#acumos-meeting: Validation and Security Team kickoff

Meeting started by bryan_att at 15:04:26 UTC (full logs).

Meeting summary

    1. Aimee Ukasick (aimeeu, 15:04:34)

  2. Roll Call (bryan_att, 15:04:41)
    1. Bryan Sullivan (bryan_att, 15:04:46)
    2. discussion about which project the validation-security component should be part of (aimeeu, 15:11:42)
    3. discussion of end user experience for validation: built into portal; but component could be used by portal, on-boarding, federation (aimeeu, 15:13:33)
    4. ACTION: Bryan will document how the validation component works currently (aimeeu, 15:14:41)
    5. Bryan asks for help documenting how validation works (aimeeu, 15:15:09)
    6. Byran shows portal admin - configure workflow screen, which allows admin to include validation (aimeeu, 15:15:38)
    7. Karrie notes that the functionality doesn't work quite right yet (aimeeu, 15:15:55)
    8. Karrie notes that validation cannot be turned on via the Portal admin; it should be one already (aimeeu, 15:17:05)
    9. Bryan notes that even though the validation containers are running, there are no logs being generated so maybe it's not being called (aimeeu, 15:19:00)
    10. Karrie summarizes the vision of how validation should be configured using the portal admin - configure workflows screen (aimeeu, 15:19:59)
    11. meeting attendees: Aimee Ukasick, Bryan Sullivan, Chris Lott, Karrie Hanson, Larry Uno, Mukesh Mantan, Nat Subramanian, Parichay (aimeeu, 15:23:16)
    12. Bryan talks about goals for security scanning as outlined on #link https://wiki.acumos.org/display/AC/Security+Scanning (aimeeu, 15:24:16)
    13. Bryan: use of third party tools may be needed (aimeeu, 15:24:46)
    14. Ken Kristiansen (aimeeu, 15:25:12)
    15. Bryan: content of models should be scanned for vulnerabilities (aimeeu, 15:26:33)
    16. discussion of least privilege regarding deployment of model microservices (aimeeu, 15:33:01)
    17. validation architecture should support "plug n play" of third party tools (aimeeu, 15:39:58)
    18. find tools to scan containers in nexus (aimeeu, 15:46:18)
    19. Aimee: 3 things to do 1) scheduled or triggered scanning of nexus using a 3rd party tool for Developer challenge in May; 2) define use cases and architecture for integrating scanning into the platform (validation component); 3) long term planning on whether to force source code to be uploaded (aimeeu, 15:53:30)
    20. third party tools: Fossology, OpenSCAP, OpenVAS, Clair (aimeeu, 15:55:08)
    21. Devendra Sen (aimeeu, 15:56:05)


Meeting ended at 15:56:53 UTC (full logs).

Action items

  1. Bryan will document how the validation component works currently


People present (lines said)

  1. aimeeu (24)
  2. bryan_att (4)
  3. collabot` (3)
  4. Nat (2)


Generated by MeetBot 0.1.4.