...
| No. | Project Name | TSC Subgroup Release Status | Is this your first release | Going for Maturity Review? | CD Logs URL to be used for review (Column filled in by PTLs) | Link to executive one pager (editable doc format) (Column filled in by PTLs) | API Info Reporting Review (Column filled in by API Subcommittee) (note for PTLs – go here for steps to fill in project API info form) | BluVal Certification | Security Certification Provide link to Vuls, Lynis, and Kube-Hunter logs below. Pass/Fail Criteria: Steps To Implement Security Scan Requirements Exception requests should be filed at: https://wiki.akraino.org/display/AK/Akraino+CVE+Vulnerability+Exception+Request | Upstream Review (Column filled by Upstream Subcommittee and PTLs) (note PTL can go to Release Upstream Compliance to find details) | Date ready for TSC review (Column filled in by PTLs) | TSC Review Date (Column filled in by TSC) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1 | scheduled at | N | Y | https://nexus.akraino.org/content/sites/logs/parserlabs/r4/jobs/cvb/ | Form uploaded Scheduled for API subcommittee review Waiting for re-uploaded API info form with PaaS API info Reviewed by API subcommittee, PaaS APIs are subset of TARS APIs Accepted |
Vuls: Accepted with exceptions shown at: Release 4 Vuls Exception Reques https://nexus.akraino.org/content/sites/logs/parserlabs/r4/jobs/cvb/
Lynis: Accepted with exceptions shown at: https://nexus.akraino.org/content/sites/logs/parserlabs/r4/jobs/cvb/lynis_updated_26.log Kube-Hunter: Exception granted: K8s not used by this BP. | Yes | 12/01 | ||||
| 2 | scheduled at | N | Y | https://nexus.akraino.org/content/sites/logs/parserlabs/r4/jobs/iec-type4/ | Form uploaded Scheduled for API subcommittee review Waiting for re-uploaded API info form with PaaS API info Reviewed by API subcommittee, PaaS APIs are subset of TARS APIs Accepted |
Vuls: Accepted with exceptions shown at: Release 4 Vuls Exception Request https://nexus.akraino.org/content/sites/logs/parserlabs/r4/jobs/iec-type4/
Lynis: Accepted with exceptions shown at: https://nexus.akraino.org/content/sites/logs/tencent/MR/iec-type4/ Kube-Hunter: Exception granted: K8s not used by this BP. | Yes | 12/01 | ||||
| 3 | Scheduled at Release 4 Review 2020-12-01 (Tues) 7 am Pacific | N | Mature | https://nexus.akraino.org/content/sites/logs/att/job/Install_REC_on_OpenEdge1/ | Form uploaded Reviewed by API subcommittee Accepted | https://nexus.akraino.org/content/sites/logs/att/job/Bluval_Logs/results-11-27-2020.tar | https://nexus.akraino.org/content/sites/logs/att/job/Bluval_Logs/results-2021-02-01/
Vuls: Accepted with exceptions shown at: Release 4 Vuls Exception Request
Lynis: Accepted with exceptions shown at: Kube-Hunter: Accepted with exceptions shown at: | Yes | 12/01 | |||
| 4 | Scheduled at | N | N | ICN Master Baremetal Deployment Verifier | Form uploaded Reviewed by API subcommittee Accepted | https://nexus.akraino.org/content/sites/logs/intel/bluval_results/icn/master/20201210-010310/. | https://nexus.akraino.org/content/sites/logs/intel/bluval_results/icn/master/20201210-010310/ ICN R4 Test Document#BluValTesting Vuls: Accepted with exceptions shown at: Lynis: Accepted with exceptions shown at: k8s/conformance:
Kube-Hunter: Accepted
| Yes | 12/10 | 12/16 | ||
| 5 | scheduled at | N | N | ELIOT R4 IOT-Gateway Datasheet | Form uploaded Reviewed by API subcommittee Accepted | vuls exceptions Akraino CVE Vulnerability Exception Request |
Vuls: Accepted with exceptions shown at: Lynis: Accepted with exceptions shown at: Kube-Hunter: Accepted with exceptions shown at: | Yes | 12/08 | |||
| 6 | scheduled at | N | N | https://nexus.akraino.org/content/sites/logs/huawei/blueprints/uCPE/job/eliot-uCPE-deploy-k8s-centos-virtual-daily-master/545/ | ELIOT R4 - SD-WAN / WAN Edge / uCPE Data Sheet | Form uploaded Reviewed by API subcommittee Accepted | vuls exceptions Akraino CVE Vulnerability Exception Request |
Vuls: Accepted with exceptions shown at: Lynis: Accepted with exceptions shown at: Kube-Hunter: Accepted with exceptions shown at: | Yes | 12/08 | ||
| 7 | Scheduled at Release 4 Review 2020-12-09 (Wed) 7:30am | N | Not Applicable | https://nexus.akraino.org/content/sites/logs/juniper/job/NC-Tungsten_Fabric/40/ https://nexus.akraino.org/content/sites/logs/juniper/validation-2021/ | Form uploaded Scheduled for API subcommittee review Reviewed by API subcommittee Accepted | Y | https://nexus.akraino.org/content/sites/logs/juniper/validation/ Updated results - https://nexus.akraino.org/content/sites/logs/juniper/validation-2021/
Vuls: Accepted with exceptions shown at:
Lynis: Accepted with exceptions shown at: Note there were exceptions granted for mandatory incubation items that must be fixed in the next incubation level release as well as other items that must be fixed for maturity.
