...
Introductory webcast recording
Notes
April 22, 2020
- Update from security group
- Lynis: Some of the tests have points attaches to them and some do not
- The points can be used to create some kind of metric
- Will try to create a list of acceptable and non-acceptable failures
- Kube-hunter is being studied
- Two Jira tickets to be created:
- k8s conformance is mysteriously failing (from Srinivasan Selvam)
- KNI validation jobs are not running
April 15, 2020 (recording)
- Security group update
- For Vuls and other tests that use CVE tagging:
- High and medium vulnerabilities are mandatory, so the test fails if any of those fails
- If the vulnerabilities cannot be fixed, they must be handled as exceptions and documented
- The exceptions could have time limits
- For Lynis: gives a hardening index but it is difficult to use that
- There could be low bar and any test score below it should just fail
- Any test score above a high bar should pass
- Test scores between the low and high would need to be analyzed
- The high score could be the same as passing all high and medium priority tests
- Kube-hunter: work in progress
- For Vuls and other tests that use CVE tagging:
- https://gerrit.akraino.org/r/c/ci-management/+/3356
- https://gerrit.akraino.org/r/c/ci-management/+/3358
- Tagging 3.0
...