You are viewing a plain text version of this content. The canonical link for it is here.

Posted to infrastructure-issues@apache.org by "Mark Thomas (JIRA)" <ji...@apache.org> on 2015/12/08 20:55:11 UTC

[jira] [Resolved] (INFRA-10776) New VM for Security Team

     [ https://issues.apache.org/jira/browse/INFRA-10776?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Mark Thomas resolved INFRA-10776.
---------------------------------
    Resolution: Fixed

Thanks. I can confirm that I have access and that sudo is working.

> New VM for Security Team
> ------------------------
>
>                 Key: INFRA-10776
>                 URL: https://issues.apache.org/jira/browse/INFRA-10776
>             Project: Infrastructure
>          Issue Type: Bug
>          Components: Other/Misc
>            Reporter: Mark Thomas
>            Assignee: Daniel Takamori
>
> The security team wishes to evaluate SRC:CLR, a tool for finding known vulnerabilities in project dependencies. To do this we need a VM in which to run the agent part of the tool.
> The agent checks out a project's source and then either builds it or analyses the build files depending on the tool used. Therefore similar specs to a typical build slave should be sufficient.
> The OS needs to be Linux but the requirements are no more specific than that so Infra's preferred / standard variant is fine which I believe is Ubuntu 14.04 LTS.
> I am assuming that the OS will be managed by Puppet and that the security team will be responsible for the day-to-day management of the VM. Please could the following packages be added to the required packages for the VM in Puppet:
> - git
> - openjdk-8-jdk
> - maven (from Ubuntu Wily since we need 3.1 or later)
> The security team will install the SRC:CLR agent manually.
> Please ensure that I (availid markt) has root access to the VM. I'll add other security team members as necessary.
> Thanks in advance.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)