#acumos-meeting log

15:04:26 <bryan_att> #startmeeting Validation and Security Team kickoff
15:04:26 <collabot`> Meeting started Wed Apr 18 15:04:26 2018 UTC.  The chair is bryan_att. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:04:26 <collabot`> Useful Commands: #action #agreed #help #info #idea #link #topic.
15:04:26 <collabot`> The meeting name has been set to 'validation_and_security_team_kickoff'
15:04:34 <aimeeu> #info Aimee Ukasick
15:04:41 <bryan_att> #topic Roll Call
15:04:46 <bryan_att> #info Bryan Sullivan
15:09:19 <Nat> # Info Nat TechM
15:09:38 <Nat> # info
15:11:42 <aimeeu> #info discussion about  which project the validation-security component  should be part of
15:13:33 <aimeeu> #info discussion of end user experience for validation:  built into portal; but component could be used by  portal, on-boarding, federation
15:14:41 <aimeeu> #action Bryan will document how the validation component works currently
15:15:09 <aimeeu> #info Bryan asks for help documenting how validation works
15:15:38 <aimeeu> #info Byran shows portal admin - configure workflow screen, which allows admin to include validation
15:15:55 <aimeeu> #info Karrie notes that the functionality doesn't work quite right yet
15:17:05 <aimeeu> #info Karrie notes that validation cannot be turned on via the Portal admin; it should be one already
15:19:00 <aimeeu> #info Bryan notes that even though the validation containers are running, there are no logs being generated so maybe it's not being called
15:19:59 <aimeeu> #info Karrie summarizes the vision of how validation should be configured using the portal admin - configure workflows screen
15:23:16 <aimeeu> #info meeting attendees: Aimee Ukasick, Bryan Sullivan, Chris Lott, Karrie Hanson, Larry Uno, Mukesh Mantan, Nat Subramanian, Parichay
15:24:16 <aimeeu> #info Bryan talks about goals for security scanning as outlined on #link https://wiki.acumos.org/display/AC/Security+Scanning
15:24:46 <aimeeu> #info Bryan: use of third party tools may be needed
15:25:12 <aimeeu> #info Ken Kristiansen
15:26:33 <aimeeu> #info Bryan: content of models should be scanned for vulnerabilities
15:33:01 <aimeeu> #info discussion of least privilege regarding deployment of model microservices
15:39:58 <aimeeu> #info validation architecture should support "plug n play" of third party tools
15:45:57 <aimeeu> #discussion should focus on a short-term plan
15:46:18 <aimeeu> #info find tools to scan containers in nexus
15:53:30 <aimeeu> #info Aimee: 3 things to do 1) scheduled or triggered scanning of nexus using a 3rd party tool for Developer challenge in May; 2) define use cases and architecture for integrating scanning into the platform (validation component); 3)  long term planning  on whether to force  source code to be uploaded
15:55:08 <aimeeu> #info third party tools: Fossology, OpenSCAP, OpenVAS, Clair
15:56:05 <aimeeu> #info Devendra Sen
15:56:09 <aimeeu> #endmeeting
15:56:46 <aimeeu> #endmeeting
15:56:53 <bryan_att> #endmeeting