Trivy Node Scanner `ClusterInfraAssessmentReport`
sherifkayad opened this issue · comments
Hello @fjogeleit 👋
Seems like the Trivy Operator with recent versions enabled something new scanning the Kubernetes Nodes (with the so-called Node Scanner) and producing a ClusterInfraAssessmentReport.
I noticed that this type isn't converted by the adapter to a ClusterPolicy.
An example of this report in the Trivy World (click to expand)
apiVersion: aquasecurity.github.io/v1alpha1
kind: ClusterInfraAssessmentReport
metadata:
creationTimestamp: '2023-03-17T09:45:18Z'
generation: 1
labels:
plugin-config-hash: 659b7b9c46
resource-spec-hash: 54fcfbd8c7
trivy-operator.resource.kind: Node
trivy-operator.resource.name: ip-10-3-16-19.eu-central-1.compute.internal
trivy-operator.resource.namespace: ''
managedFields:
- apiVersion: aquasecurity.github.io/v1alpha1
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:labels:
.: {}
f:plugin-config-hash: {}
f:resource-spec-hash: {}
f:trivy-operator.resource.kind: {}
f:trivy-operator.resource.name: {}
f:trivy-operator.resource.namespace: {}
f:ownerReferences:
.: {}
k:{"uid":"1cbb23e1-e749-490d-be02-ccb94e015e9f"}: {}
f:report:
.: {}
f:checks: {}
f:scanner:
.: {}
f:name: {}
f:vendor: {}
f:version: {}
f:summary:
.: {}
f:criticalCount: {}
f:highCount: {}
f:lowCount: {}
f:mediumCount: {}
manager: trivy-operator
operation: Update
time: '2023-03-17T09:45:18Z'
name: node-ip-10-3-16-19.eu-central-1.compute.internal
ownerReferences:
- apiVersion: v1
blockOwnerDeletion: false
controller: true
kind: Node
name: ip-10-3-16-19.eu-central-1.compute.internal
uid: 1cbb23e1-e749-490d-be02-ccb94e015e9f
resourceVersion: '25537871'
uid: c1da64c6-7480-4dea-aa43-562aa2953117
selfLink: >-
/apis/aquasecurity.github.io/v1alpha1/clusterinfraassessmentreports/node-ip-10-3-16-19.eu-central-1.compute.internal
report:
checks:
- category: Kubernetes Security Check
checkID: KCV0027
description: Setup TLS connection on the API server.
messages:
- ''
severity: LOW
success: true
title: >-
Ensure that the --tls-cert-file and --tls-private-key-file arguments are
set as appropriate
- category: Kubernetes Security Check
checkID: KCV0001
description: Disable anonymous requests to the API server.
messages:
- ''
severity: MEDIUM
success: true
title: Ensure that the --anonymous-auth argument is set to false
- category: Kubernetes Security Check
checkID: KCV0083
description: >-
Protect tuned kernel parameters from overriding kubelet default kernel
parameter values.
messages:
- Ensure that the --protect-kernel-defaults is set to true
severity: HIGH
success: false
title: Ensure that the --protect-kernel-defaults is set to true
- category: Kubernetes Security Check
checkID: KCV0071
description: >-
If kube-proxy is running, and if it is using a file-based kubeconfig
file, ensure that the proxy kubeconfig file has permissions of 600 or
more restrictive.
messages:
- ''
severity: HIGH
success: true
title: >-
If proxy kubeconfig file exists ensure permissions are set to 600 or
more restrictive
- category: Kubernetes Security Check
checkID: KCV0072
description: >-
If kube-proxy is running, ensure that the file ownership of its
kubeconfig file is set to root:root.
messages:
- ''
severity: HIGH
success: true
title: if proxy kubeconfig file exists ensure ownership is set to root:root
- category: Kubernetes Security Check
checkID: KCV0063
description: Ensure that the scheduler config file ownership is set to root:root.
messages:
- ''
severity: HIGH
success: true
title: Ensure that the scheduler config file ownership is set to root:root
- category: Kubernetes Security Check
checkID: KCV0034
description: Disable profiling, if not needed.
messages:
- ''
severity: LOW
success: true
title: Ensure that the --profiling argument is set to false
- category: Kubernetes Security Check
checkID: KCV0016
description: Limit the Node and Pod objects that a kubelet could modify.
messages:
- ''
severity: LOW
success: true
title: Ensure that the admission control plugin NodeRestriction is set
- category: Kubernetes Security Check
checkID: KCV0046
description: etcd should be configured for peer authentication.