Kube-Hunter: Accepted with exceptions shown at: | Yes | 12/09 | 12/09 | ||
| 8 | Scheduled at | N | N | AWS footprint: GCP footprint: | Form uploaded Reviewed by API subcommittee Accepted | https://nexus.akraino.org/content/sites/logs/redhat-kni/bluval_results_pae/ |
Vuls: Accepted with exception. The KNI Provider Access Edge blueprint uses OpenShift as its k8s distribution, which is deployed on Red Hat CoreOS, an immutable OS that is not supported by Vuls. https://nexus.akraino.org/content/sites/logs/redhat-kni/bluval_results_pae/os/vuls/log.html.gz Lynis:
https://nexus.akraino.org/content/sites/logs/redhat-kni/bluval_results_pae/os/lynis/ Accepted with exceptions shown at: Accepted with exceptions shown at: | Yes | 12/09 | 12/09 | ||
| 9 | Slides for KNI blueprints review: | Scheduled at | Y | N | Mgmt Hub logs: IE logs: | Form uploaded Reviewed by API subcommittee Accepted | https://nexus.akraino.org/content/sites/logs/redhat-kni/bluval_results_ie/ |
Vuls: Accepted with exception. The KNI Industrial Edge blueprint uses OpenShift as its k8s distribution, which is deployed on Red Hat CoreOS, an immutable OS that is not supported by Vuls. https://nexus.akraino.org/content/sites/logs/redhat-kni/bluval_results_ie/os/vuls/log.html.gz Lynis: https://nexus.akraino.org/content/sites/logs/redhat-kni/bluval_results_ie/os/lynis/ Accepted with exceptions shown at: Kube-Hunter: Accepted with exceptions shown at: | Yes | |||
| 10 | Y | N | https://nexus.akraino.org/content/sites/logs/micromec | Akraino R3 MicroMEC blueprint datasheet.docx | Form uploaded API committee review scheduled for Reviewed by API subcommittee Accepted | N/A | ||||||
| 11 | N | N | https://nexus.akraino.org/content/sites/logs/baidu/job/aiedge-otestack-master-deploy/ https://nexus.akraino.org/content/sites/logs/baidu/job/aiedge-otestack-master-validation/ | Hechun replied by e-mail 12Jan, API info form is in progress Form uploaded API committee review tentatively scheduled for Reviewed by API subcommittee Accepted | https://nexus.akraino.org/content/sites/logs/baidu/job/bluval/aiedge/results/ | https://nexus.akraino.org/content/sites/logs/baidu/job/security_scan/aiedge/2/results/
Vuls: Accepted with exceptions shown at: Lynis: The following items must be fixed for maturity approval, these tests and results can be found in the lynis.log file: Lynis: Accepted with exceptions shown at: Kube-Hunter: The following items must be fixed for maturity approval, these tests and results can be found in the cluster.log file:
The following items must be fixed for maturity approval, these tests and results can be found in the pod.log file:
Some Kubernetes remediation steps are shown on the following link in the kube-hunter section: Release 4 Kube-Hunter Exceptions Exception granted for CAP_NET_RAW issue. | Yes (Please also update the upstream version besides the repo name) | 06/02 | ||||
| 12 | Y | N | https://nexus.akraino.org/content/sites/logs/webank/job/xinhong/ | Form uploaded API subcommittee review scheduled for Reviewed by API Subcommittee Accepted | N/A | https://nexus.akraino.org/content/sites/logs/webank/job/xinhong/
Vuls: Accepted with exceptions shown at: Release 4 Vuls Exception Request Lynis: The following must be fixed for incubation:
Kube-Hunter: Exception granted: K8s not used by this BP. | Yes (Please update the upstream versions besides the repo name) | |||||
| 13 | Y | N | https://nexus.akraino.org/content/sites/logs/tencent/job/tencent_5g_mec/ | Form uploaded Reviewed by API subcommittee Accepted | N/A | https://nexus.akraino.org/content/sites/logs/tencent/bluval/results_upload
Vuls: Accepted with exceptions shown at: Release 4 Vuls Exception Request Lynis: Accepted with exceptions shown at: Kube-Hunter: Accepted with exceptions shown at: | Please update the release note with upstream information (R4 - Release Notes) | 06/03 | ||||
| 14 | N | N | https://nexus.akraino.org/content/sites/logs/arm-china/jenkins092/iec-type3-android-cloud-ubuntu1804-daily-master/job/nvdroid/17/ | IEC Release4-IEC Type3-datasheet.docx | Hanyu replied by e-mail that they have no APIs offered or consumed. API subcommittee replied they still need to fill out the API info reporting form with BP name and Comments field explaining current and future API status, and upload the form Form uploaded Reviewed by API Subcommittee Accepted | Bluval Exception has been accepted | Lynis: Accepted with exceptions shown at: Kube-Hunter: Exception granted: K8s not used by this BP. | Yes | 02/04 | |||
