Date

Attendees

Meeting Recording

GMT20240116-155746_Recording_3840x2160.mp4

Goals

  • Prioritize security issues based on LFX Security dashboard findings
  • Assert the need for User Story Template fulfillment for any new initiative to be undertaken

Discussion items

TimeItemWhoNotes

OpenSSF checks (#443)

clomonitor findings (#444)

Ved
  • Prepare a common template that can be shared across all the projects. And keeping a common github action workflows that can be imported in the individual repos.


 LFX Security Dashboard for Nephio

 Rahul Jadhav 



Service Mesh updates (user story template?)

Shiv

  • Requirements still to be worked upon. Shiv is preparing towards this.

Secrets Mgmt updates (user story template?)

Prashant Mishra 


Per repo best practices templates (How to handle updates?)

Rahul Jadhav 



SALSA L4 requirements (topic brought up yesterday in SIG-Release meeting

Rahul Jadhav 



Policy framework discussion

subhash kumar singh 

  • Management cluster currently has an auto approval that simply allows everything that passes through it. If we can gate it through the policies that enforces best practices guidelines, that could be an easier win.
  • Runtime policies in the target workload clusters can also be orchestrated through this mechanism (by using Mutating controller) .. but this could be a second phase.

<open floor>



Action items

  • Prashant Mishra to add the Secrets Management user story template
  • Call for review for the Secrets management User Story document. (All)
  • subhash kumar singh to prepare fine grained requirements for the approval policy framework.