#opnfv-sec log

14:11:52 <lhinds> #startmeeting security group
14:11:52 <collabot`> Meeting started Wed Nov 23 14:11:52 2016 UTC.  The chair is lhinds. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:11:52 <collabot`> Useful Commands: #action #agreed #help #info #idea #link #topic.
14:11:52 <collabot`> The meeting name has been set to 'security_group'
14:12:04 <lhinds> #topic CI Badge
14:12:16 <Sona> How can we make sure that D-release is still CII compliant
14:13:01 <lhinds> We would need to run all the checks again I guess
14:13:26 <Sona> we discussed having scripts which checks this automatically but I am not sure if anything has been done
14:13:30 <Sona> ok
14:13:46 <Sona> I was thinking to start to have a look at this issue
14:14:03 <Sona> and make sure D-release is CII compliant
14:14:42 <lhinds> that would be good, either it needs some new scripts developed, or anteater could extended.
14:15:00 <Sona> I will see what I can do
14:15:01 <lhinds> I just am not sure I am going to have any free time to work on it.
14:15:19 <Sona> it is ok, I will do my best
14:15:37 <Sona> you have done alot :)
14:15:55 <lhinds> of course I can always help if you have questions, I am just very busy now in openstack sec topics.
14:16:02 <Sona> how about ETSI? or other standard/Compliance=
14:16:18 <lhinds> I think they are releaseing something next month
14:16:26 <lhinds> Sec-12 IIRC
14:16:37 <Sona> ok, thanks
14:16:40 <aripie> I am following up ETSI, I really should put some info to the website as I have promised
14:17:03 <Sona> good Ari,
14:17:12 <Sona> please let me know if I can help
14:17:26 <Sona> anything new from ETSI?
14:17:43 <Sona> How can we make sure that OPNFV is ETSI compliant?
14:17:46 <aripie> in addition to the ETSI-NFV-SEC there are security related stuff in e.g. ETSI-MANO
14:17:52 <aripie> and in the IFA documents
14:18:06 <aripie> I have attempted to get a grip on the whole...
14:18:21 <Sona> very good, thanks :)
14:18:22 <aripie> I will share my findings and we can take it from there
14:18:45 <Sona> please share your progress with us
14:18:54 <aripie> yes
14:19:00 <Sona> very good
14:19:15 <Sona> any updates from functest?
14:19:19 <Sona> OpenScap?
14:19:40 <Sona> I mean security functest?
14:20:33 <lhinds> nothing new at the moment. going to see with that one, as not had any outreach or uptake on end users
14:20:52 <Sona> is OpenScap running in Jenkins?
14:21:02 <lhinds> yes
14:21:14 <Sona> is someone looking at the result?
14:21:27 <lhinds> no :)
14:21:34 <Sona> hehe
14:21:37 <lhinds> well not that I know of
14:21:52 <lhinds> I am aware of what the gaps are, and so looking to get those patched upstream
14:21:56 <Sona> Can you send me the url så I can have a look at it?
14:22:14 <Sona> I haven't been involved much, I don't know where to look
14:22:40 <lhinds> I am not to sure of the URL, its in the jenkins build pages somewhere, you could ask jose or morgan in functest, they will know
14:23:34 <Sona> ok
14:25:40 <lhinds> anything else, or should we finish up?
14:25:45 <Sona> Who should I talk about d-release? To make sure CII best practices apply to the d-release?
14:26:21 <Sona> Raymond?
14:26:57 <lhinds> Raymond would be good, but you would likely want to time the check more towards the end of the release.
14:27:11 <lhinds> but its a good idea to prepare early
14:27:19 <Sona> ok, thanks
14:27:29 <Sona> I don't have more to add
14:27:38 <aripie> there was a question on opnfv-sec mailing list regarding Inspector/Audit
14:28:28 <lhinds> ok, I will take a look, i did not see that
14:28:43 <aripie> "I have a question around Inspector ? is this proposed as the standard way to Audit deployment compliance or am I missing any other project for security audits?"
14:29:00 <lhinds> got it now, Rana
14:29:04 <aripie> yes
14:29:04 <lhinds> I will reply now
14:29:07 <aripie> ok
14:30:34 <lhinds> ok, thanks Sona / aripie
14:30:39 <lhinds> #endmeeting