...
| No. | Project Name | TSC Subgroup Release Status | Is this your first release | Blue Print Stage
| CD Logs URL to be used for review (Column filled in by PTLs) | Link to executive one pager (editable doc format) (Column filled in by PTLs) | API Info Reporting Review (Column filled in by API Subcommittee) (note for PTLs – go here for steps to fill in project API info form) | BluVal Certification | Security Certification Provide link to Vuls, Lynis, and Kube-Hunter logs below. Pass/Fail Criteria: Steps To Implement Security Scan Requirements Exception requests should be filed at: | Upstream Review (Column filled by Upstream Subcommittee and PTLs) (note PTL can go to Release 5 BP/Feature Upstream Status to find details) | Date ready for TSC review (Column filled in by PTLs) | TSC Review Date (Column filled in by TSC) | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1 | No | Mature | https://nexus.akraino.org/content/sites/logs/parserlabs/r4/jobs/cvb/ | CVB_Akraino_R5_blueprint_Datasheet.docx | Per e-mail from WANG Tao (Tucker Wang) 20Aug21, no changes from R4 | Completed by 8/24/2021 | |||||||
| 2 | No | Mature | https://nexus.akraino.org/content/sites/logs/parserlabs/r4/jobs/iec-type4/ | Per e-mail from Bart 7Sep21, no changes from R4 | |||||||||
| 3 | |||||||||||||
| 4 | No | Incubation | ICN R5 Datasheet | Per notice from Kural 5Aug21, no change from R4 | Filed Release 5: Akraino CVE Vulnerability Exception Request Incubation Level Review Results:
Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request ____________________________________________________________ Lynis: Accepted ____________________________________________________________ Kube-Hunter: Cluster: Accepted Pod: Accepted | Completed by 8/6/2021 | |||||||
| 5 | Yes | Incubation | https://nexus.akraino.org/content/sites/logs/intel/ICN_CD_logs/pod11-node5/icn-master-bm-verify-bm_verifer-kata/12/ | ICN-MTSCN R5 Datasheet | API form uploaded 24 May e-mail questions exchanged 20Jul21 Scheduled for review by API subcommittee API subcommittee review completed and info accepted | Filed Release 5: Akraino CVE Vulnerability Exception Request Incubation Level Review Results:
Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request ____________________________________________________________ Lynis: Accepted ____________________________________________________________ Kube-Hunter: Cluster: Accepted Pod: Accepted | Completed by 8/10/2021 | ||||||
| 6 | No | Incubation | https://nexus.akraino.org/content/sites/logs/huawei/job/eliot-build/18/home/jenkins/log/ | Per e-mail from Khemendra 26Aug21, no changes from R4 | https://nexus.akraino.org/content/sites/logs/huawei/job/eliot-security-validation-build/4/results/ | Incubation Level Review Results:
Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request ____________________________________________________________ Lynis: Accepted ____________________________________________________________ Kube-Hunter: Cluster: Accepted Pod: Accepted with exceptions shown at: | Completed 8/6/2021 | ||||||
| 7 | NO | Incubation | https://nexus.akraino.org/content/sites/logs/huawei/job/eliot-uCPE-build/15/home/jenkins/log/ | ELIOT R5 - SD-WAN / WAN Edge / uCPE Data Sheet | Per e-mail from Khemendra 26Aug21, no changes from R4 | https://nexus.akraino.org/content/sites/logs/huawei/job/eliot-uCPE-security-build/10/results/ | Incubation Level Review Results:
Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request ____________________________________________________________ Lynis: Accepted ____________________________________________________________ Kube-Hunter: Cluster: Accepted Pod: Accepted with exceptions shown at: | Completed on 8/6/2021 | |||||