messages:
- ''
severity: LOW
success: true
title: Ensure that the --peer-client-cert-auth argument is set to true
- category: Kubernetes Security Check
checkID: KCV0070
description: Ensure that the kubelet service file ownership is set to root:root.
messages:
- ''
severity: CRITICAL
success: true
title: Ensure that the kubelet service file ownership is set to root:root
- category: Kubernetes Security Check
checkID: KCV0087
description: >-
Security relevant information should be captured. The --event-qps flag
on the Kubelet can be used to limit the rate at which events are
gathered
messages:
- ''
severity: HIGH
success: true
title: >-
Ensure that the --event-qps argument is set to 0 or a level which
ensures appropriate event capture
- category: Kubernetes Security Check
checkID: KCV0004
description: Use https for kubelet connections.
messages:
- ''
severity: LOW
success: true
title: Ensure that the --kubelet-https argument is set to true
- category: Kubernetes Security Check
checkID: KCV0048
description: >-
Ensure that the API server pod specification file has permissions of 600
or more restrictive.
messages:
- ''
severity: HIGH
success: true
title: >-
Ensure that the API server pod specification file permissions are set to
600 or more restrictive
- category: Kubernetes Security Check
checkID: KCV0015
description: Reject creating objects in a namespace that is undergoing termination.
messages:
- ''
severity: LOW
success: true
title: Ensure that the admission control plugin NamespaceLifecycle is set
- category: Kubernetes Security Check
checkID: KCV0017
description: Do not disable the secure port.
messages:
- ''
severity: LOW
success: true
title: Ensure that the --secure-port argument is not set to 0
- category: Kubernetes Security Check
checkID: KCV0086
description: Do not override node hostnames.
messages:
- ''
severity: HIGH
success: true
title: Ensure that the --hostname-override argument is not set
- category: Kubernetes Security Check
checkID: KCV0028
description: Setup TLS connection on the API server.
messages:
- ''
severity: LOW
success: true
title: Ensure that the --client-ca-file argument is set as appropriate
- category: Kubernetes Security Check
checkID: KCV0092
description: >-
Ensure that the Kubelet is configured to only use strong cryptographic
ciphers.
messages:
- Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers
severity: CRITICAL
success: false
title: Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers
- category: Kubernetes Security Check
checkID: KCV0049
description: >-
Ensure that the API server pod specification file ownership is set to
root:root.
messages:
- ''
severity: HIGH
success: true
title: >-
Ensure that the API server pod specification file ownership is set to
root:root
- category: Kubernetes Security Check
checkID: KCV0042
description: Configure TLS encryption for the etcd service.
messages:
- ''
severity: LOW
success: true
title: >-
Ensure that the --cert-file and --key-file arguments are set as
appropriate
- category: Kubernetes Security Check
checkID: KCV0002
description: Do not use token based authentication.
messages:
- ''
severity: LOW
success: true
title: Ensure that the --token-auth-file parameter is not set
- category: Kubernetes Security Check
checkID: KCV0021
description: Retain 10 or an appropriate number of old log files.
messages:
- ''
severity: LOW
success: true
title: >-
Ensure that the --audit-log-maxbackup argument is set to 10 or as
appropriate
- category: Kubernetes Security Check
checkID: KCV0085
description: Do not disable timeouts on streaming connections.
messages:
- ''
severity: HIGH
success: true
title: >-
Ensure that the --streaming-connection-idle-timeout argument is not set
to 0
- category: Kubernetes Security Check
checkID: KCV0024
description: Validate service account before validating token.
messages:
- ''
severity: LOW
success: true
title: Ensure that the --service-account-lookup argument is set to true
- category: Kubernetes Security Check
checkID: KCV0062
description: >-
Ensure that the scheduler config file has permissions of 600 or more
restrictive.
messages:
- ''
severity: HIGH
success: true
title: >-
Ensure that the scheduler config file permissions are set to 600 or more
restrictive
- category: Kubernetes Security Check
checkID: KCV0084
description: Allow Kubelet to manage iptables.
messages:
- ''
severity: HIGH
success: true
title: Ensure that the --make-iptables-util-chains argument is set to true
- category: Kubernetes Security Check
checkID: KCV0090
description: Enable kubelet client certificate rotation.
messages:
- Ensure that the --rotate-certificates argument is not set to false
severity: HIGH
success: false
title: Ensure that the --rotate-certificates argument is not set to false
- category: Kubernetes Security Check
checkID: KCV0050
description: >-
Ensure that the controller manager pod specification file has
permissions of 600 or more restrictive.
