2025-04-29 SIG Security Minutes
Community Attendees:
@Byung-Woo Jun
@Prashant Mishra
@Francois Duthilleul
@Phil Porras
@Rahul Jadhav
Community Attendees:
LF Staff:
Agenda
Antitrust Policy
Action Items Review
Next steps for Secrets Manager
Next steps for IaC scan
Nephio DockerHub Container Image scanning
Minutes
Secrets Management …. Quick snapshot of where we stand …
SIG-Security has been trying hard to decouple the actual vault implementation (Hashicorp, OpenBao, Conjur, etc) from the Nephio implementation.
One of the challenge is that there do not exists (atleast we do not know of any) a common tool that can operate on a general secrets/identity based k8s resource model and provide a way for secrets access. One of the requirement would be for this implementation to support SPIFFE based Identity.
ESM based implementation was discussed but it is not clear if the implementation can be used for this purpose.
Container Image scanning was discussed and the LF ticket was closed due to LF team requiring admin/owner permission to the Nephio Dockerhub account. @Rahul Jadhav to followup with the SIG-Automation on slack.
@Byung-Woo Jun After discussion with Amy, we concluded the Nephio team should grant access permissions to the LF IT team for image scanning.
Topic 1
Comments