Meeting Agenda for Jun 21, 2022

Antitrust Disclaimer

Attendance

Attendance is taken purely upon #info in Zoom Chat

Attendee	Company/Org

Agenda Items	Presented By	Presos/Notes/Links/

Presented By

Presos/Notes/Links/

Welcome

@Ben Courliss

Core Infrastructure Badge

@Joseph Pearson

Working session to review the Badge Application:

Q/A and Wrap up

Anyone

Look into what the EdgeX Foundry does for their release notes. There may be a GitHub Action available to reuse.
Need to address security vulnerabilities.
- Maybe have a wiki page to start with - Akraino and EdgeX Foundry wikis may have something we can base off of
  - https://github.com/lf-edge/edge-home-orchestration-go/blob/master/.github/SECURITY.md
- Have TSC members (WG chairs) on private email list where users can submit vulnerabilities
  - Speak with Kendall who may have started to create this list via groups.io
- Potentially look at using Syft to output a CycloneDX or SPDX file that can be joined with a CVE database to produce a vulnerability report from images
  - https://security.googleblog.com/2022/06/sbom-in-action-finding-vulnerabilities.html
TESTING.md to address testing policy for new functionality (required unit tests, etc)

Build process discussion for OpenHorizon Artifacts. Need holistic view of process documented and issues created in order to make progress.

@Ben Courliss Create some issues around implementing versioning and changelogs

Topic: Open Horizon DevOps WG biweekly meeting
Start Time: Jun 21, 2022 06:57 AM