We’re using OCP 4.10.33 with Compliance Operator 0.1.53 and getting ComplianceCheckResult FAIL ocp4-cis-scc-limit-container-allowed-capabilities, does anybody have a set of commands that can be used to link the outputs of the commands below to identify which sccs are getting triggering this rule to fail?ocp4-cis-scc-limit-container-allowed-capabilities

Limit Container Capabilities
By default, containers run with a default set of capabilities as assigned by the Container Runtime which can include dangerous or highly privileged capabilities. Capabilities should be dropped unless absolutely critical for the container to run software as added capabilities that are not required allow for malicious containers or attackers.

Inspect each SCC returned from running the following command:
$ oc get scc
Next, examine the outputs of the following commands:
$ oc describe roles --all-namespaces
$ oc describe clusterroles
For any role/clusterrole that reference the securitycontextconstraints resource with the resourceNames
of the SCCs that do not list an explicit allowedCapabilities, examine the associated rolebindings to account for the users that are bound to the role.
Review each SCC and determine that only required capabilities are either completely added as a list entry under allowedCapabilities, or that all the un-required capabilities are dropped for containers and SCCs.

0.1.53

1. After running compliance scan with FAIL ocp4-cis-scc-limit-container-allowed-capabilities ComplianceCheckResult, run `oc get compliancecheckresult ocp4-cis-scc-limit-container-allowed-capabilities`

The instructions provided (pasted above) require analysis of joining the output of scc, cluster role, role and role binding to be able to determine which are the non compliant SCC which can be very time consuming. 

 Ideally if a set of jq commands can be provided similar to the initial one, it would help customer speed up their analysis.

Link to slack thread regarding this: https://redhat-internal.slack.com/archives/CHCRR73PF/p1679081273262379