Release 3 Blueprint Scanning Status (Pre-Approval)
- Integrated Cloud Native (ICN) NFV/App stack family [Kuralamudhan Ramakrishnan, Igor Duarte Cardoso]
- Vuls: High:30 Medium:96 Low:27
- Lynis: https://logs.akraino.org/intel/bluval_results/icn/master/20200529-023728/results/os/lynis/lynis.log
- Kube-Hunter: Only 1 vulnerability found, in "Inside-a-Pod Scanning": CAP_NET_RAW
- Radio Edge Cloud (REC)
- Vuls: High:44 Medium:137 Low:47
- Lynis: https://wiki.akraino.org/download/attachments/18481239/lynis.log?version=1&modificationDate=1590586718000&api=v2
- Kube-Hunter:
- KHV005 Access to API using service account token
- KHV002 Kubernetes Version Disclosure
- KHV050 Read access to pod's service account token
- Local to Pod CAP_NET_RAW Enabled
- Local to Pod Access to pod's secrets
- Connected Vehicle Blueprint [Thor Chin]
- This blueprint did not have output information from vuls, lynis or kube-hunter. I have sent an email to Thor Chin and Tapio Tallgren. This appears to be an issue with BluVal not executing the scans correctly.
- Vuls:
- Lynis:
- Kube-Hunter:
- ELIOT Iot Gateway Blueprint [Khemendra Kumar]
- Vuls: High:104 Medium:352 Low:74 https://nexus.akraino.org/content/sites/logs/huawei/blueprints/iotgateway/job/eliot-iotgateway-deploy-k8s-virtual-daily-master/430/results/os/vuls/
- Lynis: https://nexus.akraino.org/content/sites/logs/huawei/blueprints/iotgateway/job/eliot-iotgateway-deploy-k8s-virtual-daily-master/430/results/os/lynis/
- Kube-Hunter: https://nexus.akraino.org/content/sites/logs/huawei/blueprints/iotgateway/job/eliot-iotgateway-deploy-k8s-virtual-daily-master/430/results/k8s/kube-hunter/Kube-Hunter.Kube-Hunter/
- ELIOT SD-WAN/WAN Edge/uCPE Blueprint [Khemendra Kumar]
- Vuls: High:87 Medium:168 Low:62 https://nexus.akraino.org/content/sites/logs/huawei/blueprints/uCPE/job/eliot-uCPE-deploy-k8s-centos-virtual-daily-master/378/results/os/vuls/
- Lynis: https://nexus.akraino.org/content/sites/logs/huawei/blueprints/uCPE/job/eliot-uCPE-deploy-k8s-centos-virtual-daily-master/378/results/os/lynis/
- Kube-Hunter: https://nexus.akraino.org/content/sites/logs/huawei/blueprints/uCPE/job/eliot-uCPE-deploy-k8s-centos-virtual-daily-master/378/results/k8s/kube-hunter/Kube-Hunter.Kube-Hunter/
- KNI Provider Access Edge [Yolanda Robla Mota]
- Running on OKD vs Kubernetes https://wiki.akraino.org/display/AK/KNI+PAE+Architecture+document
- Conformance tests used: https://wiki.akraino.org/display/AK/KNI+PAE+Test+document
- Vuls:
- Lynis:
- Kube-Hunter:
- Micro-MEC
- Scan output files are not currently available at https://wiki.akraino.org/display/AK/Release+3+Planning. I have emailed the PTL, Tapio Tallgren to see if he can provide them.
- Vuls:
- Lynis:
- Kube-Hunter:
- School/Education Video Security Monitoring [Hechun Zhang and Liya Yu]
- This blueprint did not have output information from vuls, lynis or kube-hunter.
- This is the first release for the School/Education Video Security Monitoring blueprint, BluVal is not required.
- I have sent an email to Hechun Zhang and Liya Yu.
- Vuls:
- Lynis:
- Kube-Hunter:
- 5G MEC/Slice System to Support Cloud Gaming, HD Video and Live Broadcasting Blueprint [Feng Yang]
- All scan logs: https://nexus.akraino.org/content/sites/logs/tencent/job/5g-mec-cloud-gaming-CD/security_scan/2/
- Vuls:
- Lynis:
- Kube-Hunter:
- Enterprise Applications on Lightweight 5G Telco Edge [Gaurav Agrawal]
- Vuls: https://nexus.akraino.org/content/sites/logs/huawei/blueprints/ealt-edge/job/ealt-edge-bluval-daily-master/22/results/os/vuls/
- Lynis: https://nexus.akraino.org/content/sites/logs/huawei/blueprints/ealt-edge/job/ealt-edge-bluval-daily-master/22/results/os/lynis/
- Kube-Hunter: https://nexus.akraino.org/content/sites/logs/huawei/blueprints/ealt-edge/job/ealt-edge-bluval-daily-master/22/results/k8s/kube-hunter/
- Public Cloud Edge Interface (PCEI) Blueprint [Oleg Berzin]
- This blueprint did not have output information from vuls, lynis or kube-hunter.
- This is the first release for the PCEI blueprint, BluVal is not required.
- I have sent an email to Oleg Berzin.
- Vuls:
- Lynis:
- Kube-Hunter:
Approved Blueprints
| Project Name | Vuls Scan
| Lynis Scan
| Kube-Hunter Scan
| |
|---|---|---|---|---|
| 1 | 5G MEC/Slice System to Support Cloud Gaming, HD Video and Live Broadcasting Blueprint | |||
| 2 | ||||
| 3 | Connected Vehicle Blueprint | |||
| 4 | Edge Video Processing | |||
| 5 | ELIOT: Edge Lightweight and IoT Blueprint Family | |||
| 6 | ||||
| 7 | ||||
| 8 | ||||
| 9 | Integrated Cloud Native NFV/App stack family (Short term: ICN) |
|
|
|
| 10 | Integrated Edge Cloud (IEC) Blueprint Family | |||
| 11 | ||||
| 12 | ||||
| 13 | ||||
| 14 | Kubernetes-Native Infrastructure (KNI) Blueprint Family | lynis.log | Fail. We request for exception as we are running OpenShift and not upstream Kubernetes, so we hit several failures: cluster.log , pod.log | |
| 15 | ||||
| 16 | Network Cloud Blueprint Family | |||
| 17 | StarlingX Far Edge Distributed Cloud | |||
| 18 | Telco Appliance Blueprint Family | |||
| 19 | Fail with Exceptions 0 CVEs are detected with OVA | Pass with Exceptions Tests performed: 287 | Pass with Exceptions All Critical Tests Passed KHV005 Access to API using service account token | |
| 20 | ||||
| 21 | The AI Edge Blueprint Family | |||
| 22 | ||||
| 23 | Public Cloud Edge Interface | Pass | Pass | Pass: no k8s cluster as part of deployment at the moment |
...