Guilin

• Continue running all Frankfurt tests – HTTP, JDWP, root pods, etc
• Progress on the limit tests
  • Enable test created by Fabian but descoped for Frankfurt
• Verify the versions of the upstream pods according to SECCOM recommendation (Database, Java, Python, Docker, Kubernetes, and Image Versions)
• Prepare a test to check that Java 11/ Python 3.8 are the default versions
  • Morgan plans to build a python 3.8 with onap user/group
  • Java11 test already running
• Test the validity date of the certificates
• Define reasonable goals for CIS testing (Docker and k8s)
  • assuming current issues are due to the non-cloud native-ness of some components
  • Proposed new tests from CIS Docker Benchmark to be added to Jenkins build
    • Ensure that only trusted base images are used (section 4.2).
    • Ensure that healthcheck instructions have been added to container images (section 4.6)
    • Ensure that docker images in ONAP have removed setuid and setgid (section 4.8)
• Test that upstream docker containers such as mysql and Casandra run as non-root and do not expose external HTTP ports
  • Must fix in the common databases
  • Should fix in the project specific databases