WG06 Meeting minutes 23/04/2026
Agenda
- Back on "Trivy incident" (supply chain compromise): reminders, lessons learned and best practices for GitOps organizations as this attack is surely not the last one - M.Hernandez/Sysdig
- Discussions on the opportunity of a Sylva/CNTF plufgfest/Hackathon on K8s operators for mobile operations: Get feedback on WG06 interest, perimeter definition, event format, vendor view - M.Richomme/WG06
Replay
Support
Minutes
Quick Recap
The meeting focused on two main topics: a security presentation on supply chain attacks and a discussion about organizing a Kubernetes operator developer event.
Miguel Hernandez from Sysdig presented on recent supply chain attacks, particularly the Trivy vulnerability, explaining how attackers compromise GitHub Actions and other tools without triggering alerts.
The discussion then shifted to WG06 proposal for an integrator developer event focused on creating Kubernetes operators for telco solutions, specifically addressing D2 configuration and APN/MPN business operators. Participants provided feedback on the proposed format, with Joel Studler suggesting a narrowly scoped hackathon approach and noting ongoing work on NetBox operators at his organization. The group discussed challenges around travel restrictions and budget constraints for such events, with participants expressing interest in contributing to design discussions despite potential timezone and travel limitations.
Next Steps
- Miguel: Send the slide deck to Morgan for posting online
- Morgan: Put the working group slides/minutes online
- Morgan: Create a page on the working group's GitLab for collecting and discussing operator/hackathon ideas and feedback see dedicated page
- All participants: Contact relevant vendors (e.g., Mavenir, Ericsson, Nokia, etc.) to gauge interest and possible involvement in the proposed operator/hackathon event
- All participants: Provide feedback on potential operator topics and possible involvement in the event (via the new GitLab page and/or next meetings)