messages:
- ''
severity: HIGH
success: true
title: >-
Ensure that the controller manager pod specification file permissions
are set to 600 or more restrictive
- category: Kubernetes Security Check
checkID: KCV0006
description: Verify kubelet's certificate before establishing connection.
messages:
- ''
severity: LOW
success: true
title: >-
Ensure that the --kubelet-certificate-authority argument is set as
appropriate
- category: Kubernetes Security Check
checkID: KCV0029
description: >-
etcd should be configured to make use of TLS encryption for client
connections.
messages:
- ''
severity: LOW
success: true
title: Ensure that the --etcd-cafile argument is set as appropriate
- category: Kubernetes Security Check
checkID: KCV0040
description: Disable profiling, if not needed.
messages:
- ''
severity: LOW
success: true
title: Ensure that the --profiling argument is set to false
- category: Kubernetes Security Check
checkID: KCV0018
description: Disable profiling, if not needed.
messages:
- ''
severity: LOW
success: true
title: Ensure that the --profiling argument is set to false
- category: Kubernetes Security Check
checkID: KCV0060
description: >-
Ensure that the admin config file has permissions of 600 or more
restrictive.
messages:
- ''
severity: CRITICAL
success: true
title: >-
Ensure that the admin config file permissions are set to 600 or more
restrictive
- category: Kubernetes Security Check
checkID: KCV0011
description: Do not allow all requests.
messages:
- ''
severity: LOW
success: true
title: Ensure that the admission control plugin AlwaysAdmit is not set
- category: Kubernetes Security Check
checkID: KCV0068
description: >-
Ensure that the Kubernetes PKI certificate file permission is set to
600.
messages:
- ''
severity: HIGH
success: true
title: Ensure that the Kubernetes PKI certificate file permission is set to 600
- category: Kubernetes Security Check
checkID: KCV0045
description: >-
etcd should be configured to make use of TLS encryption for peer
connections.
messages:
- ''
severity: LOW
success: true
title: >-
Ensure that the --peer-cert-file and --peer-key-file arguments are set
as appropriate
- category: Kubernetes Security Check
checkID: KCV0030
description: Encrypt etcd key-value store.
messages:
- ''
severity: LOW
success: true
title: >-
Ensure that the --encryption-provider-config argument is set as
appropriate
- category: Kubernetes Security Check
checkID: KCV0079
description: Disable anonymous requests to the Kubelet server.
messages:
- Ensure that the --anonymous-auth argument is set to false
severity: CRITICAL
success: false
title: Ensure that the --anonymous-auth argument is set to false
- category: Kubernetes Security Check
checkID: KCV0058
description: >-
Ensure that the etcd data directory has permissions of 700 or more
restrictive.
messages:
- ''
severity: LOW
success: true
title: >-
Ensure that the etcd data directory permissions are set to 700 or more
restrictive
- category: Kubernetes Security Check
checkID: KCV0088
description: Setup TLS connection on the Kubelets.
messages:
- Ensure that the --tls-cert-file argument are set as appropriate
severity: CRITICAL
success: false
title: Ensure that the --tls-cert-file argument are set as appropriate
- category: Kubernetes Security Check
checkID: KCV0055
description: >-
Ensure that the etcd pod specification file ownership is set to
root:root.
messages:
- ''
severity: HIGH
success: true
title: >-
Ensure that the etcd pod specification file ownership is set to
root:root
- category: Kubernetes Security Check
checkID: KCV0091
description: Enable kubelet server certificate rotation.
messages:
- Verify that the RotateKubeletServerCertificate argument is set to true
severity: HIGH
success: false
title: Verify that the RotateKubeletServerCertificate argument is set to true
- category: Kubernetes Security Check
checkID: KCV0065
description: >-
Ensure that the controller-manager config file ownership is set to
root:root.
messages:
- ''
severity: HIGH
success: true
title: >-
Ensure that the controller-manager config file ownership is set to
root:root
- category: Kubernetes Security Check
checkID: KCV0037
description: >-
Allow pods to verify the API server's serving certificate before
establishing connections.
messages:
- ''
severity: LOW
success: true
title: Ensure that the --root-ca-file argument is set as appropriate
- category: Kubernetes Security Check
checkID: KCV0064
description: >-
Ensure that the controller-manager config file has permissions of 600 or
more restrictive.
