www-infrastructure-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mark Thomas (JIRA)" <j...@apache.org>
Subject [jira] [Created] (INFRA-10776) New VM for Security Team
Date Mon, 16 Nov 2015 08:42:11 GMT
Mark Thomas created INFRA-10776:

             Summary: New VM for Security Team
                 Key: INFRA-10776
                 URL: https://issues.apache.org/jira/browse/INFRA-10776
             Project: Infrastructure
          Issue Type: Bug
          Components: Other/Misc
            Reporter: Mark Thomas

The security team wishes to evaluate SRC:CLR, a tool for finding known vulnerabilities in
project dependencies. To do this we need a VM in which to run the agent part of the tool.

The agent checks out a project's source and then either builds it or analyses the build files
depending on the tool used. Therefore similar specs to a typical build slave should be sufficient.

The OS needs to be Linux but the requirements are no more specific than that so Infra's preferred
/ standard variant is fine which I believe is Ubuntu 14.04 LTS.

I am assuming that the OS will be managed by Puppet and that the security team will be responsible
for the day-to-day management of the VM. Please could the following packages be added to the
required packages for the VM in Puppet:
- git
- openjdk-8-jdk
- maven (from Ubuntu Wily since we need 3.1 or later)

The security team will install the SRC:CLR agent manually.

Please ensure that I (availid markt) has root access to the VM. I'll add other security team
members as necessary.

Thanks in advance.

This message was sent by Atlassian JIRA

View raw message