Guilin
- Continue running all Frankfurt tests – HTTP, JDWP, root pods, etc
- Progress on the limit tests
- Enable test created by Fabian but descoped for Frankfurt
- Verify the versions of the upstream pods according to SECCOM recommendation (Database, Java, Python, Docker, Kubernetes, and Image Versions)
- Prepare a test to check that Java 11/ Python 3.8 are the default versions
- Morgan plans to build a python 3.8 with onap user/group
- Java11 test already running
- Test the validity date of the certificates
- Define reasonable goals for CIS testing (Docker and k8s)
- assuming current issues are due to the non-cloud native-ness of some components
- Proposed new tests from CIS Docker Benchmark to be added to Jenkins build
- Ensure that only trusted base images are used (section 4.2).
- Ensure that healthcheck instructions have been added to container images (section 4.6)
- Ensure that docker images in ONAP have removed setuid and setgid (section 4.8)
- Test that upstream docker containers such as mysql and Casandra run as non-root and do not expose external HTTP ports
- Must fix in the common databases
- Should fix in the project specific databases
{"serverDuration": 226, "requestCorrelationId": "c032aee0f50074db"}