www-infrastructure-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mark Thomas (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (INFRA-10776) New VM for Security Team
Date Tue, 08 Dec 2015 19:55:11 GMT

     [ https://issues.apache.org/jira/browse/INFRA-10776?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Mark Thomas resolved INFRA-10776.
    Resolution: Fixed

Thanks. I can confirm that I have access and that sudo is working.

> New VM for Security Team
> ------------------------
>                 Key: INFRA-10776
>                 URL: https://issues.apache.org/jira/browse/INFRA-10776
>             Project: Infrastructure
>          Issue Type: Bug
>          Components: Other/Misc
>            Reporter: Mark Thomas
>            Assignee: Daniel Takamori
> The security team wishes to evaluate SRC:CLR, a tool for finding known vulnerabilities
in project dependencies. To do this we need a VM in which to run the agent part of the tool.
> The agent checks out a project's source and then either builds it or analyses the build
files depending on the tool used. Therefore similar specs to a typical build slave should
be sufficient.
> The OS needs to be Linux but the requirements are no more specific than that so Infra's
preferred / standard variant is fine which I believe is Ubuntu 14.04 LTS.
> I am assuming that the OS will be managed by Puppet and that the security team will be
responsible for the day-to-day management of the VM. Please could the following packages be
added to the required packages for the VM in Puppet:
> - git
> - openjdk-8-jdk
> - maven (from Ubuntu Wily since we need 3.1 or later)
> The security team will install the SRC:CLR agent manually.
> Please ensure that I (availid markt) has root access to the VM. I'll add other security
team members as necessary.
> Thanks in advance.

This message was sent by Atlassian JIRA

View raw message