| 8 | TSC 2021-08-12 (Thursday) 7:00 am Pacific | No | Incubation | https://nexus.akraino.org/content/sites/logs/juniper/validation-2021/ | Blueprint Data Sheet | Per e-mail from Sukhdev 5Aug21, no change from R4 | Not required as there is no change from Release 4 | Not required as there is no change from Release 4 | Completed by 8/10/2021 | 08/12/2021 | |||
| 9 | No | Incubation | https://jenkins.akraino.org/job/kni-blueprint-pae-verify-deploy-gcp/69/ | Per e-mail from Ricardo 10Aug21, he uploaded R5 API info forms for both KNI blueprints, with no substantive changes from R4. The API subcommittee has a review scheduled for of the new API info forms and will update this table afterwards On the API Subcommittee reviewed and accepted the updated KNI R5 API forms | https://nexus.akraino.org/content/sites/logs/redhat-kni/bluval_results/ Incubation Level Review Results: Vuls: Accepted with exception. The KNI Provider Access Edge blueprint uses OpenShift as its k8s distribution, which is deployed on Red Hat CoreOS, an immutable OS that is not supported by Vuls. __________________________________________________________ Lynis: Accepted ____________________________________________________________ Output manually generated, located at: Release 5 Security Scan Manual Logs Kube-Hunter: Cluster: Accepted Pod: Accepted with exceptions shown at: | Completed by 8/10/2021 | 9/16/2021 | ||||||
| 10 | No | Incubation | Management Hub: https://logs.akraino.org/production/vex-yul-akraino-jenkins-prod-1/kni-blueprint-management-hub-verify-deploy-gcp/19/ | See above note | https://nexus.akraino.org/content/sites/logs/redhat-kni/bluval_results/ Incubation Level Review Results: Vuls: Accepted with exception. The KNI Provider Access Edge blueprint uses OpenShift as its k8s distribution, which is deployed on Red Hat CoreOS, an immutable OS that is not supported by Vuls. __________________________________________________________ Lynis: Accepted ____________________________________________________________ Output manually generated, located at: Release 5 Security Scan Manual Logs Kube-Hunter: Cluster: Accepted Pod: Accepted with exceptions shown at: | Completed by 8/10/2021 | 9/16/2021 | ||||||
| 11 |
| ||||||||||||
| 12 | TSC 2021-09-21 (Tuesday) 7:00 am Pacific | No | incubation | https://nexus.akraino.org/content/sites/logs/baidu/job/aiedge/6/ | Per e-mail from Liya Yu 21Sep21, no changes from R4 | https://nexus.akraino.org/content/sites/logs/baidu/job/security_scan/aiedge/1 | Incubation Level Review Results:
Vuls: All vulnerabilities >9.0 must be fixed or verification provided that no patch currently exists. CVE-2017-18017 10.0 CVE-2018-15686 10.0 CVE-2019-14901 10.0 CVE-2017-15670 9.8 CVE-2017-15804 9.8 CVE-2018-1000007 9.8 CVE-2018-1000120 9.8 CVE-2018-11236 9.8 CVE-2018-1126 9.8 CVE-2018-12910 9.8 CVE-2018-15688 9.8 CVE-2018-16402 9.8 CVE-2018-18074 9.8 CVE-2018-18751 9.8 CVE-2018-20060 9.8 CVE-2018-6485 9.8 CVE-2019-10126 9.8 CVE-2019-10160 9.8 CVE-2019-14895 9.8 CVE-2019-16746 9.8 CVE-2019-17041 9.8 CVE-2019-17042 9.8 CVE-2019-17133 9.8 CVE-2019-5482 9.8 CVE-2019-9636 9.8 CVE-2016-7913 9.3 CVE-2017-15126 9.3 CVE-2017-16997 9.3 CVE-2017-9725 9.3 CVE-2018-10897 9.3 CVE-2019-12735 9.3 CVE-2018-1000122 9.1 CVE-2018-1000301 9.1 CVE-2019-9948 9.1 CVE-2016-10745 9.0 CVE-2018-19788 9.0 CVE-2019-14287 9.0 ____________________________________________________________ Lynis: Accepted ____________________________________________________________ Kube-Hunter: Pod: The following vulnerability must be corrected.
