Loading...

XML

Word

Printable

Type: Story
Resolution: Done
Priority: Normal
Fix Version/s: rhos-18.0 Feature Release 1 (Nov 2024)
Affects Version/s: None
Component/s: Security
Labels:
None

Story Points:
3
Epic Link:
OSP Security Scanning Enablement
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Dev Approval:
?
Docs Approval:
?
Feature Link:
OSPRH-2767 - Security and Compliance Scanning
PM Approval:
?
QE Approval:
?
Intelligence Requested:
Market:

Sprint:
DFG Security: UC Sprint 100, DFG Security: UC Sprint 101

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

The compliance operator can be used to do compliance scans against the openshift controller nodes against various compliance benchmarks.

We need to get these running in at least one CI run (one of the FIPS enabled uni-jobs), so that we can see how far we are from compliance and what additional work we need to do.

This story is to create an ansible role or otherwise to:
1. install the compliance operator
2. Install the oc-compliance plugin
3. Create the needed scansettings (using the oc-compliance plugin) and wait for the results to be completed.
4. Retrieve the results and use "oscap xccdf generate report " to generate a basic report.
5. Make sure that the relevant results are returned to the CI output

links to

openstack-k8s-operators/ci-framework#2228: Add a role to run compliance scans against the compute nodes and control plane

Assignee:: Ade Lee

Reporter:: Ade Lee

Team:: rhos-dfg-security

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2024/08/08 8:48 PM

Updated:: 2024/08/29 9:27 PM

Resolved:: 2024/08/29 9:27 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates

PagerDuty