Versions Compared

Old Version 10

changes.mady.by.user Maurizio Pillitu

Saved on

compared with

New Version Current

changes.mady.by.user Maurizio Pillitu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

...

Time ItemWhoNotes from the Meeting
5 minsConvene & Roll CallBrian Ingenito (Deactivated)
5 minsImproving visibility to current identified security vulnerabilities in programs, especially those that produce a lot of code (e.g., Plexus, Symphony, Hadouken)Maurizio Pillitu and Group
  • Automated GitHub security PRs, need to be manually enabled on all repos
    • How to only scan production dependencies (dev dependencies are a false positive)
    • Is GitHub security checks a sub-set of dependabot? Jamie Jones is almost sure, will confirm
  • PMCs should preferably be reported with security alerts on scheduled bases (ie monthly); if not possible, they should be notified (adding to repo security settings)
5 minsWhiteSource update
Requirements consolidated into 
Jira Legacy
serverSystem JIRA
serverIde094b874-9a54-31ee-9f8d-4884bef69f3e
keyODP-92
5 minsEnforce dependabot across all FINOS reposMaurizio Pillituhttps://dependabot.com/ - objections? roll-out plan & expectations. Program Liaison can share this across all programs. Due date August 15, after mao hols. Address repos with high security vulnerabilities (ie Plexus).
5 minsGitHub Consolidation updateMaurizio Pillitu Jamie Jones

Demo/walkthrough

  • FINOS Roles
  • Team structure and permissions
  • FDX and DT current setup
5 minsMinutes taking in GitHub (Wiki)Maurizio Pillitu Tom Schady
5 minsOngoing license validationMaurizio PillituUpdates after chatting with FOSSA
5 minsRetrospective on current sprintGroup

Also check resolved issues in the last 2 weeks that are not included in any Sprint

10 minsPlanning next SprintGroup
10 minsBacklog scrubbingGroupSee ongoing license validation item
5AOB & adjourn

Group


...

...