Details
-
Task
-
Resolution: Done
-
Medium
-
None
Description
Currently lynis and vuls tests pass even if they find vulnerabilities. We expect the PTLs to manually check them and identify if these vulnerabilities need to be dealt with or not, so we allow the tests to have vulnerabilities. But ideally there shouldn't be any vulnerabilities on the system.
Therefore, reporting a pass status may cause confusion, so instead of just marking the test as pass make the test fail when vulnerabilities are found but mark it as non-critical (making the suite pass).
The implementation should be similar to what has been done for kube-hunter test: https://gerrit.akraino.org/r/c/validation/+/3313