Cluster: Accepted | 9/20/2021 | 9/21/2021 | ||||
| 13 | No |
| https://nexus.akraino.org/content/sites/logs/fate/job/I-VICS/5/ | Intelligent Vehicle-Infrastructure Cooperation System(I-VICS) Datasheet | Per e-mail from Zhuming Zhang (Simmy Zhang) 30Aug21, no changes from R4 | https://nexus.akraino.org/content/sites/logs/fate/job/I-VICS/5/ | No new features or bugs have been added after R4 release | Missing Upstream information | |||||
| 14 | No | Incubation | https://nexus.akraino.org/content/sites/logs/tencent/job/tencent_5g_mec/ | Per e-mail from Eagan Fu 15Aug21, no change from R4 | Completed by 8/24/2021 | ||||||||
| 15 | No | Incubation | As of , waiting for API info form to be uploaded to API Subcommittee review page (Blueprint Projects R4 and R5 API Reporting Requirements) API info form uploaded by Rajeev API info form reviewed , no APIs offered or consumed, as Blueprint constructs and provides an Android cloud run-time environment for user applications Note - would like to further understand this when the BP comes up for review and voting approval during TSC call | ||||||||||
| 16 | No | Incubation | https://nexus.akraino.org/content/sites/logs/cmti/job/iec5_r4/15/ | Per e-mail from Leo Li (Socnoc AI Inc) 11Aug21, no change from R4 | Bluval Exception has been accepted for the project. | R5 Release Notes of IEC Type 5: SmartNIC for Integrated Edge Cloud (IEC) Blueprint Family Completed by 8/30/2021 | |||||||
| 17 | No | Incubation | https://nexus.akraino.org/content/sites/logs/huawei/job/ealt-edge-build/51/home/jenkins/log/ | EALTEDGE Release 5 Datasheet | Per e-mail from Khemendra 20Aug21 (with Gaurav cc'd), no changes from R4 | https://nexus.akraino.org/content/sites/logs/huawei/job/ealt-security-validation-build/19/results/ | Incubation Level Review Results:
Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request ____________________________________________________________ Lynis: Accepted ____________________________________________________________ Kube-Hunter: Cluster: Accepted Pod: Accepted with exceptions shown at: | R5 - Architecture Documentation of Enterprise Applications on Lightweight 5G Telco Edge Completed by 8/10/2021 | |||||
| 18 | TSC 2021-08-10 (Tuesday) 7:00 am Pacific | No | https://nexus.akraino.org/content/sites/logs/cmti/job/pcei-daily/ | https://wiki.akraino.org/x/lwHkAg | Per API Subcommittee meeting 30Jul21, no change from R4 | https://nexus.akraino.org/content/sites/logs/pcei/job/r5/v1/
https://nexus.akraino.org/content/sites/logs/pcei/job/r5/v2/ Fixed: fs.suid_dumpable net.ipv4.conf.default.accept_source_route | Incubation Level Review Results:
Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request ____________________________________________________________ Lynis: Accepted with exceptions shown at: Release 5 Blueprint Scanning Status ____________________________________________________________ Kube-Hunter: Cluster: Accepted Pod: Accepted with exceptions shown at: | PCEI R5 Release Notes https://wiki.akraino.org/x/LgLkAg Completed by 8/6/2021 |
| ||||
| 19 | No |
| https://nexus.akraino.org/content/sites/logs/fate/job/Fate_test/15/ | Akraino R5 Federated ML blueprint datasheet.docx | Per e-mail from Zifan 8Aug21, no change from R4 |
https://nexus.akraino.org/content/sites/logs/fate/fml/5/ Fixed 3 issues. | Incubation Level Review Results:
Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request __________________________________________________________ Lynis: Accepted __________________________________________________________ Kube-Hunter: Exception granted: K8s not used by this BP. | federated ML Release Notes R5 Federated ML application at edge Release Notes Completed by 8/30/2021 | |||||
| 20 | @Alexande | ||||||||||||
