...
No. | Project Name | TSC Subgroup Release Status | Is this your first release | CD Logs URL to be used for review (Column filled in by PTLs) | Link to executive one pager (editable doc format) (Column filled in by PTLs) | API Info Reporting Review (Column filled in by API Subcommittee) (note for PTLs – go here for steps to fill in project API info form) | BluVal Certification | Security Certification Provide link to Vuls, Lynis, and Kube-Hunter logs below. Pass/Fail Criteria: Steps To Implement Security Scan Requirements Exception requests should be filed at: | Upstream Review (Column filled by Upstream Subcommittee and PTLs) (note PTL can go to R4 Release Upstream Compliance to find details) | Date ready for TSC review (Column filled in by PTLs) | TSC Review Date (Column filled in by TSC) | |||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | ||||||||||||||||||
2 | ||||||||||||||||||
3 | ||||||||||||||||||
4 | No | No Changes in the API from the R4 Release | 5 | Yes | API form uploaded 24 May e-mail questions exchanged 20Jul21 Scheduled for review by API subcommittee API subcommittee review completed and info accepted | https://nexus.akraino.org/content/sites/logs/intel/bluval_results/icn | /master/20210707-182026/results/k8s/kube-hunter/Filed Release 5: Akraino CVE Vulnerability Exception Request Waiting for the review from Randy Stricklin | |||||||||||
5 | Yes | API form uploaded 24 May e-mail questions exchanged 20Jul21 Scheduled for review by API subcommittee API subcommittee review completed and info accepted | Filed Release 5: Akraino CVE Vulnerability Exception Request Wait Waiting for the review from Randy Stricklin | |||||||||||||||
6 | No | https://nexus.akraino.org/content/sites/logs/huawei/job/eliot-build/18/home/jenkins/log/ | https://nexus.akraino.org/content/sites/logs/huawei/job/eliot-security-validation-build/4/results/ | Incubation Level Review Results:
Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request ____________________________________________________________ Lynis: Accepted ____________________________________________________________ Kube-Hunter: Cluster: Accepted Pod: Failed CAP_NET_RAW Enabled | ||||||||||||||
7 | https://nexus.akraino.org/content/sites/logs/huawei/job/eliot-uCPE-build/15/home/jenkins/log/ | https://nexus.akraino.org/content/sites/logs/huawei/job/eliot-uCPE-security-build/10/results/ | Incubation Level Review Results:
Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request ____________________________________________________________ Lynis: Accepted ____________________________________________________________ Kube-Hunter: Cluster: Accepted Pod: Failed CAP_NET_RAW Enabled | |||||||||||||||
8 | ||||||||||||||||||
9 | No | |||||||||||||||||
10 | No | |||||||||||||||||
11 | ||||||||||||||||||
12 | ||||||||||||||||||
13 | ||||||||||||||||||
14 | ||||||||||||||||||
15 | ||||||||||||||||||
16 | ||||||||||||||||||
17 | No | https://nexus.akraino.org/content/sites/logs/huawei/job/ealt-edge-build/51/home/jenkins/log/ | https://nexus.akraino.org/content/sites/logs/huawei/job/ealt-security-validation-build/19/results/ | Incubation Level Review Results:
Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request ____________________________________________________________ Lynis: Accepted ____________________________________________________________ Kube-Hunter: Cluster: Accepted Pod: Failed CAP_NET_RAW Enabled | ||||||||||||||
18 | No | https://nexus.akraino.org/content/sites/logs/cmti/job/pcei-daily/ | https://wiki.akraino.org/x/lwHkAg | Per API Subcommittee meeting 30Jul21, no change from R4 | https://nexus.akraino.org/content/sites/logs/pcei/job/r5/v1/
https://nexus.akraino.org/content/sites/logs/pcei/job/r5/v2/ Fixed: fs.suid_dumpable net.ipv4.conf.default.accept_source_route Cannot fix AUTH-9328 because changing unmask value to 027 caused lynis test suite to fail (does not run) | Incubation Level Review Results:
Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request ____________________________________________________________ Lynis: Failed
Result: found umask 022, which could be improved 2021-07-26 18:36:59 Suggestion: Default umask in /etc/login.defs could be more strict like 027
____________________________________________________________ Kube-Hunter: Cluster: Accepted Pod: Failed CAP_NET_RAW Enabled | PCEI R5 Release Notes |
| ||||||||||
19 | No | https://nexus.akraino.org/content/sites/logs/fate/job/Fate_test/15/ | The attached logs do not contain the output files generated by lyns, vuls, and kube-hunter. The following log files are needed to perform the security review:
If you need additional information please contact the security team at security@lists.akraino.org. Also, utilizing BluVal will perform these tests automatically. | |||||||||||||||
20 | ||||||||||||||||||
21 | Per e-mail from Prem 31Jul21, no change from R4 | |||||||||||||||||
22 | ||||||||||||||||||
23 | Yes | |||||||||||||||||
24 | ||||||||||||||||||
25 | No | |||||||||||||||||
26 | No | |||||||||||||||||
27 | Yes |
...