$ oc create -f manifests/01-operator
$ oc create -f manifests/02-compliance-scan
$ oc get compliancescan -w -n openshift-compliance
$ oc get compliancecheckresults -n openshift-compliance
IMPORTANT: DON'T RUN THIS ON A CLUSTER YOU CARE ABOUT! IT WILL ENFORCE EVERYTHING!
NOTE: If you scanned without remediation, delete the ScanSettingBinding with:
$ oc delete -f manifests/02-compliance-scan
$ oc create -f manifests/03-compliance-remediation
$ oc get compliancescan -w -n openshift-compliance
$ oc get compliancecheckresults -n openshift-compliance
$ oc annotate compliancescans/ocp4-cis compliance.openshift.io/rescan=
$ oc annotate compliancescans/ocp4-cis-node-master compliance.openshift.io/rescan=
$ oc annotate compliancescans/ocp4-cis-node-worker compliance.openshift.io/rescan=
$ oc get compliancescan -w -n openshift-compliance
$ oc get compliancecheckresults -n openshift-compliance