| 21 | TSC 2021-08-03 (Tuesday) 7:00 am Pacific | No | Incubation | https://nexus.akraino.org/content/sites/logs/juniper/job/Private%205G%20BP/ | Akraino Private LTE/5G BP Datasheet | Per e-mail from Prem 27Aug21, no change from R4 | Completed by 8/10/2021 | ||||||
| 22 | |||||||||||||
| 23 | Yes | Incubation | https://nexus.akraino.org/content/sites/logs/myais/job/parsec/10/ | API info form uploadedto API Subcommittee review page (Blueprint Projects R4 and R5 API Reporting Requirements). Approved based on informal review | Smart Cities R5 Security Certification Incubation Level Review Results:
Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request __________________________________________________________ Lynis: Accepted __________________________________________________________ Kube-Hunter: Exception granted: K8s not used by this BP for R5. However, in R6 it is planning to use K3s. | Completed by 9/30/2021 R5 Smart Cities BP release notes: Smart Cities R5 Release Notes | 9/20/2021 | 9/21/2021 | |||||
| 24 | TSC 2021-09-21 (Tuesday) 7:00 am Pacific | Yes | Incubation | https://nexus.akraino.org/content/sites/logs/jejunu-pred-vanet-mec/job/push-logs/ | API info form uploaded by Asif , scheduled for review by API Subcommittee Reviewed completed and info accepted | 9/20/2021 | 9/21/2021 | ||||||
| 25 | TSC 2021-09-16 (Thursday) 7:00 am Pacific | No | Incubation | https://nexus.akraino.org/content/sites/logs/arm-china/jenkins092/iec-type2-terraform/cdlogs/ | Ashvin Kumar uploaded API info form. API subcommittee review scheduled for (Note - the form was originally uploaded 27Aug21 but had a file corruption issue) Review completed and info accepted As of , waiting for API info form to be uploaded to API Subcommittee review page (Blueprint Projects R4 and R5 API Reporting Requirements) | Incubation Level Review Results: Vuls: Accepted with exceptions shown at: Release 5 Vuls Exception Request __________________________________________________________
Lynis: Need to fix the following vulnerabilities:
_____________________________________________________ Kube-Hunter: Cluster: Accepted with exceptions shown at: Release 5 Blueprint Scanning Status This issues must be resolved prior to maturity. Pod: Could the same comparison between k3s and microk8s be provided for the kube-hunter pod.log as was provided for the cluster.log? The following vulnerabilities must be fixed:
| Missing Upstream information in IEC Type 2 Release Notes for R5 | ||||||
| 26 | No | ||||||||||||
| 27 | TSC 2021-10-14 (Thursday) 7:00 am Pacific | Yes | Incubation | R5 Datasheet | Per e-mail , Deepak is in process of uploading API info form As of , Deepak sent API info form, and expects to upload to the API subcommittee page. The form shows Karmada APIs (enabled by CRD method) offered inside Kubernetes environment, but no 3rd party APIs offered or consumed. Deepak uploaded API info form , API subcommittee review scheduled for API info reviewed and approved by API subcommittee . The subcommittee e-mailed Deepak asking to attend 29Oct (Fri) meeting and give more explanation about ETSI MEC interfaces in their Blueprint | N/A | Incubation Level Review Results:
Vuls: All vulnerabilities >9.0 must be fixed or verification provided that no patch currently exists. CVE-2019-25032 CVE-2019-25034 CVE-2019-25035 CVE-2019-25036 CVE-2019-25038 CVE-2019-25039 CVE-2019-25042 CVE-2019-9169 CVE-2020-27619 CVE-2021-27219 CVE-2021-3177 CVE-2021-3520 CVE-2020-12403 CVE-2020-36242 _____________________________________________________ Lynis: Need to fix the following vulnerabilities:
_____________________________________________________ Kube-Hunter: Cluster: Please provide cluster.log file Pod: Please provide pod.log file | 10/14/2021 |
...