Release 3 Blueprint Scanning Status (Pre-Approval)
- Integrated Cloud Native (ICN) NFV/App stack family [Kuralamudhan Ramakrishnan, Igor Duarte Cardoso]
- Vuls: High:30 Medium:96 Low:27
- Lynis: https://logs.akraino.org/intel/bluval_results/icn/master/20200529-023728/results/os/lynis/lynis.log
- Kube-Hunter: Only 1 vulnerability found, in "Inside-a-Pod Scanning": CAP_NET_RAW
- Radio Edge Cloud (REC)
- Vuls: High:44 Medium:137 Low:47
- Lynis: https://wiki.akraino.org/download/attachments/18481239/lynis.log?version=1&modificationDate=1590586718000&api=v2
- Kube-Hunter:
- KHV005 Access to API using service account token
- KHV002 Kubernetes Version Disclosure
- KHV050 Read access to pod's service account token
- Local to Pod CAP_NET_RAW Enabled
- Local to Pod Access to pod's secrets
- Connected Vehicle Blueprint [Thor Chin]
- This blueprint did not have output information from vuls, lynis or kube-hunter. I have sent an email to Thor Chin and Tapio Tallgren. This appears to be an issue with BluVal not executing the scans correctly.
- Vuls:
- Lynis:
- Kube-Hunter:
- ELIOT Iot Gateway Blueprint [Khemendra Kumar]
- Vuls: High:104 Medium:352 Low:74 https://nexus.akraino.org/content/sites/logs/huawei/blueprints/iotgateway/job/eliot-iotgateway-deploy-k8s-virtual-daily-master/430/results/os/vuls/
- Lynis: https://nexus.akraino.org/content/sites/logs/huawei/blueprints/iotgateway/job/eliot-iotgateway-deploy-k8s-virtual-daily-master/430/results/os/lynis/
- Kube-Hunter: https://nexus.akraino.org/content/sites/logs/huawei/blueprints/iotgateway/job/eliot-iotgateway-deploy-k8s-virtual-daily-master/430/results/k8s/kube-hunter/Kube-Hunter.Kube-Hunter/
- ELIOT SD-WAN/WAN Edge/uCPE Blueprint [Khemendra Kumar]
- Vuls: High:87 Medium:168 Low:62 https://nexus.akraino.org/content/sites/logs/huawei/blueprints/uCPE/job/eliot-uCPE-deploy-k8s-centos-virtual-daily-master/378/results/os/vuls/
- Lynis: https://nexus.akraino.org/content/sites/logs/huawei/blueprints/uCPE/job/eliot-uCPE-deploy-k8s-centos-virtual-daily-master/378/results/os/lynis/
- Kube-Hunter: https://nexus.akraino.org/content/sites/logs/huawei/blueprints/uCPE/job/eliot-uCPE-deploy-k8s-centos-virtual-daily-master/378/results/k8s/kube-hunter/Kube-Hunter.Kube-Hunter/
- KNI Provider Access Edge [Yolanda Robla Mota]
- Running on OKD vs Kubernetes https://wiki.akraino.org/display/AK/KNI+PAE+Architecture+document
- Conformance tests used: https://wiki.akraino.org/display/AK/KNI+PAE+Test+document
- Vuls:
- Lynis:
- Kube-Hunter:
- Micro-MEC
- Scan output files are not currently available at https://wiki.akraino.org/display/AK/Release+3+Planning. I have emailed the PTL, Tapio Tallgren to see if he can provide them.
- Vuls:
- Lynis:
- Kube-Hunter:
- School/Education Video Security Monitoring [Hechun Zhang and Liya Yu]
- This blueprint did not have output information from vuls, lynis or kube-hunter.
- This is the first release for the School/Education Video Security Monitoring blueprint, BluVal is not required.
- I have sent an email to Hechun Zhang and Liya Yu.
- Vuls:
- Lynis:
- Kube-Hunter:
- 5G MEC/Slice System to Support Cloud Gaming, HD Video and Live Broadcasting Blueprint [Feng Yang]
- All scan logs: https://nexus.akraino.org/content/sites/logs/tencent/job/5g-mec-cloud-gaming-CD/security_scan/2/
- Vuls:
- Lynis:
- Kube-Hunter:
- Enterprise Applications on Lightweight 5G Telco Edge [Gaurav Agrawal]
- Vuls: https://nexus.akraino.org/content/sites/logs/huawei/blueprints/ealt-edge/job/ealt-edge-bluval-daily-master/22/results/os/vuls/
- Lynis: https://nexus.akraino.org/content/sites/logs/huawei/blueprints/ealt-edge/job/ealt-edge-bluval-daily-master/22/results/os/lynis/
- Kube-Hunter: https://nexus.akraino.org/content/sites/logs/huawei/blueprints/ealt-edge/job/ealt-edge-bluval-daily-master/22/results/k8s/kube-hunter/
- Public Cloud Edge Interface (PCEI) Blueprint [Oleg Berzin]
- This blueprint did not have output information from vuls, lynis or kube-hunter.
