/

2025-06-24 SIG Security Minutes

2025-06-24 SIG Security Minutes

Community Attendees:

@Prashant Mishra

@Francois Duthilleul

@Fiachra Corcoran

@Rahul Jadhav

Community Attendees:

LF Staff:

Agenda

Antitrust Policy

Action Items Review
Secrets Manager Next steps
Fiachra: Requirement for getting package list

Minutes

Secret Manager

@Prashant Mishra to upload the Secrets Manager documents to the Documentation section
Workload-Identity-Setup-with-Nephio
Guide:-Using-Red-Hat-COP-Vault-Config-Operator-with-SPIFFE-Integration
Prepare towards a demo with SIG-Automation

Checkov scanning

The PR can’t be merged right now since we do not have a consensus on how to maintain the baseline.

Nephio Component List (issue raised by Fiachra)

Fiachra checked whether there is any way of getting/publishing the Nephio component list alongwith the release.
This is not the same as SBOM.
Currently a script is used to skim through the catalog repo and get the component list.
This needs to be discussed with the SIG-Automation

Action items

@Prashant Mishra to upload the secrets manager demo setup documents to the SIG-Security Docs section

security-minutes