...
No. | Project Name | TSC Subgroup Release Status | Is this your first release | CD Logs URL to be used for review (Column filled in by PTLs) | Link to executive one pager (editable doc format) (Column filled in by PTLs) | API Info Reporting Review (Column filled in by API Subcommittee) (note for PTLs – go here for steps to fill in project API info form) | BluVal Certification | Security Certification Provide link to Vuls, Lynis, and Kube-Hunter logs below. Pass/Fail Criteria: Steps To Implement Security Scan Requirements Exception requests should be filed at: | Upstream Review (Column filled by Upstream Subcommittee and PTLs) (note PTL can go to Release 5 BP/Feature Upstream Status to find details) | Date ready for TSC review (Column filled in by PTLs) | TSC Review Date (Column filled in by TSC) | |
---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | ||||||||||||
2 | ||||||||||||
3 | ||||||||||||
4 | No | Per notice from Kural 5Aug21, no change from R4 | Filed Release 5: Akraino CVE Vulnerability Exception Request Waiting for the review from Randy Stricklin Incubation Level Review Results:
Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request ____________________________________________________________ Lynis: Accepted ____________________________________________________________ Kube-Hunter: Cluster: Accepted Pod: Accepted | Completed by 8/6/2021 | ||||||||
5 | Yes | API form uploaded 24 May e-mail questions exchanged 20Jul21 Scheduled for review by API subcommittee API subcommittee review completed and info accepted | Filed Release 5: Akraino CVE Vulnerability Exception Request Waiting for the review from Randy Stricklin | |||||||||
6 | No | https://nexus.akraino.org/content/sites/logs/huawei/job/eliot-build/18/home/jenkins/log/ | https://nexus.akraino.org/content/sites/logs/huawei/job/eliot-security-validation-build/4/results/ | Incubation Level Review Results:
Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request ____________________________________________________________ Lynis: Accepted ____________________________________________________________ Kube-Hunter: Cluster: Accepted Pod: Failed CAP_NET_RAW Enabled | Completed 8/6/2021 | |||||||
7 | https://nexus.akraino.org/content/sites/logs/huawei/job/eliot-uCPE-build/15/home/jenkins/log/ | https://nexus.akraino.org/content/sites/logs/huawei/job/eliot-uCPE-security-build/10/results/ | Incubation Level Review Results:
Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request ____________________________________________________________ Lynis: Accepted ____________________________________________________________ Kube-Hunter: Cluster: Accepted Pod: Failed CAP_NET_RAW Enabled | Completed on 8/6/2021 | ||||||||
8 | Per e-mail from Sukhdev 5Aug21, no change from R4 | |||||||||||
9 | No | https://jenkins.akraino.org/job/kni-blueprint-pae-verify-deploy-gcp/69/ | ||||||||||
10 | No | Management Hub: https://logs.akraino.org/production/vex-yul-akraino-jenkins-prod-1/kni-blueprint-management-hub-verify-deploy-gcp/19/ | ||||||||||
11 | ||||||||||||
12 | ||||||||||||
13 | ||||||||||||
14 | ||||||||||||
15 | ||||||||||||
16 | ||||||||||||
17 | No | https://nexus.akraino.org/content/sites/logs/huawei/job/ealt-edge-build/51/home/jenkins/log/ | https://nexus.akraino.org/content/sites/logs/huawei/job/ealt-security-validation-build/19/results/ | Incubation Level Review Results:
Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request ____________________________________________________________ Lynis: Accepted ____________________________________________________________ Kube-Hunter: Cluster: Accepted Pod: Failed CAP_NET_RAW Enabled | ||||||||
18 | No | https://nexus.akraino.org/content/sites/logs/cmti/job/pcei-daily/ | https://wiki.akraino.org/x/lwHkAg | Per API Subcommittee meeting 30Jul21, no change from R4 | https://nexus.akraino.org/content/sites/logs/pcei/job/r5/v1/
https://nexus.akraino.org/content/sites/logs/pcei/job/r5/v2/ Fixed: fs.suid_dumpable net.ipv4.conf.default.accept_source_route Cannot fix AUTH-9328 because changing unmask value to 027 caused lynis test suite to fail (does not run) | Incubation Level Review Results:
Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request ____________________________________________________________ Lynis: Failed
Result: found umask 022, which could be improved 2021-07-26 18:36:59 Suggestion: Default umask in /etc/login.defs could be more strict like 027
____________________________________________________________ Kube-Hunter: Cluster: Accepted Pod: Failed CAP_NET_RAW Enabled | PCEI R5 Release Notes https://wiki.akraino.org/x/LgLkAg Completed by 8/6/2021 |
| ||||
19 | No | https://nexus.akraino.org/content/sites/logs/fate/job/Fate_test/15/ | The attached logs do not contain the output files generated by lyns, vuls, and kube-hunter. The following log files are needed to perform the security review:
If you need additional information please contact the security team at security@lists.akraino.org. Also, utilizing BluVal will perform these tests automatically. | |||||||||
20 | ||||||||||||
21 | TSC 2021-08-03 (Tuesday) 7:00 am Pacific | No | https://nexus.akraino.org/content/sites/logs/juniper/job/Private%205G%20BP/ | Akraino Private LTE/5G BP Datasheet | Per e-mail from Prem 31Jul21, no change from R4 | |||||||
22 | ||||||||||||
23 | Yes | |||||||||||
24 | ||||||||||||
25 | No | |||||||||||
26 | No | |||||||||||
27 | Yes |
...