Closed collivier closed 4 years ago
I put it on my agenda but of course any help is more than welcome to release my Baraque schedule.
What are the specific CNTT RA2 requirements that kube_bench and kube_hunter cover?
To help break down the very large CNTT RA2 - RC2 traceability effort, someone could help map the CNTT RA2 requirements to what kube_bench covers. The same can happen for kube_hunter.
I would consider there are missing security requirements in RA2 (bug me if I'm wrong) which doesn't allow precise checks (same case as benchmarking). Then the test case results is more about the security tool execution and the failures are listed for information. e.g. sec.std.001 is a should requirement.
The proposal is to run kube_bench and kube_hunter as integrated by Functest which already fulfill the test case integration requirements. They are already in-used in OPNFV & ONAP gating (see Functest gates and ONAP integration work).
The test configurations will be simply adapted to match the security rules as highlighted by RA2.