messages:
- ''
severity: HIGH
success: true
title: >-
Ensure that the controller-manager config file permissions are set to
600 or more restrictive
- category: Kubernetes Security Check
checkID: KCV0051
description: >-
Ensure that the controller manager pod specification file ownership is
set to root:root.
messages:
- ''
severity: HIGH
success: true
title: >-
Ensure that the controller manager pod specification file ownership is
set to root:root
- category: Kubernetes Security Check
checkID: KCV0080
description: Do not allow all requests. Enable explicit authorization.
messages:
- >-
Ensure that the --authorization-mode argument is not set to
AlwaysAllow
severity: HIGH
success: false
title: Ensure that the --authorization-mode argument is not set to AlwaysAllow
- category: Kubernetes Security Check
checkID: KCV0007
description: Do not always authorize all requests.
messages:
- ''
severity: LOW
success: true
title: Ensure that the --authorization-mode argument is not set to AlwaysAllow
- category: Kubernetes Security Check
checkID: KCV0019
description: >-
Enable auditing on the Kubernetes API Server and set the desired audit
log path.
messages:
- ''
severity: LOW
success: true
title: Ensure that the --audit-log-path argument is set
- category: Kubernetes Security Check
checkID: KCV0053
description: >-
Ensure that the scheduler pod specification file ownership is set to
root:root.
messages:
- ''
severity: HIGH
success: true
title: >-
Ensure that the scheduler pod specification file ownership is set to
root:root
- category: Kubernetes Security Check
checkID: KCV0013
description: >-
The SecurityContextDeny admission controller can be used to deny pods
which make use of some SecurityContext fields which could allow for
privilege escalation in the cluster. This should be used where
PodSecurityPolicy is not in place within the cluster.
messages:
- ''
severity: LOW
success: true
title: >-
Ensure that the admission control plugin SecurityContextDeny is set if
PodSecurityPolicy is not used
- category: Kubernetes Security Check
checkID: KCV0074
description: Ensure that the kubelet.conf file ownership is set to root:root.
messages:
- ''
severity: HIGH
success: true
title: >-
Ensure that the --kubeconfig kubelet.conf file ownership is set to
root:root
- category: Kubernetes Security Check
checkID: KCV0010
description: Limit the rate at which the API server accepts requests.
messages:
- ''
severity: LOW
success: true
title: Ensure that the admission control plugin EventRateLimit is set
- category: Kubernetes Security Check
checkID: KCV0056
description: >-
Ensure that the container network interface file has permissions of 600
or more restrictive.
messages:
- ''
severity: HIGH
success: true
title: >-
Ensure that the container network interface file permissions are set to
600 or more restrictive
- category: Kubernetes Security Check
checkID: KCV0009
description: Turn on Role Based Access Control.
messages:
- ''
severity: LOW
success: true
title: Ensure that the --authorization-mode argument includes RBAC
- category: Kubernetes Security Check
checkID: KCV0135
description: Use individual service account credentials for each controller.
messages:
- ''
severity: LOW
success: true
title: >-
Ensure that the --use-service-account-credentials argument is set to
true
- category: Kubernetes Security Check
checkID: KCV0026
description: >-
etcd should be configured to make use of TLS encryption for client
connections.
messages:
- ''
severity: LOW
success: true
title: >-
Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as
appropriate
- category: Kubernetes Security Check
checkID: KCV0014
description: Automate service accounts management.
messages:
- ''
severity: LOW
success: true
title: Ensure that the admission control plugin ServiceAccount is set
- category: Kubernetes Security Check
checkID: KCV0067
description: Ensure that the Kubernetes PKI key file permission is set to 600.
messages:
- ''
severity: CRITICAL
success: true
title: Ensure that the Kubernetes PKI key file permission is set to 600
- category: Kubernetes Security Check
checkID: KCV0008
description: Restrict kubelet nodes to reading only objects associated with them.
messages:
- ''
severity: LOW
success: true
title: Ensure that the --authorization-mode argument includes Node
- category: Kubernetes Security Check
checkID: KCV0025
description: >-
Explicitly set a service account public key file for service accounts on
the apiserver.
messages:
- ''
severity: LOW
success: true
title: >-
Ensure that the --service-account-key-file argument is set as
appropriate
- category: Kubernetes Security Check
checkID: KCV0059
description: Ensure that the etcd data directory ownership is set to etcd:etcd.
messages:
- ''
severity: LOW
success: true
title: Ensure that the etcd data directory ownership is set to etcd:etcd
- category: Kubernetes Security Check
checkID: KCV0005
description: Enable certificate based kubelet authentication.
