starlingx/docs
Code Issues Proposed changes

CVSS v3 Adoption for OS

Browse Source 
Addressed Patch 5 comments
Addressed Patch 4 comments
Fixed typo
Added a note to indicate CentOS is not being scanned as the master branch has Debian which is being scanned
Updated Index
Added Abbreviations
Added Includes File / Index
Fixed merge conflicts

Change-Id: I17a3c3d6e5b545e24f1530dbb3fdec8adc30b26a
Signed-off-by: Juanita Balaraj <juanita.balaraj@windriver.com>
This commit is contained in:
Juanita-Balaraj 2022-11-01 23:46:02 -04:00
parent cf755b146c
commit d66fc5b4da
4 changed files with 111 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
doc/source/_includes/cve-maintenance-0eaf7f8697bc.rest Normal file
View File

@ -0,0 +1,15 @@
.. begin-CVE
.. end-CVE
.. CentOS-begin
.. CentOS-end
.. CVE-visibility-begin
.. CVE-visibility-end
.. Debian-begin
.. Debian-end
.. CVE-visibility-1-begin
.. CVE-visibility-1-end

84
doc/source/security/kubernetes/cve-maintenance-723cd9dd54b3.rst Normal file
View File

@ -0,0 +1,84 @@
.. _cve-maintenance-723cd9dd54b3:
===============
CVE Maintenance
===============
On a monthly basis, the master development branch of |prod| is scanned for
|CVE|'s and the reports that are generated are reviewed by the Security team.
.. only:: partner
.. include:: /_includes/cve-maintenance-0eaf7f8697bc.rest
:start-after: begin-CVE
:end-before: end-CVE
.. only:: starlingx
For |CVE|'s which meet StarlingX's ``CVE Fix Criteria Policy`` as documented
below, fixes are provided for the |CVE| in the StarlingX master branch.
For Debian-based versions of |prod| |deb-release-ver|:
.. only:: partner
.. include:: /_includes/cve-maintenance-0eaf7f8697bc.rest
:start-after: Debian-begin
:end-before: Debian-end
- The third party tool ``Vulscan`` is used to scan for |CVE|'s to provide an
unbiased view of vulnerabilities
- |CVSS| v3 base scores and base metrics are used in the |CVE| fix criteria
- The |CVE| ``Fix Criteria Policy`` is:
- Main Fix Criteria
- |CVSS| v3 Base score >= 7.0
- Base Metrics has the following:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None or Low
- Availability Impact: High or Low
- User Interaction: None
- A correction is available upstream
- OR, visibility is HIGH and a correction is available upstream
.. only:: partner
.. include:: /_includes/cve-maintenance-0eaf7f8697bc.rest
:start-after: CVE-visibility-1-begin
:end-before: CVE-visibility-1-end
For older CentOS-based versions of |prod|:
.. only:: partner
.. include:: /_includes/cve-maintenance-0eaf7f8697bc.rest
:start-after: CentOS-begin
:end-before: CentOS-end
- |CVSS| v2 base scores and base vectors are used in the |CVE| fix criteria
- The |CVE| ``Fix Criteria Policy`` is:
- Main Fix Criteria
- |CVSS| v2 Base score >= 7.0
- Base Vector has the following:
- Access Vector: Network
- Access Complexity: Low
- Authentication: None or Single
- Availability Impact: Partial/Complete
- A correction is available upstream
- OR, visibility is HIGH and a correction is available upstream
.. only:: partner
.. include:: /_includes/cve-maintenance-0eaf7f8697bc.rest
:start-after: CVE-visibility-begin
:end-before: CVE-visibility-end

10
doc/source/security/kubernetes/index-security-kub-81153c1254c3.rst
View File

@ -217,6 +217,16 @@ Authentication of Software Delivery
authentication-of-software-delivery authentication-of-software-delivery
***************
CVE Maintenance
***************
.. toctree::
:maxdepth: 1
cve-maintenance-723cd9dd54b3
******************************************************* *******************************************************
Security Feature Configuration for Spectre and Meltdown Security Feature Configuration for Spectre and Meltdown
******************************************************* *******************************************************

2
doc/source/shared/abbrevs.txt
View File

@ -35,6 +35,7 @@
.. |CSK| replace:: :abbr:`CSK (Code Signing Key)` .. |CSK| replace:: :abbr:`CSK (Code Signing Key)`
.. |CSKs| replace:: :abbr:`CSKs (Code Signing Keys)` .. |CSKs| replace:: :abbr:`CSKs (Code Signing Keys)`
.. |CVE| replace:: :abbr:`CVE (Common Vulnerabilities and Exposures)` .. |CVE| replace:: :abbr:`CVE (Common Vulnerabilities and Exposures)`
.. |CVSS| replace:: :abbr:`CVSS (Common Vulnerability Scoring System)`
.. |DAD| replace:: :abbr:`DAD (Duplicate Address Detection)` .. |DAD| replace:: :abbr:`DAD (Duplicate Address Detection)`
.. |DC| replace:: :abbr:`DC (Distributed Cloud)` .. |DC| replace:: :abbr:`DC (Distributed Cloud)`
.. |DOR| replace:: :abbr:`DOR (Dead Office Recovery)` .. |DOR| replace:: :abbr:`DOR (Dead Office Recovery)`
@ -187,3 +188,4 @@
.. |WAD| replace:: :abbr:`WAD (Windows Active Directory)` .. |WAD| replace:: :abbr:`WAD (Windows Active Directory)`
.. |XML| replace:: :abbr:`XML (eXtensible Markup Language)` .. |XML| replace:: :abbr:`XML (eXtensible Markup Language)`
.. |YAML| replace:: :abbr:`YAML (YAML Ain't Markup Language)` .. |YAML| replace:: :abbr:`YAML (YAML Ain't Markup Language)`