...
The requirements for the blueprints to be included in release 5 6 are as follows:
Depending upon the situation, the PTLs are suggested to meet the following criteria -
...
If the blueprint is already part of release 5 and you want this to be included in release 56, please follow the following steps:
...
Internal Target date to meet Rel 6 Criteria is April 30th
(To be updated)
No. | Project Name | TSC Subgroup Release Status | Is this your first release | Blue Print Stage
| CD Logs URL to be used for review (Column filled in by PTLs) | Link to executive one pager (editable doc format) (Column filled in by PTLs) | API Info Reporting Review (Column filled in by API Subcommittee) (note for PTLs – go here for steps to fill in project API info form) | BluVal BlueVal Logs or Manual Logs | Security Certification (TO be filled by Security Subcommittee) Pass/Fail Criteria: Steps To Implement Security Scan Requirements Exception requests should be filed at: Release 6: Akraino CVE and KHV Vulnerability Exception Request | Upstream Review (Column filled by Upstream Subcommittee and PTLs) (note PTL can go to Release 6 Upstream Review Status to find details) | Date ready for TSC review (Column filled in by PTLs) | TSC Review Date (Column filled in by TSC) | |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | No | Mature | https://nexus.akraino.org/content/sites/logs/parserlabs/r4/cvb/ | https://nexus.akraino.org/content/sites/logs/parserlabs/r4/ | Approved | ||||||||
2 | No | Mature |
https://nexus.akraino.org/content/sites/logs/parserlabs/r4/cvb/ | No API changes expected from R5, per Bart Dong in TSC meeting . Waiting for e-mail from Bart to confirm this Bart confirmed by e-mail | https://nexus.akraino.org/content/sites/logs/parserlabs/r4/ | Approved | ||||||||||
3 | |||||||||||||
4 | No | Incubation | ICN R6 Datasheet | No API changes from R5, per e-mail from Kural Ramakrishnan | BluVal Results |
lynis results: Accepted vuls results: |
CVE-2021-35942: failed in scan: console output displaying a version of Ubuntu and version of the installed glibc is required for exception approval.
Accepted kube-hunter results: Accepted | Approved |
| ||
5 | No |
EOL | No API changes from R5, per e-mail from Salvador Fuentes | Approved | |||||||
6 | No | Incubation | https://nexus.akraino.org/content/sites/logs/huawei/job/Eliot-aio-log/19/ | No API changes from R5, per e-mail from Khemendra Kumar Info for ELIOT IOTGateway APIs: | https://nexus.akraino.org/content/sites/logs/huawei/job/Eliot-security-test/ |
lynis results: Accepted vuls results: Accepted kube-hunter results: Accepted | Approved | ||||
7 | NO | Incubation |
ELIOT R6 - SD-WAN / WAN Edge / uCPE Data Sheet | No API changes from R5, per e-mail from Khemendra Kumar | Approved | |||||||||||
8 | No | Mature | |||||||||||
9 | No | Incubation | |||||||||||
10 | No | Incubation | |||||||||||
11 |
| ||||||||||||
12 | No | incubation | https://nexus.akraino.org/content/sites/logs/baidu/job/ | Video Security Monitoring R6 Datasheet | No API changes expected from R5, per Liya Yu in TSC meeting |
https://nexus.akraino.org/content/sites/logs/baidu/job/. Waiting for e-mail from Liya to confirm this |
- Incubation
. Confirmed in e-mail sent by Liya |
| https://nexus.akraino.org/content/sites/logs/ |
baidu/job/ |
security_scan/aiedge/5/ |
- Mature
results/ | Approved based on R5 Release notes. | ||||
13 | No |
|
https://wiki.akraino.org/download/attachments/ |
28970342/ |
Intelligent%20Vehicle- |
Infrastructure%20Cooperation%20System%28I- |
VICS%29%20Datasheet.docx?version= |
2&modificationDate= |
1613872984000&api=v2 |
No API changes from R5, per e-mail from ZhuMing Zhang |
| https://nexus.akraino.org/content/sites/logs/ |
fate/job/ |
I-VICS/5/ | No new features or bugs have been added after R4 release | Yes, with recommendation. | |||||||||||
14 | No | Incubation | No API changes from R5, per e-mail from Eagan Fu | Approved based on previous release notes | |||||||||
15 | No | Mature |
No API changes expected from R5, per Leo Li in TSC meeting . Waiting for e-mail from Leo to confirm this
https://nexus.akraino.org/content/sites/logs/ |
ysemi/job/ |
v1/upload/iec-tox-verify-master_334/ | https://wiki.akraino.org/download/attachments/24084647/IEC%20Release3-IEC%20Type3-datasheet.docx?version=5&modificationDate=1591272863000&api=v2 | API form uploaded by Davy Zhang , scheduled for review at API subcommittee meeting Approved by API subcommittee at weekly meeting |
Info for EALTEdge APIs:
|
|
Revised API info form sent to Oleg per his requirements (see API Subcommittee meeting minutes for details)
Note - PCEI Blueprint R6 API documentation located here (as of ):
https://wiki.akraino.org/x/Qy0wAw
lynis results: Accepted vuls results: Accepted kube-hunter results: Accepted | Approved | ||||
16 | No | Incubation | https://nexus.akraino.org/content/sites/logs/ |
socnoc/job/ |
baseOS/ |
lynis results:
Performing test ID AUTH-9328 (Default umask values): FAILED
2022-04-13 01:07:38 Result: found umask 022, which could be improved
2022-04-13 01:07:38 Suggestion: Default umask in /etc/login.defs could be more strict like 027 [test:AUTH-9328] [details:-] [solution:-]
vuls results: Accepted
kube-hunter results:
CAP_NET_RAW Enabled
CAP_NET_RAW is used to open a raw socket and is used by ping. If this is not required CAP_NET_RAW MUST be removed.
