Approved Blueprints
| Project Name | Vuls Scan | Lynis Scan | Kube-Hunter Scan |
|---|
| 1 | ELIOT SD-WAN/WAN Edge/uCPE Blueprint |
|
| The following exceptions must be fixed prior to maturity review: - CAP_NET_RAW Enabled - CAP_NET_RAW is enabled by default for pods. If an attacker manages to compromise a pod, they could potentially take advantage of this capability to perform network attacks on other pods running on the same node.
|
| 2 | Enterprise Applications on Lightweight 5G Telco Edge |
|
| The following exceptions must be fixed prior to maturity review: - CAP_NET_RAW Enabled - CAP_NET_RAW is enabled by default for pods. If an attacker manages to compromise a pod, they could potentially take advantage of this capability to perform network attacks on other pods running on the same node.
|
| 3 | Public Cloud Edge Interface (PCEI) Blueprint |
| The following exceptions must be fixed prior to maturity review: - test ID AUTH-9328 (Default umask values)
Reason: <Oleg Berzin> Cannot fix AUTH-9328 because changing unmask value to 027 caused lynis test suite to fail (does not run) | The following exceptions must be fixed prior to maturity review: - CAP_NET_RAW Enabled - CAP_NET_RAW is enabled by default for pods. If an attacker manages to compromise a pod, they could potentially take advantage of this capability to perform network attacks on other pods running on the same node.
|
| 4 | The AI Edge: Federated ML application at edge | Release 5: Akraino CVE Vulnerability Exception Request |
|
|
| 5 | KNI Provider Access Edge |
|
| The following exceptions must be fixed prior to maturity review: - CAP_NET_RAW Enabled - CAP_NET_RAW is enabled by default for pods. If an attacker manages to compromise a pod, they could potentially take advantage of this capability to perform network attacks on other pods running on the same node.
|
| 6 | KNI Industrial Edge |
|
| The following exceptions must be fixed prior to maturity review: - CAP_NET_RAW Enabled - CAP_NET_RAW is enabled by default for pods. If an attacker manages to compromise a pod, they could potentially take advantage of this capability to perform network attacks on other pods running on the same node.
|
| 7 |
|
|
|
|
| 8 |
|
|
|
|
| 9 |
|
|
|
|
| 10 |
|
|
|
|
| 11 |
|
|
|
|
| 12 |
|
|
|
|
| 13 |
|
|
|
|
| 14 |
|
|
|
|
| 15 |
|
|
|
|
| 16 |
|
|
|
|
| 17 |
|
|
|
|
| 18 |
|
|
|
|
| 19 |
|
|
|
|
| 20 |
|
|
|
|
| 21 |
|
|
|
|
| 22 |
|
|
|
|
| 23 |
|
|
|
|
| 24 |
|
|
|
|
| 25 |
|
|
|
|
| 26 |
|
|
|
|
| 27 |
|
|
|
|
| 28 |
|
|
|
|
| 29 |
|
|
|
|
| 30 |
|
|
|
|
| 31 |
|
|
|
|
| 32 |
|
|
|
|