aboutsummaryrefslogtreecommitdiffstats
path: root/security/docker/testcases.yaml
blob: 92b270dde3add9fa2e34a47f8734e592ff296a94 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
---
tiers:
    -
        name: security
        order: 1
        ci_loop: '(daily)|(weekly)'
        description: >-
            Set of basic Functional security tests.
        testcases:
            -
                case_name: root_pods
                project_name: security
                criteria: 100
                blocking: false
                description: >-
                    test if pods are run in root.
                run:
                    name: 'root_pods'
            -
                case_name: unlimitted_pods
                project_name: security
                criteria: 100
                blocking: false
                description: >-
                    test if pods are run without limit.
                run:
                    name: 'unlimitted_pods'
            -
                case_name: cis_kubernetes
                project_name: security
                criteria: 100
                blocking: false
                description: >-
                    test if kubernetes install is CIS compliant.
                run:
                    name: 'cis_kubernetes'
            -
                case_name: http_public_endpoints
                project_name: security
                criteria: 100
                blocking: false
                description: >-
                    Check all ports exposed outside of kubernetes cluster
                    looking for plain http endpoint.
                run:
                    name: 'http_public_endpoints'
            -
                case_name: nonssl_endpoints
                project_name: security
                criteria: 100
                blocking: false
                description: >-
                    Check that all ports exposed outside of kubernetes cluster
                    use SSL tunnels.
                run:
                    name: 'nonssl_endpoints'
            -
                case_name: jdpw_ports
                project_name: security
                criteria: 100
                blocking: false
                description: >-
                    Check that no jdwp ports are exposed
                run:
                    name: 'jdpw_ports'
            -
                case_name: kube_hunter
                project_name: security
                criteria: 100
                blocking: false
                description: >-
                    Check k8s CVE.
                run:
                    name: 'kube_hunter'
            -
                case_name: versions
                project_name: security
                criteria: 100
                blocking: false
                description: >-
                    Check that Java and Python are available only in versions
                    recommended by SECCOM
                run:
                    name: 'versions'