From e300a27d84cdd268012b28a4d3222cd8eae17ff2 Mon Sep 17 00:00:00 2001 From: Michal Jagiello Date: Thu, 27 Oct 2022 08:40:00 +0000 Subject: Integration Kohn release doc update Update doc for ONAP Kohn release Issue-ID: INT-2159 Signed-off-by: Michal Jagiello Change-Id: I0b0082cb460dfa46c587dff48a84317c27515260 --- docs/files/csv/tests-security.csv | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) (limited to 'docs/files/csv/tests-security.csv') diff --git a/docs/files/csv/tests-security.csv b/docs/files/csv/tests-security.csv index 0ded0a206..9d949a9e0 100644 --- a/docs/files/csv/tests-security.csv +++ b/docs/files/csv/tests-security.csv @@ -1,10 +1,5 @@ Tests;Description;Code;Comments root_pods;check that pods are nor using root user or started as root; `bash script `__; kubectl unlimitted_pods;check that limits are set for pods;`bash script `__; kubectl -cis_kubernetes;perform the k8s cis test suite (upstream src aquasecurity);`bash script `__;`kube-bench `__ nonssl_endpoints;check that all public HTTP endpoints exposed in ONAP cluster use SSL tunnels;`Go script `__;kubetl, nmap -http_public_endpoints;check that there is no public http endpoints exposed in ONAP cluster;`bash script `__;kubectl,nmap -jdpw_ports;check that there are no internal java ports;`bash script `__;kubectl, procfs -kube_hunter;security suite to search k8s vulnerabilities (upstream src aquasecurity);`kube-Hunter `__; `kube-Hunter `__ -versions;check that Java and Python are available only in versions recommended by SECCOM. This test is long and run only in Weekly CI chains;`python module `__;cerberus, kubernetes python lib, -tern;Check the component licenses within the ONAP dockers;`bash script `__;kubectl +nodeport_check_certs;This test list the nodeports and tries to get SSL information to evaluate the validity of the certificates (expiration and issuer) used on the nodeports;`python module `__;pyopenssl, kubernetes python libraries -- cgit 1.2.3-korg