Feature Overview

In ACM’s Governance → Policies → Results view, policy violations are displayed when applied policies detect non-compliant resources across clusters. However, the current UI lacks the ability to filter or search through these violations, which often exceed hundreds or even thousands of entries per policy.

This feature request aims to add granular, resource-level filtering capabilities to the violation results view of individual policies — allowing users to quickly narrow down violations by Namespace, Resource kind, Resource name, Message content, and Cluster.

Goals

• Provide a more usable and scalable UI experience for users dealing with high-volume policy violations.

• Allow fine-grained filtering in the policy detail view, not just at the governance overview or cluster level.

• Enable quick root-cause identification and violation triage across large OpenShift deployments.

Requirements

This Section: A list of specific needs or objectives that a Feature must
deliver to satisfy the Feature.. Some requirements will be flagged as MVP.
If an MVP gets shifted, the feature shifts. If a non MVP requirement slips,
it does not shift the feature.

(Optional) Use Cases

This Section:

• As a platform admin, I apply a Rego-based policy that scans for disallowed hostPath mounts. It results in 600+ violations. I want to filter by Namespace and violation message to quickly identify critical workloads affected.

• As a security engineer, I need to review policy violations only in production clusters or specific namespaces (e.g., banking-prod-*).

• As a cluster operator, I want to investigate Pod-level violations flagged by a Kyverno policy, and need to search for specific pod names among hundreds of entries.

Related and Complementary Features (Jira Links)

This feature builds upon and complements several ongoing initiatives:

• ACM-15338: Cluster infrastructure-oriented Governance UX

• ACM-18496: [RFE] ACM custom annotations for policies.
• ACM-15339: Refresh Governance Overview & Dashboard

This request is distinct in that it targets the resource-level view of violations within a specific policy, not metadata-based filtering across clusters or policies.

Out of Scope

• Cross-policy search or filtering across the full governance space (i.e., across policies or clusters simultaneously)

• Automatic remediation or bulk fixes via this UI

• Custom sorting logic based on severity (covered in other RFEs)

Background, and strategic fit

• Enterprises with large OpenShift fleets often generate 100s or 1000s of policy violations per policy.

• Without filtering, the current ACM UI becomes unusable for triage and root cause analysis.

• Aligns with ACM's strategic goals of enterprise-scale governance, compliance observability, and security-first UX.

Customer Considerations

• Customers in finance, government, and healthcare sectors have strict compliance needs and often require filtering by Namespace or workload type.

• Some customers currently rely on CLI tools and custom dashboards for this — impacting time-to-remediation and overall user satisfaction.

Documentation Considerations

Questions to be addressed:

• New section in ACM Governance docs: “Filtering policy violations”

• UI walkthroughs/screenshots for using the filters

• Updates to Release Notes

• CLI/API equivalents (if available)