Page tree
Skip to end of metadata
Go to start of metadata

OPNFV Security Group

A group dedicated to improve OPNFV security through architecture, documentation, code review, upstream inter-work with other groups, vulnerability management and security research.

Provide an ‘umbrella’ group to encourage development of security centric functions within the OPNFV eco-system.

Effectively handle vulnerability and threats in a co-ordinated manner.

 Core Infrastructure Initiative (CII) Best Practices Badge 

The Core Infrastructure Initiative (CII) Best Practices badge is a way for Free/Libre and Open Source Software (FLOSS) projects to show that they follow best security practices.
OPNFV's Badge:

Key Project Facts

Project Creation Date: Jan 22, 2015
Lifecycle State: Approved
Project Lead: Luke Hinds , Red Hat
Jira Project Name: OPNFV Security group
Jira Project Prefix: opnfv-sec



Mailing List

Security team’s mail alias:


 To subscribe or unsubscribe via the World Wide Web, visit:


Meeting Details

Meeting Times
Every Wednesday at 14:00pm UTC


  • Note, we only meet on IRC. Conference bridges can be set up for specific topics.

Meeting Info & Log

Meeting Agenda

Security Projects

The OPNFV Security Group hosts the following security projects

CI / CD Security Scanning

 Automated NIST based SCAP scans to insure the OPNFV platform deploys free from known CVE vulnerabilities, and meets a security compliance level.  


Ensure the existing Audit framework for the critical components in OPNFV are extensive enough and compliant to industry standards and foreseeable business use cases.

OPNFV Security Guide

Guide to securing the OPNFV platform

Project Audit

Project Audit aims to perform pre-release security scanning audit, and when possible insure badge program checks are applied within OPNFV as an on-going effort. 
Project is maintained within the OPNFV security group.

OPNFV Security Group Processes

Secure Design

Member Structure

OPNFV eco-system

List of some major components in OPNFV eco-system and link to the security advisory, CVE-list, etc.

Security Related News/blogs

  • No labels