- This is the first release for the PCEI blueprint, BluVal is not required.
- I have sent an email to Oleg Berzin.
- Vuls:
- Lynis:
- Kube-Hunter:
Approved Blueprints
| Project Name | Vuls Scan
| Lynis Scan
| Kube-Hunter Scan
| |
|---|---|---|---|---|
| 1 | 5G MEC/Slice System to Support Cloud Gaming, HD Video and Live Broadcasting Blueprint |
|
|
|
| 2 | ||||
| 3 | Connected Vehicle Blueprint | |||
| 4 | Edge Video Processing | |||
| 5 | ELIOT: Edge Lightweight and IoT Blueprint Family | |||
| 6 | ||||
| 7 | High:104 Medium:352 Low:74 https://nexus.akraino.org/content/sites/logs/huawei/blueprints/iotgateway/job/eliot-iotgateway-deploy-k8s-virtual-daily-master/430/results/os/vuls/ | https://nexus.akraino.org/content/sites/logs/huawei/blueprints/iotgateway/job/eliot-iotgateway-deploy-k8s-virtual-daily-master/430/results/os/lynis/ | ||
| 8 | High:87 Medium:168 Low:62 | |||
| 9 | Network Cloud and TF Integration Project | High:84 Medium:281 Low:59 https://nexus.akraino.org/content/sites/logs/juniper/validation/os/vuls/ | https://nexus.akraino.org/content/sites/logs/juniper/validation/os/lynis/ | |
| 10 | Integrated Cloud Native NFV/App stack family (Short term: ICN) |
|
|
|
| 11 | Integrated Edge Cloud (IEC) Blueprint Family | |||
| 12 | ||||
| 13 | ||||
| 14 | ||||
| 15 | Kubernetes-Native Infrastructure (KNI) Blueprint Family | We have RHCOS on our cluster, so vuls doesn't apply to it | lynis.log | Fail. We request for exception as we are running OpenShift and not upstream Kubernetes, so we hit several failures: cluster.log , pod.log https://logs.akraino.org/redhat-kni/bluval_results/blueprint-pae/20200423-071856/results/k8s/kube-hunter/Kube-Hunter.Kube-Hunter/cluster.log , https://logs.akraino.org/redhat-kni/bluval_results/blueprint-pae/20200423-071856/results/k8s/kube-hunter/Kube-Hunter.Kube-Hunter |
| 16 | ||||
| 17 | The AI Edge: School/Education Video Security Monitoring | https://nexus.akraino.org/content/sites/logs/baidu/job/security_scan/aiedge/1/vuls/ | https://nexus.akraino.org/content/sites/logs/baidu/job/security_scan/aiedge/1/lynis/ | https://nexus.akraino.org/content/sites/logs/baidu/job/security_scan/aiedge/1/kube-hunter/ |
| 18 | Network Cloud Blueprint Family | |||
| 19 | StarlingX Far Edge Distributed Cloud | |||
| 20 | Telco Appliance Blueprint Family | |||
| 21 | Fail with Exceptions 0 CVEs are detected with OVA | Pass with Exceptions Tests performed: 287 | Pass with Exceptions All Critical Tests Passed KHV005 Access to API using service account token | |
| 22 | ||||
| 23 | The AI Edge Blueprint Family | |||
| 24 | ||||
| 25 | Public Cloud Edge Interface | Pass with exceptions High:41 Medium:239 Low:32 | Pass with exceptions Hardening index : 62 [############ ] https://nexus.akraino.org/content/sites/logs/cmti/job/lynis/ | No k8s cluster as part of deployment at the moment |
| 26 | Enterprise Applications on Lightweight 5G Telco Edge | High:84 Medium:294 Low:53 | Hardening index : [57] [########### ] | cluster.log KHV002 Information Disclosure pod.log |
| 27 | ||||
| 28 |
Approved Feature Projects
If the program uses only one programming language, in the “Repository” column, just fill in the repo location.
If a project uses multiple programming languages, please list all of them, add a link in "Repository" column for each programming language to show the sample code.
| Project Name | Programming Languages | Repository | SonarQube Enabled | Notes | |
|---|---|---|---|---|---|
| 1 | |||||
| 2 | |||||
| 4 | Akraino Profiling | ||||
| 5 | Akraino Regional Controller | ||||
| 6 | |||||
| 7 | Backup and Restore (Snappy) Feature Project | ||||
| 8 | Cluster Health & Overload Monitoring Platform (CHOMP) Feature Project | ||||
| 9 | MEC API Framework | ||||
| 10 | Support of OVS-DPDK in Airship |