messages:
- ''
severity: LOW
success: true
title: >-
Ensure that the --kubelet-client-certificate and --kubelet-client-key
arguments are set as appropriate
- category: Kubernetes Security Check
checkID: KCV0069
description: >-
Ensure that the kubelet service file has permissions of 600 or more
restrictive.
messages:
- ''
severity: HIGH
success: true
title: >-
Ensure that the kubelet service file permissions are set to 600 or more
restrictive
- category: Kubernetes Security Check
checkID: KCV0038
description: Enable kubelet server certificate rotation on controller-manager.
messages:
- ''
severity: LOW
success: true
title: Ensure that the RotateKubeletServerCertificate argument is set to true
- category: Kubernetes Security Check
checkID: KCV0036
description: >-
Explicitly set a service account private key file for service accounts
on the controller manager.
messages:
- ''
severity: LOW
success: true
title: >-
Ensure that the --service-account-private-key-file argument is set as
appropriate
- category: Kubernetes Security Check
checkID: KCV0078
description: >-
Ensure that if the kubelet refers to a configuration file with the
--config argument, that file is owned by root:root.
messages:
- ''
severity: HIGH
success: true
title: >-
If the kubelet config.yaml configuration file is being used validate
file ownership is set to root:root
- category: Kubernetes Security Check
checkID: KCV0061
description: Ensure that the admin config file ownership is set to root:root.
messages:
- ''
severity: CRITICAL
success: true
title: Ensure that the admin config file ownership is set to root:root
- category: Kubernetes Security Check
checkID: KCV0047
description: Do not use self-signed certificates for TLS.
messages:
- ''
severity: LOW
success: true
title: Ensure that the --peer-auto-tls argument is not set to true
- category: Kubernetes Security Check
checkID: KCV0033
description: Activate garbage collector on pod termination, as appropriate.
messages:
- ''
severity: LOW
success: true
title: >-
Ensure that the --terminated-pod-gc-threshold argument is set as
appropriate
- category: Kubernetes Security Check
checkID: KCV0057
description: >-
Ensure that the container network interface file ownership is set to
root:root.
messages:
- ''
severity: HIGH
success: true
title: >-
Ensure that the container network interface file ownership is set to
root:root
- category: Kubernetes Security Check
checkID: KCV0077
description: >-
Ensure that if the kubelet refers to a configuration file with the
--config argument, that file has permissions of 600 or more restrictive.
messages:
- ''
severity: HIGH
success: true
title: >-
If the kubelet config.yaml configuration file is being used validate
permissions set to 600 or more restrictive
- category: Kubernetes Security Check
checkID: KCV0089
description: Setup TLS connection on the Kubelets.
messages:
- Ensure that the --tls-key-file argument are set as appropriate
severity: CRITICAL
success: false
title: Ensure that the --tls-key-file argument are set as appropriate
- category: Kubernetes Security Check
checkID: KCV0020
description: Retain the logs for at least 30 days or as appropriate.
messages:
- ''
severity: LOW
success: true
title: >-
Ensure that the --audit-log-maxage argument is set to 30 or as
appropriate
- category: Kubernetes Security Check
checkID: KCV0041
description: Do not bind the scheduler service to non-loopback insecure addresses.
messages:
- ''
severity: LOW
success: true
title: Ensure that the --bind-address argument is set to 127.0.0.1
- category: Kubernetes Security Check
checkID: KCV0043
description: Enable client authentication on etcd service.
messages:
- ''
severity: LOW
success: true
title: Ensure that the --client-cert-auth argument is set to true
- category: Kubernetes Security Check
checkID: KCV0039
description: Do not bind the scheduler service to non-loopback insecure addresses.
messages:
- ''
severity: LOW
success: true
title: Ensure that the --bind-address argument is set to 127.0.0.1
- category: Kubernetes Security Check
checkID: KCV0075
description: >-
Ensure that the certificate authorities file has permissions of 600 or
more restrictive.
messages:
- ''
severity: CRITICAL
success: true
title: >-
Ensure that the certificate authorities file permissions are set to 600
or more restrictive
- category: Kubernetes Security Check
checkID: KCV0022
description: Rotate log files on reaching 100 MB or as appropriate.
messages:
- ''
severity: LOW
success: true
title: >-
Ensure that the --audit-log-maxsize argument is set to 100 or as
appropriate
- category: Kubernetes Security Check
checkID: KCV0052
description: >-
Ensure that the scheduler pod specification file has permissions of 600
or more restrictive.
