15:04:26 <bryan_att> #startmeeting Validation and Security Team kickoff 15:04:26 <collabot`> Meeting started Wed Apr 18 15:04:26 2018 UTC. The chair is bryan_att. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:04:26 <collabot`> Useful Commands: #action #agreed #help #info #idea #link #topic. 15:04:26 <collabot`> The meeting name has been set to 'validation_and_security_team_kickoff' 15:04:34 <aimeeu> #info Aimee Ukasick 15:04:41 <bryan_att> #topic Roll Call 15:04:46 <bryan_att> #info Bryan Sullivan 15:09:19 <Nat> # Info Nat TechM 15:09:38 <Nat> # info 15:11:42 <aimeeu> #info discussion about which project the validation-security component should be part of 15:13:33 <aimeeu> #info discussion of end user experience for validation: built into portal; but component could be used by portal, on-boarding, federation 15:14:41 <aimeeu> #action Bryan will document how the validation component works currently 15:15:09 <aimeeu> #info Bryan asks for help documenting how validation works 15:15:38 <aimeeu> #info Byran shows portal admin - configure workflow screen, which allows admin to include validation 15:15:55 <aimeeu> #info Karrie notes that the functionality doesn't work quite right yet 15:17:05 <aimeeu> #info Karrie notes that validation cannot be turned on via the Portal admin; it should be one already 15:19:00 <aimeeu> #info Bryan notes that even though the validation containers are running, there are no logs being generated so maybe it's not being called 15:19:59 <aimeeu> #info Karrie summarizes the vision of how validation should be configured using the portal admin - configure workflows screen 15:23:16 <aimeeu> #info meeting attendees: Aimee Ukasick, Bryan Sullivan, Chris Lott, Karrie Hanson, Larry Uno, Mukesh Mantan, Nat Subramanian, Parichay 15:24:16 <aimeeu> #info Bryan talks about goals for security scanning as outlined on #link https://wiki.acumos.org/display/AC/Security+Scanning 15:24:46 <aimeeu> #info Bryan: use of third party tools may be needed 15:25:12 <aimeeu> #info Ken Kristiansen 15:26:33 <aimeeu> #info Bryan: content of models should be scanned for vulnerabilities 15:33:01 <aimeeu> #info discussion of least privilege regarding deployment of model microservices 15:39:58 <aimeeu> #info validation architecture should support "plug n play" of third party tools 15:45:57 <aimeeu> #discussion should focus on a short-term plan 15:46:18 <aimeeu> #info find tools to scan containers in nexus 15:53:30 <aimeeu> #info Aimee: 3 things to do 1) scheduled or triggered scanning of nexus using a 3rd party tool for Developer challenge in May; 2) define use cases and architecture for integrating scanning into the platform (validation component); 3) long term planning on whether to force source code to be uploaded 15:55:08 <aimeeu> #info third party tools: Fossology, OpenSCAP, OpenVAS, Clair 15:56:05 <aimeeu> #info Devendra Sen 15:56:09 <aimeeu> #endmeeting 15:56:46 <aimeeu> #endmeeting 15:56:53 <bryan_att> #endmeeting