct 1, 2024

 Participants

  • @Rahul

  • @Byung-Woo Jun

  • @Tom Kivlin

 Goals

  •  

 Discussion topics

Time

Item

Presenter

Notes

Time

Item

Presenter

Notes

 

checkov findings triage

@ved ratan

  • Identify unique findings across multiple catalogs and check which findings are applicable on code that is natively written in Nephio and target those first.

  • @Byung-Woo Jun - Jessica Gonzalez (@Jessica Gonzalez) initiated/tested the checkov-based IaC Scanning against the ONAP CPS project. Now, she is looking for baselines/policies/best practices how to digest scanning outcome. See the first test result, https://github.com/onap/cps/actions/runs/11040721512/job/30669364326

  • @Rahul provided a set of requirements for Nephio IaC scanning,

    • [P0] Scan k8s manifests, terraform, dockerfiles for findings

    • [P0] Should be able to create baseline and ignore findings in the base-charts (prerequisites)

    • [P1] Should be possible to find unique findings across multiple files

    • [P0] Should be possible to periodically report the findings to the SIG-Automation

    • [P0] Fail the PR if the changes causes a deviation in the baseline

  • @ved ratan , please share your insight. I plan to discuss the best practices with ONAP SECCOM and will share its outcome.



Workload Identity PR update

@Prashant



 

 

 

 

 Action items

 Decisions