Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Current status (updated as of May 13th 2020):

Layer

Result

Comment

os/lynis

PASS

If libvirt or weave are installed, lynis will no longer pass. Virtlet KUD plugin requires libvirt, so if it is enabled during installation lynis will no longer pass.

os/vuls

FAIL: 153 vulnerabilities found

Total: 153 (High:33 Medium:93 Low:27 ?:0), 1/153 Fixed, 801 installed, 0 exploits, en: 2, ja: 0 alerts. Most, if not all, of the vulnerabilities seem to come from the validation containers, not the host OS itself.

k8s/conformance

PASS

KUD deployment without additional plugins lets sonobuoy pass (takes about 2h15min to run).

k8s/kubehunter

FAIL Inside-a-Pod Scanning: 5 vulnerabilities

Patched system:public-info-viewer to hide /version, otherwise Cluster Remote Scanning would fail too. Need to update KUD scripts to automatically patch system:public-info-viewer. All others kubehunter tests are a PASS.

Attachments:

kubehunter-icn-20200513.txt

vuls-icn-20200513.txt

notes-icn-20200513.txt

(do not preview, download file and then open it)

How to deploy Bluval for ICN in private Jenkins instance

This is coming soon.

These 2 patches need to get merged first: 

  • No labels