Uploaded image for project: 'Red Hat OpenStack Services on OpenShift'
  1. Red Hat OpenStack Services on OpenShift
  2. OSPRH-9345

Use compliance-operator to generate compliance scans in a CI run

XMLWordPrintable

    • 3
    • False
    • Hide

      None

      Show
      None
    • False
    • ?
    • ?
    • OSPRH-10439 - Compliance Scanning of RHOSO 18.0 - Control Plane [FR2]
    • ?
    • ?
    • DFG Security: UC Sprint 100, DFG Security: UC Sprint 101

      The compliance operator can be used to do compliance scans against the openshift controller nodes against various compliance benchmarks.

      We need to get these running in at least one CI run (one of the FIPS enabled uni-jobs), so that we can see how far we are from compliance and what additional work we need to do.

      This story is to create an ansible role or otherwise to:
      1. install the compliance operator
      2. Install the oc-compliance plugin
      3. Create the needed scansettings (using the oc-compliance plugin) and wait for the results to be completed.
      4. Retrieve the results and use "oscap xccdf generate report " to generate a basic report.
      5. Make sure that the relevant results are returned to the CI output

              rhn-gps-alee Ade Lee
              rhn-gps-alee Ade Lee
              rhos-dfg-security
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: