...
- High Level Overall Requirements
- CI, Blueprint Validation Lab Sub-Committee Requirements
- Present Pod Topology document.
- Peering w/LF Jenkins - (Note: peering is an optional requirement)
- Push logs through Nexus. (Note: This is mandatory for Incubation self-certified and Maturity)
Releases >= 1.0 (e.g. 1.xyz, 2.xyz etc) are reserved for BP that have been approved as Core by the TSC (considered ‘GA’ quality).
Releases <1.0 (e.g. 0.xyz etc) are reserved for projects that have not reached the Akraino Core level (i.e. anything that is in Incubation (‘alpha’ quality) and Mature (‘beta’ quality).
Enforcement of Static Code Analysis through SonarCloud (SaaS), WIP LF Release Engineering & Security Subcommittee. (Note: This is an optional requirement for Incubation self certified and mandatory for Maturity)
- Security Sub-Committee Requirements, please fill in Release 4 Blueprint Scanning Status. Instructions can be found at: Steps To Implement Security Scan Requirements
- Blueprint Validation Framework Feature Project Requirements See TSC meeting.
- Projects going for Maturity Review please refer to Maturity Criteria defined by Process subcommittee BP Graduation Review Processes and Criteria (Note this is not required for self certification, only required for maturity review)
- Documentation Sub-Committee Requirements
User Documents:
The following documentation with the following sections called out should be on the wiki with links to rest of the sections as applicable. We prefer that the entire doc is on the wiki but we do not require it.
Architecture - Blue print Overview and overall architecture
Release Notes – Summary and What is released
Installation Doc – Introduction and deployment architecture
Test Document – Introduction and Overall Test Architecture
Developer Documents:
We are also recommending that Blueprints include via ReadtheDocs, with each Blue Print given their own repo, but we do not require it
- API Sub-Committee Requirements (Note: See this link for requirements: Blueprint Projects R4 and R5 API Reporting Requirements)
- Community Sub-Committee Requirements (Note: no mandatory requirements for Incubation self-certified or Maturity)
- Process Sub-Committee Requirements (Note: See the Process Sub Committee page defining the TSC approved Maturity review process and requirements for those requesting inclusion in R3 at Mature level BP Graduation Review Processes and Criteria)
- Upstream Sub-Committee Requirements (Note: no mandatory requirements for Incubation self-certified or Maturity). Here is the R4 release Upstream BP review status, Release Upstream Compliance. Also please refer to the page for the R4 requirement as well.
...
No. | Project Name | TSC Subgroup Release Status | Is this your first release | CD Logs URL to be used for review (Column filled in by PTLs) | Link to executive one pager (editable doc format) (Column filled in by PTLs) | API Info Reporting Review (Column filled in by API Subcommittee) (note for PTLs – go here for steps to fill in project API info form) | BluVal Certification | Security Certification Provide link to Vuls, Lynis, and Kube-Hunter logs below. Pass/Fail Criteria: Steps To Implement Security Scan Requirements Exception requests should be filed at: https://wiki.akraino.org/display/AK/Akraino+CVE+Vulnerability+Exception+Release 5: Akraino CVE Vulnerability Exception Request | Upstream Review (Column filled by Upstream Subcommittee and PTLs) (note PTL can go to R4 Release Upstream Compliance to find details) | Date ready for TSC review (Column filled in by PTLs) | TSC Review Date (Column filled in by TSC) | |
---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | ||||||||||||
2 | ||||||||||||
3 | ||||||||||||
4 | No | |||||||||||
5 | Yes | |||||||||||
6 | No | https://nexus.akraino.org/content/sites/logs/huawei/job/eliot-build/18/home/jenkins/log/ | https://nexus.akraino.org/content/sites/logs/huawei/job/eliot-security-validation-build/4/results/ | Incubation Level Review Results:
Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request ____________________________________________________________ Lynis: Accepted ____________________________________________________________ Kube-Hunter: Cluster: Accepted Pod: Failed CAP_NET_RAW Enabled | ||||||||
7 | https://nexus.akraino.org/content/sites/logs/huawei/job/eliot-uCPE-build/15/home/jenkins/log/ | https://nexus.akraino.org/content/sites/logs/huawei/job/eliot-uCPE-security-build/10/results/ | Incubation Level Review Results:
Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request ____________________________________________________________ Lynis: Accepted ____________________________________________________________ Kube-Hunter: Cluster: Accepted Pod: Failed CAP_NET_RAW Enabled | |||||||||
8 | ||||||||||||
9 | No | |||||||||||
10 | Slides for KNI blueprints review: | No | ||||||||||
11 | ||||||||||||
12 | ||||||||||||
13 | ||||||||||||
14 | ||||||||||||
15 | ||||||||||||
16 | ||||||||||||
17 | No | https://nexus.akraino.org/content/sites/logs/huawei/job/ealt-edge-build/51/home/jenkins/log/ | https://nexus.akraino.org/content/sites/logs/huawei/job/ealt-security-validation-build/19/results/ | Incubation Level Review Results:
Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request ____________________________________________________________ Lynis: Accepted ____________________________________________________________ Kube-Hunter: Cluster: Accepted Pod: Failed CAP_NET_RAW Enabled | ||||||||
18 | No | https://nexus.akraino.org/content/sites/logs/cmti/job/pcei-daily/ | https://wiki.akraino.org/x/lwHkAg | https://nexus.akraino.org/content/sites/logs/pcei/job/r5/v1/ | Incubation Level Review Results:
Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request ____________________________________________________________ Lynis: Failed
Result: found umask 022, which could be improved 2021-07-26 18:36:59 Suggestion: Default umask in /etc/login.defs could be more strict like 027
____________________________________________________________ Kube-Hunter: Cluster: Accepted Pod: Failed CAP_NET_RAW Enabled | |||||||
19 | No | https://nexus.akraino.org/content/sites/logs/fate/job/Fate_test/15/ | ||||||||||
20 | ||||||||||||
21 | ||||||||||||
22 | ||||||||||||
23 | Yes | |||||||||||
24 | ||||||||||||
25 | @ashvin.p@bluemeric.com | No | ||||||||||
26 | No | |||||||||||
27 | Yes |
...