Skip to end of metadata
Go to start of metadata
Approved Blueprints
| Project Name | Vuls Scan | Lynis Scan | Kube-Hunter Scan |
---|
1 | ELIOT SD-WAN/WAN Edge/uCPE Blueprint |
|
| The following exceptions must be fixed prior to maturity review: - CAP_NET_RAW Enabled - CAP_NET_RAW is enabled by default for pods. If an attacker manages to compromise a pod, they could potentially take advantage of this capability to perform network attacks on other pods running on the same node.
|
2 | Enterprise Applications on Lightweight 5G Telco Edge |
|
| The following exceptions must be fixed prior to maturity review: - CAP_NET_RAW Enabled - CAP_NET_RAW is enabled by default for pods. If an attacker manages to compromise a pod, they could potentially take advantage of this capability to perform network attacks on other pods running on the same node.
|
3 | Public Cloud Edge Interface (PCEI) Blueprint |
| The following exceptions must be fixed prior to maturity review: - test ID AUTH-9328 (Default umask values)
Reason: <Oleg Berzin> Cannot fix AUTH-9328 because changing unmask value to 027 caused lynis test suite to fail (does not run) | The following exceptions must be fixed prior to maturity review: - CAP_NET_RAW Enabled - CAP_NET_RAW is enabled by default for pods. If an attacker manages to compromise a pod, they could potentially take advantage of this capability to perform network attacks on other pods running on the same node.
|
4 | The AI Edge: Federated ML application at edge | Release 5: Akraino CVE Vulnerability Exception Request |
|
|
5 | KNI Provider Access Edge |
|
| The following exceptions must be fixed prior to maturity review: - CAP_NET_RAW Enabled - CAP_NET_RAW is enabled by default for pods. If an attacker manages to compromise a pod, they could potentially take advantage of this capability to perform network attacks on other pods running on the same node.
|
6 | KNI Industrial Edge |
|
| The following exceptions must be fixed prior to maturity review: - CAP_NET_RAW Enabled - CAP_NET_RAW is enabled by default for pods. If an attacker manages to compromise a pod, they could potentially take advantage of this capability to perform network attacks on other pods running on the same node.
|
7 |
|
|
|
|
8 |
|
|
|
|
9 |
|
|
|
|
10 |
|
|
|
|
11 |
|
|
|
|
12 |
|
|
|
|
13 |
|
|
|
|
14 |
|
|
|
|
15 |
|
|
|
|
16 |
|
|
|
|
17 |
|
|
|
|
18 |
|
|
|
|
19 |
|
|
|
|
20 |
|
|
|
|
21 |
|
|
|
|
22 |
|
|
|
|
23 |
|
|
|
|
24 |
|
|
|
|
25 |
|
|
|
|
26 |
|
|
|
|
27 |
|
|
|
|
28 |
|
|
|
|
29 |
|
|
|
|
30 |
|
|
|
|
31 |
|
|
|
|
32 |
|
|
|
|