Skip to end of metadata
Go to start of metadata


  • Continue running all Frankfurt tests – HTTP, JDWP, root pods, etc
  • Progress on the limit tests
    • Enable test created by Fabian but descoped for Frankfurt
  • Verify the versions of the upstream pods according to SECCOM recommendation (Database, Java, Python, Docker, Kubernetes, and Image Versions)
  • Prepare a test to check that Java 11/ Python 3.8 are the default versions
    • Morgan plans to build a python 3.8 with onap user/group
    • Java11 test already running
  • Test the validity date of the certificates
  • Define reasonable goals for CIS testing (Docker and k8s)
    • assuming current issues are due to the non-cloud native-ness of some components
    • Proposed new tests from CIS Docker Benchmark to be added to Jenkins build
      • Ensure that only trusted base images are used (section 4.2).
      • Ensure that healthcheck instructions have been added to container images (section 4.6)
      • Ensure that docker images in ONAP have removed setuid and setgid (section 4.8)
  • Test that upstream docker containers such as mysql and Casandra run as non-root and do not expose external HTTP ports
    • Must fix in the common databases
    • Should fix in the project specific databases
  • No labels