...
- Security group update
- For Vuls and other tests that use CVE tagging: all high
- High and medium vulnerabilities
- are mandatory, so the test fails if any of those fails
- If the vulnerabilities cannot be fixed, they must be handled as exceptions and documented
- The exceptions could have time limits
- For Lynis: gives a hardening index but it is difficult to use that. Low and high. List of exceptions, time limited
- There could be low bar and any test score below it should just fail
- Any test score above a high bar should pass
- Test scores between the low and high would need to be analyzed
- The high score could be the same as passing all high and medium priority tests
- Kube-hunter: work in progress
- For Vuls and other tests that use CVE tagging: all high
- https://gerrit.akraino.org/r/c/ci-management/+/3356
- https://gerrit.akraino.org/r/c/ci-management/+/3358
- Tagging 3.0
...