diff options
author | mrichomme <morgan.richomme@orange.com> | 2020-11-14 22:36:57 +0100 |
---|---|---|
committer | mrichomme <morgan.richomme@orange.com> | 2020-11-16 16:31:18 +0100 |
commit | 9643b0c11bdafd26ea0ac5127325aa8cb09f0c03 (patch) | |
tree | faf59c0307daa092c754508de93ad2d325826003 /docs/files/csv/tests-security.csv | |
parent | 6db5edce534c882fa0b2a28778fa4bc4be31b8f6 (diff) |
Refactor Integration official documentation
Issue-ID: INT-1736
Signed-off-by: mrichomme <morgan.richomme@orange.com>
Change-Id: Ia7b6425358eb9b07e293881dabd5345697af1c39
Diffstat (limited to 'docs/files/csv/tests-security.csv')
-rw-r--r-- | docs/files/csv/tests-security.csv | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/docs/files/csv/tests-security.csv b/docs/files/csv/tests-security.csv new file mode 100644 index 000000000..07e05d0ba --- /dev/null +++ b/docs/files/csv/tests-security.csv @@ -0,0 +1,9 @@ +Tests;Description;Code;Comments +root_pods;check that pods are nor using root user or started as root; `bash script <https://git.onap.org/integration/xtesting/tree/security/scripts/check_security_root.sh>`__; kubectl +unlimitted_pods;check that limits are set for pods;`bash script <https://git.onap.org/integration/xtesting/tree/security/scripts/check_unlimitted_pods.sh>`__; kubectl +cis_kubernetes;perform the k8s cis test suite (upstream src aquasecurity);`bash script <https://git.onap.org/integration/xtesting/tree/security/scripts/check_cis_kubernetes.sh>`__;`kube-bench <https://github.com/aquasecurity/kube-bench>`__ +nonssl_endpoints;check that all public HTTP endpoints exposed in ONAP cluster use SSL tunnels;`Go script <https://git.onap.org/integration/plain/test/security/sslendpoints/main.go>`__;kubetl, nmap +http_public_endpoints;check that there is no public http endpoints exposed in ONAP cluster;`bash script <https://git.onap.org/integration/plain/test/security/check_for_nonssl_endpoints.sh>`__;kubectl,nmap +jdpw_ports;check that there are no internal java ports;`bash script <https://git.onap.org/integration/plain/test/security/check_for_jdwp.sh>`__;kubectl, procfs +kube_hunter;security suite to search k8s vulnerabilities (upstream src aquasecurity);`kube-Hunter <https://github.com/aquasecurity/kube-hunter>`__; `kube-Hunter <https://github.com/aquasecurity/kube-hunter>`__ +versions;check that Java and Python are available only in versions recommended by SECCOM. This test is long and run only in Weekly CI chains;`python module <https://git.onap.org/integration/tree/test/security/check_versions>`__;cerberus, kubernetes python lib, |