aboutsummaryrefslogtreecommitdiffstats
path: root/security/docker/testcases.yaml
diff options
context:
space:
mode:
Diffstat (limited to 'security/docker/testcases.yaml')
-rw-r--r--security/docker/testcases.yaml64
1 files changed, 60 insertions, 4 deletions
diff --git a/security/docker/testcases.yaml b/security/docker/testcases.yaml
index ed281f2..6b9d482 100644
--- a/security/docker/testcases.yaml
+++ b/security/docker/testcases.yaml
@@ -8,11 +8,67 @@ tiers:
Set of basic Functional security tests.
testcases:
-
- case_name: osji
- project_name: integration
+ case_name: root_pods
+ project_name: security
criteria: 100
blocking: false
description: >-
- run osji scan.
+ test if pods are run in root.
run:
- name: 'onap_osji'
+ name: 'root_pods'
+ -
+ case_name: unlimitted_pods
+ project_name: security
+ criteria: 100
+ blocking: false
+ description: >-
+ test if pods are run without limit.
+ run:
+ name: 'unlimitted_pods'
+ -
+ case_name: cis_kubernetes
+ project_name: security
+ criteria: 100
+ blocking: false
+ description: >-
+ test if kubernetes install is CIS compliant.
+ run:
+ name: 'cis_kubernetes'
+ -
+ case_name: http_public_endpoints
+ project_name: security
+ criteria: 100
+ blocking: false
+ description: >-
+ Check all ports exposed outside of kubernetes cluster
+ looking for plain http endpoint.
+ run:
+ name: 'http_public_endpoints'
+ -
+ case_name: nonssl_endpoints
+ project_name: security
+ criteria: 100
+ blocking: false
+ description: >-
+ Check that all ports exposed outside of kubernetes cluster
+ use SSL tunnels.
+ run:
+ name: 'nonssl_endpoints'
+ -
+ case_name: jdpw_ports
+ project_name: security
+ criteria: 100
+ blocking: false
+ description: >-
+ Check that no jdwp ports are exposed
+ run:
+ name: 'jdpw_ports'
+ -
+ case_name: kube_hunter
+ project_name: security
+ criteria: 100
+ blocking: false
+ description: >-
+ Check k8s CVE.
+ run:
+ name: 'kube_hunter'