| 15 | Scheduled at | N | N | https://nexus.akraino.org/content/sites/logs/cmti/job/iec5_r4/15/ | Form uploaded Scheduled for API subcommittee review Reviewed by API subcommittee Accepted | Bluval Exception has been accepted for the project. | https://nexus.akraino.org/content/sites/logs/cmti/job/iec5_r4/ Vuls:Accepted with exceptions shown at: Release 4 Vuls Exception Request Lynis:Accepted with exceptions shown at: Kube-Hunter: Exception granted: K8s not used by this BP. | Yes | ||||
| 16 | scheduled at | N | N | Form uploaded Reviewed by API subcommittee Accepted | Vuls Exception Akraino CVE Vulnerability Exception Request | Akraino CVE Vulnerability Exception Request
Vuls: Accepted with exceptions shown at: Release 4 Vuls Exception Request Lynis: Accepted with exceptions shown at: Kube-Hunter: Accepted with exceptions shown at: updated results link - 09-dec | Yes | 12/10 | ||||
| 17 | Scheduled at TSC 2021-1-14 (Thurs) 7 am Pacific PCEI Time Slot 7:30-8:00 am Pacific | Y | https://nexus.akraino.org/content/sites/logs/cmti/job/pcei-daily/ | PCEI R4 Datasheet | Form uploaded 4Jan Scheduled for API subcommittee review For R4, third-party location API provided as an example in PCEI architecture diagrams. For R5 they expect PCEI APIs to be exported Reviewed by API subcommittee Accepted | https://nexus.akraino.org/content/sites/logs/pcei/job/v1/ New BluVal logs 2021-01-08: https://nexus.akraino.org/content/sites/logs/pcei/job/v2/results/
Updated BluVal logs with fixed sysctl key net.ipv4.conf.default.accept_source_route https://nexus.akraino.org/content/sites/logs/pcei/job/v3/
Updated BluVal logs with fixed Kube-Hunter Vulnerability KHV050, KHV002, KHV005 https://nexus.akraino.org/content/sites/logs/pcei/job/v4/ |
Vuls: Vuls: Accepted with exceptions shown at: Release 4 Vuls Exception Request vuls.log included in the new logs (V2) Lynis: Accepted with exceptions shown at: Kube-Hunter: Accepted with exceptions shown at: Release 4 Kube-Hunter Exceptions | Yes | 01/14/21 | |||
| 18 | Scheduled at | Y | N | https://nexus.akraino.org/content/sites/logs/webank/job/ | Federated ML application at edge R4 Datasheet | Form uploaded Reviewed by API subcommittee Accepted | N/A | https://nexus.akraino.org/content/sites/logs/webank/job/FL_SCAN/results/ https://nexus.akraino.org/content/sites/logs/webank/job/FL_SCAN/lynis_fixed/
Vuls: Accepted with exceptions shown at: Release 4 Vuls Exception Request
Lynis: Accepted with exceptions shown at: https://nexus.akraino.org/content/sites/logs/webank/job/FL_SCAN/lynis_fixed2/ Kube-Hunter: Exception granted: K8s not used by this BP. | Yes | 12/08 | ||
| 19 | Scheduled at Release 4 Review 2020-11-17 (Tue) 7 am Pacific | Y | N | https://nexus.akraino.org/content/sites/logs/futurewei/kubeedgees/ | KubeEdge Edge Service Blueprint Release 4 datasheet | Form uploaded Reviewed by API subcommittee Accepted | Yes https://nexus.akraino.org/content/sites/logs/futurewei/kubeedgees/58/results/ |
Vuls: Accepted with exceptions shown at: Release 4 Vuls Exception Request
Lynis: Accepted Kube-Hunter: Exception granted: KubeEdge node is not on same subnet as the cloud node. Communication occurs through the websocket endpoint, so kube-hunter can't be used. | Yes | 11/17 | ||
| 20 | Scheduled at | Y | N | https://nexus.akraino.org/content/sites/logs/juniper/job/Private%205G%20BP/ | Akraino Private LTE/5G BP Datasheet | Prem replied by e-mail 17Jan, API info form is in progress Form uploaded API committee review scheduled for Reviewed by API subcommittee Accepted | N/A | Private 5G/LTE is using Tungsten Fabric hosts and Kubernetes orchestration. Vuls: Accepted using Network Cloud and TF approval Lynis: Accepted using Network Cloud and TF approval Kube-Hunter: Accepted using Network Cloud and TF approval See: Network Cloud and TF (Tungsten Fabric) Integration Project | Yes | 02/24 | ||
| 21 | Scheduled at Release 4 Review 2020-12-09 | Y | N | https://nexus.akraino.org/content/sites/logs/ai_solutions/job/Eden-flir/ | Form uploaded Reviewed by API subcommittee , waiting for revised API info form to be uploaded 2nd revision of form uploaded by Vladimir Suvorov Final review by API subcommittee set for Reviewed by API subcommittee Accepted | Have an exception | Yes | 12/09 |
...