Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Normal
Fix Version/s: None
Affects Version/s: None
Component/s: Compliance Operator
Labels:
- triaged

Activity Type:
Product / Portfolio Work
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False

SFDC Cases Links:
SFDC Cases Open:
SFDC Cases Counter:

PX Priority Data:
PX Impact Score:
PX Impact Range:
PX Review Complete:
PX Technical Impact:

Compliance Operator CIS Benchmark conflict

2. The OpenShift Compliance Operator includes a CIS Benchmark rule set that enforces the OpenSCAP CIS OpenShift 4 Benchmark which includes Kubernetes CIS Benchmark 5.1.3. Defining OperatorGroups intentionally creates ClusterRoles with wildcards which violates one of the rules.

3. Customers using the CIS Benchmark to harden there OpenShift clusters will see RBAC policies with wildcard verbs ("*"), in violation of the ocp4-cis-rbac-wildcard-use rule.

4. Compliance Operator profiles

clones

CMP-1906 Compliance Operator CIS Benchmark conflict

Closed

is related to

CMP-1906 Compliance Operator CIS Benchmark conflict

Closed

Assignee:: Unassigned

Reporter:: Doron Caspin

SME:: Jakub Hrozek (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2022/09/29 4:07 PM

Updated:: 2025/10/27 5:25 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates