You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

Approved Blueprints


Project Name

Vuls Scan

  • Pass/Fail
  • Exceptions

Lynis Scan

  • Pass/Fail
  • Exceptions

Kube-Hunter Scan

  • Pass/Fail
  • Exceptions
1

5G MEC/Slice System to Support Cloud Gaming, HD Video and Live Broadcasting Blueprint




2

AI/ML and AR/VR applications at Edge




3Connected Vehicle Blueprint


4Edge Video Processing


5ELIOT: Edge Lightweight and IoT Blueprint Family


6


7
  1. Performing test ID BOOT-5122 (Check for GRUB boot password)  ## After setting up grub boot password --> Cloud Vms won’t boot properly. Lead to unstable VMs
  2. Performing test ID AUTH-9229 (Check password hashing methods) ## Not possible, will impact SHA_MIN_CRYPT_ROUNDS test.  Currently using maximum security hashing method SHA512
  3. Performing test ID USB-2000 (Check USB authorizations)  ## N/A:  Using cloud VMs, no baremetal involved.
  4. Performing test ID USB-3000 (Check for presence of USBGuard)  ## N/A:  Using cloud VMs, no baremetal involved.
  5. Test: Checking MaxSessions  ## Max session set to 4, this is the bare minimum level that can be used.
  6. Test: Checking Port  ## Can't change during testing, BluVal requires SSH to be tcp/22.  This port should be changed after testing, but prior to production.

The following exceptions must be fixed prior to maturity review:

  1. sysctl key kernel.core_uses_pid contains equal expected and current value (1)
  2. sysctl key kernel.kptr_restrict has a different value than expected in scan profile. Expected=2, Real=0
  3. sysctl key kernel.sysrq has a different value than expected in scan profile. Expected=0, Real=16
  4. sysctl key net.ipv4.conf.all.log_martians contains equal expected and current value (1)
  5. sysctl key net.ipv4.conf.all.send_redirects contains equal expected and current value (0)
  6. sysctl key net.ipv4.conf.default.accept_redirects contains equal expected and current value (0)
  7. sysctl key net.ipv4.conf.default.log_martians contains equal expected and current value (1)
  8. sysctl key net.ipv6.conf.all.accept_redirects has a different value than expected in scan profile. Expected=0, Real=1
  9. sysctl key net.ipv6.conf.default.accept_redirects has a different value than expected in scan profile. Expected=0, Real=1

The following exceptions must be fixed prior to maturity review:

  1. CAP_NET_RAW Enabled - CAP_NET_RAW is enabled by default for pods.  If an attacker manages to compromise a pod, they could potentially take advantage of this capability to perform network attacks on other pods running on the same node.
8
  1. Performing test ID AUTH-9229 (Check password hashing methods) ## Not possible, will impact SHA_MIN_CRYPT_ROUNDS test.  Currently using maximum security hashing method SHA512
  2. Performing test ID USB-2000 (Check USB authorizations)  ## N/A:  Using cloud VMs, no baremetal involved.
  3. Performing test ID USB-3000 (Check for presence of USBGuard)  ## N/A:  Using cloud VMs, no baremetal involved.
  4. Test: Checking MaxSessions  ## Max session set to 4, this is the bare minimum level that can be used.
  5. Test: Checking Port  ## Can't change during testing, BluVal requires SSH to be tcp/22.  This port should be changed after testing, but prior to production.

The following exceptions must be fixed prior to maturity review:

  1. sysctl key kernel.kptr_restrict has a different value than expected in scan profile. Expected=2, Real=0
  2. sysctl key kernel.sysrq has a different value than expected in scan profile. Expected=0, Real=16
  3. sysctl key kernel.yama.ptrace_scope has a different value than expected in scan profile. Expected=1 2 3, Real=0
  4. sysctl key net.ipv4.conf.all.log_martians contains equal expected and current value (1)
  5. sysctl key net.ipv4.conf.all.send_redirects contains equal expected and current value (0)
  6. sysctl key net.ipv4.conf.default.accept_redirects contains equal expected and current value (0)
  7. sysctl key net.ipv4.conf.default.log_martians contains equal expected and current value (1)
  8. sysctl key net.ipv6.conf.all.accept_redirects has a different value than expected in scan profile. Expected=0, Real=1
  9. sysctl key net.ipv6.conf.default.accept_redirects has a different value than expected in scan profile. Expected=0, Real=1

The following exceptions must be fixed prior to maturity review:

  1. CAP_NET_RAW Enabled - CAP_NET_RAW is enabled by default for pods.  If an attacker manages to compromise a pod, they could potentially take advantage of this capability to perform network attacks on other pods running on the same node.
9Network Cloud and TF Integration Project


10Integrated Cloud Native NFV/App stack family (Short term: ICN)


11Integrated Edge Cloud (IEC) Blueprint Family


12


13


14


15


16


17Kubernetes-Native Infrastructure (KNI) Blueprint Family


18

Micro-MEC




19The AI Edge: School/Education Video Security Monitoring


20Network Cloud Blueprint Family


21StarlingX Far Edge Distributed Cloud


22Telco Appliance Blueprint Family


23


24


25The AI Edge Blueprint Family


26

Time-Critical Edge Compute




27Public Cloud Edge Interface


28Enterprise Applications on Lightweight 5G Telco Edge


29



30



Approved Feature Projects

If the program uses only one programming language, in the “Repository” column, just fill in the repo location.

If a project uses multiple programming languages, please list all of them, add a link in "Repository" column for each programming language to show the sample code.  


Project NameProgramming Languages RepositorySonarQube EnabledNotes
1

Akraino Blueprint Validation Framework





2

Akraino Portal Feature Project





4Akraino Profiling



5Akraino Regional Controller



6

API Gateway





7Backup and Restore (Snappy) Feature Project



8Cluster Health & Overload Monitoring Platform (CHOMP) Feature Project



9MEC API Framework



10Support of OVS-DPDK in Airship



  • No labels