=====================================================
#acumos-meeting: Validation and Security Team kickoff
=====================================================


Meeting started by bryan_att at 15:04:26 UTC.  The full logs are
available at
http://ircbot.wl.linuxfoundation.org/meetings/acumos-meeting/2018/acumos-meeting.2018-04-18-15.04.log.html
.



Meeting summary
---------------

* Aimee Ukasick  (aimeeu, 15:04:34)
* Roll Call  (bryan_att, 15:04:41)
  * Bryan Sullivan  (bryan_att, 15:04:46)
  * discussion about  which project the validation-security component
    should be part of  (aimeeu, 15:11:42)
  * discussion of end user experience for validation:  built into
    portal; but component could be used by  portal, on-boarding,
    federation  (aimeeu, 15:13:33)
  * ACTION: Bryan will document how the validation component works
    currently  (aimeeu, 15:14:41)
  * Bryan asks for help documenting how validation works  (aimeeu,
    15:15:09)
  * Byran shows portal admin - configure workflow screen, which allows
    admin to include validation  (aimeeu, 15:15:38)
  * Karrie notes that the functionality doesn't work quite right yet
    (aimeeu, 15:15:55)
  * Karrie notes that validation cannot be turned on via the Portal
    admin; it should be one already  (aimeeu, 15:17:05)
  * Bryan notes that even though the validation containers are running,
    there are no logs being generated so maybe it's not being called
    (aimeeu, 15:19:00)
  * Karrie summarizes the vision of how validation should be configured
    using the portal admin - configure workflows screen  (aimeeu,
    15:19:59)
  * meeting attendees: Aimee Ukasick, Bryan Sullivan, Chris Lott, Karrie
    Hanson, Larry Uno, Mukesh Mantan, Nat Subramanian, Parichay
    (aimeeu, 15:23:16)
  * Bryan talks about goals for security scanning as outlined on #link
    https://wiki.acumos.org/display/AC/Security+Scanning  (aimeeu,
    15:24:16)
  * Bryan: use of third party tools may be needed  (aimeeu, 15:24:46)
  * Ken Kristiansen  (aimeeu, 15:25:12)
  * Bryan: content of models should be scanned for vulnerabilities
    (aimeeu, 15:26:33)
  * discussion of least privilege regarding deployment of model
    microservices  (aimeeu, 15:33:01)
  * validation architecture should support "plug n play" of third party
    tools  (aimeeu, 15:39:58)
  * find tools to scan containers in nexus  (aimeeu, 15:46:18)
  * Aimee: 3 things to do 1) scheduled or triggered scanning of nexus
    using a 3rd party tool for Developer challenge in May; 2) define use
    cases and architecture for integrating scanning into the platform
    (validation component); 3)  long term planning  on whether to force
    source code to be uploaded  (aimeeu, 15:53:30)
  * third party tools: Fossology, OpenSCAP, OpenVAS, Clair  (aimeeu,
    15:55:08)
  * Devendra Sen  (aimeeu, 15:56:05)



Meeting ended at 15:56:53 UTC.



People present (lines said)
---------------------------

* aimeeu (24)
* bryan_att (4)
* collabot` (3)
* Nat (2)



Generated by `MeetBot`_ 0.1.4