messages:
- ''
severity: HIGH
success: true
title: >-
Ensure that the scheduler pod specification file permissions are set to
600 or more restrictive
- category: Kubernetes Security Check
checkID: KCV0081
description: Enable Kubelet authentication using certificates.
messages:
- Ensure that the --client-ca-file argument is set as appropriate
severity: CRITICAL
success: false
title: Ensure that the --client-ca-file argument is set as appropriate
- category: Kubernetes Security Check
checkID: KCV0066
description: >-
Ensure that the Kubernetes PKI directory and file file ownership is set
to root:root.
messages:
- ''
severity: CRITICAL
success: true
title: >-
Ensure that the Kubernetes PKI directory and file file ownership is set
to root:root
- category: Kubernetes Security Check
checkID: KCV0073
description: >-
Ensure that the kubelet.conf file has permissions of 600 or more
restrictive.
messages:
- ''
severity: HIGH
success: true
title: >-
Ensure that the --kubeconfig kubelet.conf file permissions are set to
600 or more restrictive
- category: Kubernetes Security Check
checkID: KCV0044
description: Do not use self-signed certificates for TLS.
messages:
- ''
severity: LOW
success: true
title: Ensure that the --auto-tls argument is not set to true
- category: Kubernetes Security Check
checkID: KCV0054
description: >-
Ensure that the etcd pod specification file has permissions of 600 or
more restrictive.
messages:
- ''
severity: HIGH
success: true
title: >-
Ensure that the etcd pod specification file permissions are set to 600
or more restrictive
- category: Kubernetes Security Check
checkID: KCV0003
description: >-
This admission controller rejects all net-new usage of the Service field
externalIPs.
messages:
- ''
severity: LOW
success: true
title: Ensure that the --DenyServiceExternalIPs is not set
- category: Kubernetes Security Check
checkID: KCV0076
description: >-
Ensure that the certificate authorities file ownership is set to
root:root.
messages:
- ''
severity: CRITICAL
success: true
title: >-
Ensure that the client certificate authorities file ownership is set to
root:root
- category: Kubernetes Security Check
checkID: KCV0082
description: Disable the read-only port.
messages:
- Verify that the --read-only-port argument is set to 0
severity: HIGH
success: false
title: Verify that the --read-only-port argument is set to 0
scanner:
name: Trivy
vendor: Aqua Security
version: 0.12.1
summary:
criticalCount: 5
highCount: 5
lowCount: 0
mediumCount: 0Additional info:
- I am running the latest POLR Adapter
ghcr.io/fjogeleit/trivy-operator-polr-adapter:0.4.2 - The starting logs of the container are as follows:
[INFO] ConfigAuditReports enabled [INFO] VulnerabilityReports enabled [INFO] ComplianceReports enabled [INFO] RbacAssessmentReports enabled [INFO] ExposedSecretReports enabled [INFO] InfraAssessmentReportClient enabled
hey, thanks for mentioning, I will have a look and add it with the next release.
btw seems like the POLR CRDs are now available in v1beta1 (https://github.com/kubernetes-sigs/wg-policy-prototypes/tree/master/policy-report/crd/v1beta1) .. is there a plan to migrate to that as well? should I open a new issue?
I think this version is still discussed and not final, I will upgrade but not yet. I keep an eye on it.
Support are added and released with v0.5.0. You can enable it with adapters.clusterInfraAssessmentReports.enabled
Since version 0.4.0 the adapters using the scope property to define the related resource once instead of repeating it in all results. This is not supported in older version of Policy Reporter. So ensure that you are using a helm chart version >= v2.17.0 - if you not already do.
Let me give it a spin tomorrow and get back to you. Thanks a lot 😌
works like a charm! thanks a lot
thanks for your feedback
Hey @sherifkayad, not related to this issue - but one question:
One of my goals this year is an rewrite / restructuring of Policy Reporter UI: kyverno/policy-reporter#222
I start looking for Users with different Use Cases of the UI to get an idea what could be improved. As a user of the UI together with the Trivy Operator integration it would be cool to get some feedback from you.
Not now or in the next weeks, I just want to start to plan it and prepare some kind of user interview / questions.
@fjogeleit I am totally in for it .. feel free to ping me at any time .. also you can use my email address sherif.k.ayad@gmail.com .. I would love to participate in that survey
Thanks a lot, I will reach out to you