[Platformone] [PossibleSpam] Re: Rogue One IATT Actions

Wed Dec 4 16:56:32 UTC 2019

Adding in Hayden for Anchore Support.  Hayden - please see below.

Thanks,
Taylor

----
Taylor Biggs
taylor at redhat.com
850-449-2220

On Wed, Dec 4, 2019 at 11:37 AM Pascal, Jay <Jay.Pascal at diligent-us.com>
wrote:

> I was able to get the scan results for Twistlock.  I have also been able
> to log in to Anchore.  However, when I attempt to analyze a repository or
> tag, Anchore does not appear able to locate it.  I have tried various
> values.  I am attempting to analyze the following image.
>
>
>
> docker-registry-default.apps.cluster.unified-platform.io/aam-ci-cd/develop-misp-app-web:latest
>
>
> I have tried docker-registry.default.svc as the registry and aam-ci-cd as
> the repository.  I have tried both the analyze repository and analyze tag
> options.  using docker-registry.default.svc seems to attempt to pull from
> the registry, but does not find the image.
>
> It may be the Anchore user does not have privileges to pull from the
> registry/repository.  I don't know which user/service account Anchore
> attempts to use to pull from the registry in order to grant them privileges.
>
> v/r,
>
> Jay L Pascal
> Senior Systems Engineer
> *DILIGENT* Consulting Inc.
> (O) 210.826.9300
> (C) 210.827.5323
> A Service Disabled Veteran Owned Small Business
> CMMI-DEV Maturity Level 3
> ISO 9001:2015 certified
> ------------------------------
> *From:* Keegan Reap <kreap at redhat.com>
> *Sent:* Tuesday, December 3, 2019 9:33 AM
> *To:* Mark Nissley
> *Cc:* Jonathan Hultz; Bubb, Mike; SANCHEZ, MARK GG-13 USAF AFMC
> AFLCMC/HNCP; Pascal, Jay; platformONE at redhat.com
> *Subject:* [PossibleSpam] Re: [Platformone] Rogue One IATT Actions
>
> With the added people to the thread, I will go ahead and reiterate these
> points just in case, for full transparency:
>
>
> Hey Mark & all,
>
> As far as the first objective, Twistlock has been deployed to the
> environment and is ready to start scanning, link below. The Twistlock app
> is locked behind an admin account, so we will need a POC to share the admin
> account with. As far as Anchore goes, we have it deployed but it seems
> something is preventing it from coming up successfully, we are currently
> going to investigate.
>
>
> https://cluster.unified-platform.io/console/project/levelup-twistlock/overview
> https://levelup-twistlock.apps.cluster.unified-platform.io/
>
> Thanks,
> Keegan Reap
>
>
> On Tue, Dec 3, 2019 at 9:29 AM Mark Nissley <mnissley at redhat.com> wrote:
>
>> Adding some of the UP Nodes Team to this thread. Mike, in a
>> separate thread you noted that you were having trouble with Twistlock.
>> Could you send a name and email address for someone on your team that we
>> can grant access to? That may be you...
>>
>>
>> Mark NISSLEY, PMP, CSM, LEAN
>>
>> PROGRAM MaNAGER & SR technical Project Manager
>>
>> North American Consulting, Public Sector
>> <https://www.redhat.com/>
>>
>> M: 850-530-3234
>>
>> <https://www.redhat.com/>
>>
>> *Scheduled Training: October 14-18*
>>
>>
>> On Tue, Dec 3, 2019 at 10:25 AM Jonathan Hultz <jhultz at redhat.com> wrote:
>>
>>> Mark,
>>>
>>> Here is the results for the initial stig run against one of the
>>> UP Node ec2 instances.
>>> https://dccscr.dsop.io/levelup-automation/security/rhel7-stig/issues/1
>>>
>>> There are several Cat 1 and 2s that are not implemented and the
>>> reasoning is in the ticket. Corey is currently working on the Sat role
>>> which will also need several stigs disabled to run correctly.
>>>
>>> We are currently waiting for Colleen to rescan the UP Prod host with the
>>> stigs applied.
>>>
>>> Cheers, Jon
>>>
>>> On Tue, Dec 3, 2019 at 10:07 AM Mark Nissley <mnissley at redhat.com>
>>> wrote:
>>>
>>>> I am on call with UP Node aka Rogue One. They are getting ready for
>>>> IATT. Here is the actions that they asked of our team, due COB today:
>>>>
>>>>    1. They asked if we can utilize Anchore and/or Twistlock to scan
>>>>    their apps and provide a report. They will be glad to do it as well if we
>>>>    want to make the containers available, but they emphasized that the
>>>>    shortest course of action is the best.
>>>>    2. A plan of action for all High and Critical items scan results
>>>>    from Colleen's scan (if hardening scripts will be needed, they must be
>>>>    delivered IATT, 20 December)
>>>>
>>>> As this is the highest urgency task on our list right now, we need to
>>>> be able to assign these tasks to specific people and knock them out. *The
>>>> deadline is COB today on both items*. Who can work with me to make
>>>> these things happen?
>>>>
>>>>
>>>> Mark NISSLEY, PMP, CSM, LEAN
>>>>
>>>> PROGRAM MaNAGER & SR technical Project Manager
>>>>
>>>> North American Consulting, Public Sector
>>>> <https://www.redhat.com/>
>>>>
>>>> M: 850-530-3234
>>>>
>>>> <https://www.redhat.com/>
>>>>
>>>> *Scheduled Training: October 14-18*
>>>> _______________________________________________
>>>> platformONE mailing list
>>>> platformONE at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/platformone
>>>>
>>>
>>>
>>> --
>>>
>>> JONATHAN HULTZ, RHCSA
>>>
>>> SENIOR CONSULTANT
>>>
>>> Red Hat Remote US CA <https://www.redhat.com/>
>>>
>>> jhultz at redhat.com    M: 609-713-9778
>>> <https://red.ht/sig>
>>>
>> _______________________________________________
>> platformONE mailing list
>> platformONE at redhat.com
>> https://www.redhat.com/mailman/listinfo/platformone
>>
> Confidentiality Notice: This e-mail may contain confidential and
> privileged material for the sole use of the intended recipient(s). Any
> review, use, distribution or disclosure by others is strictly prohibited.
> If you are not the intended recipient (or authorized to receive for the
> recipient) please contact the sender by reply e-mail and delete all copies
> of this message.
> _______________________________________________
> platformONE mailing list
> platformONE at redhat.com
> https://www.redhat.com/mailman/listinfo/platformone
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/platformone/attachments/20191204/1b93a498/attachment.htm>