Agenda Items

Presented By

Presos/Notes/Links/

Welcome

Core Infrastructure Badge

Working session to review the Badge Application:

Q/A and Wrap up

Anyone

Meeting Notes

Look into what the EdgeX Foundry does for their release notes. There may be a GitHub Action available to reuse.
Need to address security vulnerabilities.
- Maybe have a wiki page to start with - Akraino and EdgeX Foundry wikis may have something we can base off of
  - https://github.com/lf-edge/edge-home-orchestration-go/blob/master/.github/SECURITY.md
- Have TSC members (WG chairs) on private email list where users can submit vulnerabilities
  - Speak with Kendall who may have started to create this list via groups.io
- Potentially look at using Syft to output a CycloneDX or SPDX file that can be joined with a CVE database to produce a vulnerability report from images
  - https://security.googleblog.com/2022/06/sbom-in-action-finding-vulnerabilities.html
TESTING.md to address testing policy for new functionality (required unit tests, etc)

Build process discussion for OpenHorizon Artifacts. Need holistic view of process documented and issues created in order to make progress.
Ben Courliss Investigate Anax changelog script - https://github.com/open-horizon/horizon-deb-packager/blob/master/Makefile#L56
Ben Courliss Create some issues around implementing versioning and changelogs

...