Resync integration/xtesting repo

Issue-ID: INT-1366 Signed-off-by: mrichomme <morgan.richomme@orange.com> Change-Id: I3af9c4697f0e67d3ce5b6d2fceeb978aeb20a0ff
author: mrichomme <morgan.richomme@orange.com> 2020-04-20 14:50:27 +0200
committer: mrichomme <morgan.richomme@orange.com> 2020-04-20 14:50:27 +0200
commit: 5de622a8247c4cf4fc2bd4e5f8a947e60a8c4bfb (patch)
tree: 2038bfaa94413367fd46e8bcd38600f2e49dac05 /security/docker/testcases.yaml
parent: 3c64be99c3c24930674e9fa657993d95cbd2fe6d (diff)
1 files changed, 60 insertions, 4 deletions
diff --git a/security/docker/testcases.yaml b/security/docker/testcases.yaml
index ed281f2..6b9d482 100644
--- a/security/docker/testcases.yaml
+++ b/security/docker/testcases.yaml
@@ -8,11 +8,67 @@ tiers:
             Set of basic Functional security tests.
         testcases:
             -
-                case_name: osji
-                project_name: integration
+                case_name: root_pods
+                project_name: security
                 criteria: 100
                 blocking: false
                 description: >-
-                    run osji scan.
+                    test if pods are run in root.
                 run:
-                    name: 'onap_osji'
+                    name: 'root_pods'
+            -
+                case_name: unlimitted_pods
+                project_name: security
+                criteria: 100
+                blocking: false
+                description: >-
+                    test if pods are run without limit.
+                run:
+                    name: 'unlimitted_pods'
+            -
+                case_name: cis_kubernetes
+                project_name: security
+                criteria: 100
+                blocking: false
+                description: >-
+                    test if kubernetes install is CIS compliant.
+                run:
+                    name: 'cis_kubernetes'
+            -
+                case_name: http_public_endpoints
+                project_name: security
+                criteria: 100
+                blocking: false
+                description: >-
+                    Check all ports exposed outside of kubernetes cluster
+                    looking for plain http endpoint.
+                run:
+                    name: 'http_public_endpoints'
+            -
+                case_name: nonssl_endpoints
+                project_name: security
+                criteria: 100
+                blocking: false
+                description: >-
+                    Check that all ports exposed outside of kubernetes cluster
+                    use SSL tunnels.
+                run:
+                    name: 'nonssl_endpoints'
+            -
+                case_name: jdpw_ports
+                project_name: security
+                criteria: 100
+                blocking: false
+                description: >-
+                    Check that no jdwp ports are exposed
+                run:
+                    name: 'jdpw_ports'
+            -
+                case_name: kube_hunter
+                project_name: security
+                criteria: 100
+                blocking: false
+                description: >-
+                    Check k8s CVE.
+                run:
+                    name: 'kube_hunter'
author	mrichomme <morgan.richomme@orange.com>	2020-04-20 14:50:27 +0200
committer	mrichomme <morgan.richomme@orange.com>	2020-04-20 14:50:27 +0200
commit	5de622a8247c4cf4fc2bd4e5f8a947e60a8c4bfb (patch)
tree	2038bfaa94413367fd46e8bcd38600f2e49dac05 /security/docker/testcases.yaml
parent	3c64be99c3c24930674e9fa657993d95cbd2fe6d (diff)