...
BluVal Testing
Status as of May 13th 2020:
Layer | Result | Comment |
os/lynis | PASS if disabling ICN plugins | If libvirt or weave are installed, lynis will no longer pass. This is a problem because the virtlet ICN plugin requires libvirt. |
os/vuls | FAIL: 153 vulnerabilities found | Total: 153 (High:33 Medium:93 Low:27 ?:0), 1/153 Fixed, 801 installed, 0 exploits, en: 2, ja: 0 alerts. |
k8s/conformance | PASS if disabling ICN plugins | Need to enable ICN plugins and understand reason for failures. Just the basic KUD deployment is enough to make conformance pass. |
k8s/kubehunter | FAIL: Inside-a-Pod Scanning: 5 vulnerabilities | Patched system:public-info-viewer to hide /version, otherwise Cluster Remote Scanning would fail too. Need to update KUD scripts to automatically patch system:public-info-viewer. |
Important links:
Steps To Implement Security Scan Requirements
CI logs:
The gerrit comments contains the CI log url. All the CI logs are under this folder ICN : https://jenkins.akraino.org/view/icn/job/icn-master-verify/
...