Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-5901

RHACS: OpenShift vuln data Integration

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • None
    • RHACS, UI
    • None
    • Product / Portfolio Work
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None
    • None

      1. Proposed title of this feature request

      OpenShift UI Integration

      2. What is the nature and description of the request?

      Current Situation: The application reporting in the namespace medical shows several CVEs with a top score of 10

      In OpenShift UI nothing is seen regarding any vulnerability. Not in the Pod, nor on the page of the Deployment nor for the Namespace

      Expectation

      As an application owner, I would like to see inside OpenShift the vulnerabilities of my application without the need of logging into a 2nd UI. On the Topology view of OpenShift for example, a coloured indication or an icon will help to immediately identify Pods with open violations. 

      This helps to quickly gain an overview of possible incidents and to react quicker. 

      Example - Topology View

       

      Example - Deployment View: 

       

      NOTE: This might depend on multi-tenancy support of RHACS.

       

      As a cluster administrator I would like to see a list of violations already on the OpenShift Dashboard, so I can see immediately if a violation occurs and can react accordingly. 

       

      A tight integration into OpenShift UI is expected, so that issues are directly shown for the Deployment, Pod, Topology View and Namespace for any user of the UI. For example, show a new Tab on the Deployment page or an appropriate indication on the Topology View which leads to a summary of the CVEs/Violations and directly link from there to ACS. 

       

      Roles:

      • OpenShift Cluster-Administrator
      • Application/Namespace owner

       

      3. Why does the customer need this? (List the business requirements here)

       

      Justification

      As a product owner: Immediately see on the OpenShift UI any vulnerabilities for you applications

      As a cluster administrator: immediately see a list of all vulnerabilities inside OpenShift before exploring a separate UI.

       

      4. List any affected packages or components.

      Please note that this Jira is part of a larger group of issues raised by BRZ, and you can find more information in this google document.

       

      The document above contains screenshots for clarification;   I'm having trouble getting those into the Jira atm. 

              masyed@redhat.com Mansur Syed
              astrouse@redhat.com Aaron Strouse
              None
              Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                None
                None