https://www.suse.com/c/demystifying-containers-part-iv-container-security/
Approved per the upstream review
https://wiki.akraino.org/x/Ui0wAw
1/ | SOCNOC Release 6 One pag - Akraino - Akraino Confluence | No API changes expected from R5, per Leo Li in TSC meeting . Waiting for e-mail from Leo to confirm this Leo confirmed by mail | https://nexus.akraino.org/content/sites/logs/socnoc/job/security_scan/ | ||||||||||
17 | No | Incubation | https://nexus.akraino.org/content/sites/logs/huawei/job/Ealtedge-aio-log/15/ | EALTEDGE Release 6 Datasheet | No API changes from R5, per e-mail from Khemendra Kumar | https://nexus.akraino.org/content/sites/logs/huawei/job/Ealt-edge-security-test/26/results/ |
lynis results: Accepted vuls results: Accepted kube-hunter results: Accepted | Approved | |||||
18 | TSC 2022-05-12 |
(Thursday) 7:00 am Pacific | No |
Incubation | https://nexus.akraino.org/content/sites/logs/ |
cmti/job/ |
No API changes from R5, per e-mail from HaiHui Wang
pcei-daily/ | https:// |
wiki.akraino.org/ |
Incubation Level Review Results:
Vuls: Accepted with exceptions shown at:
Release 5 Vuls Exception Request
__________________________________________________________
Lynis: Accepted
x/SC0wAw | Revised API info form sent to Oleg per his requirements (see API Subcommittee meeting minutes for details) Note - PCEI Blueprint R6 API documentation located here (as of ): |
lynis results: Accepted vuls results: Accepted kube-hunter results: Accepted |
|
| ||||||
19 | No | Mature | https://nexus.akraino.org/content/sites/logs/fate/job/Fate_test/15/ | Akraino R6 Federated ML blueprint datasheet.docx | No API changes from R5, per e-mail from HaiHui Wang | Incubation Level Review Results:
Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request __________________________________________________________ Lynis: Accepted __________________________________________________________ Kube-Hunter: Exception granted: K8s not used by this BP. |
20 | No | Incubation | |||||||||||
21 |
lynis results:
Test: Checking PASS_MAX_DAYS option in /etc/login.defs: FAILED
2022-04-13 12:46:24 Result: password aging limits are not configured
2022-04-13 12:46:24 Suggestion: Configure maximum password age in /etc/login.defs [test:AUTH-9286] [details:-] [solution:-]
Performing test ID AUTH-9328 (Default umask values): FAILED
2022-04-13 12:46:24 Result: found umask 022, which could be improved
2022-04-13 12:46:24 Suggestion: Default umask in /etc/login.defs could be more strict like 027 [test:AUTH-9328] [details:-] [solution:-]
Performing test ID SSH-7440 (Check OpenSSH option: AllowUsers and AllowGroups): FAILED
2022-04-13 12:46:41 Result: AllowUsers is not set
2022-04-13 12:46:41 Result: AllowGroups is not set
2022-04-13 12:46:41 Result: SSH has no specific user or group limitation. Most likely all valid users can SSH to this machine.
Result: sysctl key fs.suid_dumpable: FAILED
Result: sysctl key kernel.dmesg_restrict: FAILED
Result: sysctl key net.ipv4.conf.default.accept_source_route: FAILED
Performing test ID HRDN-7220 (Check if one or more compilers are installed): FAILED
2022-04-13 12:46:51 Result: found installed compiler. See top of logfile which compilers have been found or use /bin/grep to filter on 'compiler'
2022-04-13 12:46:19 Found known binary: as (compiler) - /usr/bin/as
2022-04-13 12:46:19 Found known binary: cc (compiler) - /usr/bin/cc
2022-04-13 12:46:19 Found known binary: g++ (compiler) - /usr/bin/g++
2022-04-13 12:46:19 Found known binary: gcc (compiler) - /usr/bin/gcc
2022-04-13 12:46:26 Found package: device-tree-compiler (version: 1.4.5-3)
vuls results: Accepted
kube-hunter results: N/A (?)
22 | Yes | Incubation | |||||||||||
23 | No | Incubation | https://nexus.akraino.org/content/sites/logs/myais/job/smartcities/8 | No API changes expected from R5, per TSC meeting discussion . Waiting for e-mail from Jason or Jack to confirm this. Update - API form uploaded by Jason , scheduled for review at API subcommittee meeting Approved by API subcommittee at weekly meeting |
fix lynis issue, in pb use k3s, add kube-hunter |
test.
https://nexus.akraino.org/content/sites/logs/myais/validation/3 fix kube-hunter issue ,except CAP_NET_RAW.
|
lynis results: Accepted vuls results: Accepted kube-hunter results: Accepted | Approved |
|
| |||||||||
24 | TSC 2022-06-14 (Tuesday) 7:00 am Pacific | No | Incubation | Nexus repository where we push CD logs via a privately configured Jenkins | API info form uploaded by Asif, API subcommittee to review Approved by API subcommittee | Approved |
| ||||||
25 | No | Incubation | No API changes from R5, per e-mail from Muhammad Hamza | https://jenkins.akraino.org/view/iec/job/bluval-daily-master/ | Approved |
https://nexus.akraino.org/content/sites/logs/fujitsu/job/robot-family/sses-lynis/ https://nexus.akraino.org/content/sites/logs/fujitsu/job/robot-family/sses-lynis/ |
robot Lynis results: Accepted iotgateway Lynis results: Accepted robot vuls results: Accepted iotgateway vuls results: Accepted | Approved per the BP upstream review | 2022/04/13 | 2022/04/14 |