...
No. | Project Name | TSC Subgroup Release Status | Is this your first release | Blue Print Stage
| CD Logs URL to be used for review (Column filled in by PTLs) | Link to executive one pager (editable doc format) (Column filled in by PTLs) | API Info Reporting Review (Column filled in by API Subcommittee) (note for PTLs – go here for steps to fill in project API info form) | BluVal Certification | Security Certification Provide link to Vuls, Lynis, and Kube-Hunter logs below. Pass/Fail Criteria: Steps To Implement Security Scan Requirements Exception requests should be filed at: | Upstream Review (Column filled by Upstream Subcommittee and PTLs) (note PTL can go to Release 5 BP/Feature Upstream Status to find details) | Date ready for TSC review (Column filled in by PTLs) | TSC Review Date (Column filled in by TSC) | |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | |||||||||||||
2 | |||||||||||||
3 | |||||||||||||
4 | No | Per notice from Kural 5Aug21, no change from R4 | Filed Release 5: Akraino CVE Vulnerability Exception Request Incubation Level Review Results:
Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request ____________________________________________________________ Lynis: Accepted ____________________________________________________________ Kube-Hunter: Cluster: Accepted Pod: Accepted | Completed by 8/6/2021 | |||||||||
5 | Yes | https://nexus.akraino.org/content/sites/logs/intel/ICN_CD_logs/pod11-node5/icn-master-bm-verify-bm_verifer-kata/12/ | API form uploaded 24 May e-mail questions exchanged 20Jul21 Scheduled for review by API subcommittee API subcommittee review completed and info accepted | Filed Release 5: Akraino CVE Vulnerability Exception Request Incubation Level Review Results:
Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request ____________________________________________________________ Lynis: Accepted ____________________________________________________________ Kube-Hunter: Cluster: Accepted Pod: Accepted | Completed by 8/10/2021 | ||||||||
6 | No | https://nexus.akraino.org/content/sites/logs/huawei/job/eliot-build/18/home/jenkins/log/ | https://nexus.akraino.org/content/sites/logs/huawei/job/eliot-security-validation-build/4/results/ | Incubation Level Review Results:
Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request ____________________________________________________________ Lynis: Accepted ____________________________________________________________ Kube-Hunter: Cluster: Accepted Pod: Accepted with exceptions shown at: | Completed 8/6/2021 | ||||||||
7 | https://nexus.akraino.org/content/sites/logs/huawei/job/eliot-uCPE-build/15/home/jenkins/log/ | https://nexus.akraino.org/content/sites/logs/huawei/job/eliot-uCPE-security-build/10/results/ | Incubation Level Review Results:
Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request ____________________________________________________________ Lynis: Accepted ____________________________________________________________ Kube-Hunter: Cluster: Accepted Pod: Accepted with exceptions shown at: | Completed on 8/6/2021 | |||||||||
8 | No | Per e-mail from Sukhdev 5Aug21, no change from R4 | Completed by 8/10/2021 | ||||||||||
9 | No | https://jenkins.akraino.org/job/kni-blueprint-pae-verify-deploy-gcp/69/ | Completed by 8/10/2021 | ||||||||||
10 | No | Management Hub: https://logs.akraino.org/production/vex-yul-akraino-jenkins-prod-1/kni-blueprint-management-hub-verify-deploy-gcp/19/ | Completed by 8/10/2021 | ||||||||||
11 | |||||||||||||
12 | |||||||||||||
13 | |||||||||||||
14 | No | https://nexus.akraino.org/content/sites/logs/tencent/job/tencent_5g_mec/ | Per e-mail from Eagan Fu on Aug 16, no change from R4 | ||||||||||
15 | |||||||||||||
16 | Per e-mail from Leo 11Aug21, no change from R4 | ||||||||||||
17 | No | https://nexus.akraino.org/content/sites/logs/huawei/job/ealt-edge-build/51/home/jenkins/log/ | https://nexus.akraino.org/content/sites/logs/huawei/job/ealt-security-validation-build/19/results/ | Incubation Level Review Results:
Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request ____________________________________________________________ Lynis: Accepted ____________________________________________________________ Kube-Hunter: Cluster: Accepted Pod: Accepted with exceptions shown at: | R5 - Architecture Documentation of Enterprise Applications on Lightweight 5G Telco Edge Completed by 8/10/2021 | ||||||||
18 | TSC 2021-08-10 (Tuesday) 7:00 am Pacific | No | https://nexus.akraino.org/content/sites/logs/cmti/job/pcei-daily/ | https://wiki.akraino.org/x/lwHkAg | Per API Subcommittee meeting 30Jul21, no change from R4 | https://nexus.akraino.org/content/sites/logs/pcei/job/r5/v1/
https://nexus.akraino.org/content/sites/logs/pcei/job/r5/v2/ Fixed: fs.suid_dumpable net.ipv4.conf.default.accept_source_route Cannot fix AUTH-9328 because changing unmask value to 027 caused lynis test suite to fail (does not run) | Incubation Level Review Results:
Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request ____________________________________________________________ Lynis: Accepted with exceptions shown at: Release 5 Blueprint Scanning Status ____________________________________________________________ Kube-Hunter: Cluster: Accepted Pod: Accepted with exceptions shown at: | PCEI R5 Release Notes https://wiki.akraino.org/x/LgLkAg Completed by 8/6/2021 |
| ||||
19 | No |
| https://nexus.akraino.org/content/sites/logs/fate/job/Fate_test/15/ | Akraino R5 Federated ML blueprint datasheet.docx | Per e-mail from Zifan 8Aug21, no change from R4 | Incubation Level Review Results: 03 The attached logs do not contain the output files generated by lyns, vuls, and kube-hunter. The following log files are needed to perform the security review:
If you need additional information please contact the security team at security@lists.akraino.org. Also, utilizing BluVal will perform these tests automatically. Incubation Level Review Results:
Vuls: FAILED with exceptions shown at: Release 5 Vuls Exception Request The following CVE must be corrected by updating CURL: CVE-2019-5482 Solution information can be found at:
Vuls: FAILED with exceptions shown at: Release 5 Vuls Exception Request The following CVE must be corrected by updating CURL: CVE-2019-5482 Solution information can be found at: https://access.redhat.com/security/cve/cve-2019-5482 __________________________________________________________ Lynis: FAILED
AllowUsers is not set AllowGroups is not set SSH has no specific user or group limitation. Most likely all valid users can SSH to th is machine. 4. sysctl key kernel.dmesg_restrict: FAILED Valued should be set to 1. 5. Performing test ID HRDN-7220 (Check if one or more compilers are installed): FAILED Following compilers installed:
__________________________________________________________ __Kube-Hunter: Exception granted: K8s not used by this BP. | |||||||
20 | |||||||||||||
21 | TSC 2021-08-03 (Tuesday) 7:00 am Pacific | No | https://nexus.akraino.org/content/sites/logs/juniper/job/Private%205G%20BP/ | Akraino Private LTE/5G BP Datasheet | No new features or bugs have been added after R4 release | Completed by 8/10/2021 | |||||||
22 | |||||||||||||
23 | Yes | ||||||||||||
24 | |||||||||||||
25 | No | ||||||||||||
26 | No | ||||||||||||
27 | Yes |
...