Current status (updated as of May 13th 2020):
...
Layer
...
Result
...
Comment
...
os/lynis
...
PASS
...
If libvirt or weave are installed, lynis will no longer pass. Virtlet KUD plugin requires libvirt, so if it is enabled during installation lynis will no longer pass.
...
os/vuls
...
FAIL: 153 vulnerabilities found
...
Total: 153 (High:33 Medium:93 Low:27 ?:0), 1/153 Fixed, 801 installed, 0 exploits, en: 2, ja: 0 alerts. Most, if not all, of the vulnerabilities seem to come from the validation containers, not the host OS itself. vuls-icn-20200513.txt; notes-icn-20200513.txt
...
k8s/conformance
...
PASS
...
KUD deployment without additional plugins lets sonobuoy pass (takes about 2h15min to run).
...
k8s/kubehunter
...
FAIL Inside-a-Pod Scanning: 5 vulnerabilities
...
Patched system:public-info-viewer to hide /version, otherwise Cluster Remote Scanning would fail too. Need to update KUD scripts to automatically patch system:public-info-viewer. All others kubehunter tests are a PASS. kubehunter-icn-20200513.txt
Attachments:
(do not preview, download file and then open it)
How to deploy Bluval for ICN in private Jenkins instance
This is coming soon.
These 2 patches need to get merged first:
...
This section will include occasional ICN Bluval reports and observations. Please check the subsections in the side bar.
Additionally, if you are looking to deploy ICN Bluval Jenkins, please jump over to Deploy ICN Bluval in private Jenkins.