[CPS-667] onap-cps-temporal-db container launched as root and without resource limits - ONAP JIRA

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Highest
Resolution: Done
Affects Version/s: Istanbul Release
Fix Version/s: Istanbul Release
Component/s: CPS-Temporal
Labels:
- SECCOM
- cps
- integration
- limits
- root
- security
Environment:

Daily chain

Description

according to Daily CI chain, we moved from 100% to 60% on security due to onap-cps-temporal-db

this docker is launched as root and without limit in kubernetes, which is not allowed by security rules.

https://logs.onap.org/onap-integration/daily/onap_daily_pod4_master/2021-09/15_03-34/

confirmed in DT daily chain https://logs.onap.org/onap-integration/daily/onap-master-daily-dell/2021-09/14_14-33/

if it is an upstream component, it is possible to contact the seccom to get waiver

+ Seccom zwarico kopasiak Fabian_BZH Pawel_P

+ integration/oom MichalJagielloTMPL sdesbure

Attachments

Issue Links

mentioned in: Page Loading...

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Michał Jagiełło

Reporter:: Morgan Richomme

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 15/Sep/21 6:10 AM

Updated:: 22/Oct/21 12:31 PM

Resolved:: 04/Oct/21 5:47 PM