Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-6340

Generate ACS Reports for Vulnerability Data provided by Quay.

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • None
    • rhacs-vuln-management
    • None
    • Improvement
    • False
    • None
    • False
    • Not Selected

      Business Problem:

      A company has a secure environment where they have a disconnected Quay repository. They are migrating 100s of images into the new environment Quay repository. They would like information about the vulnerabilities of the images in Quay at an aggregate level. Their quay instances has image scanning turned on. All images are being scanned and have individual vulnerability reports (viewable individually through the UI). For many reasons (security, planning and trend analysis), they would like to get a high level summary of the image vulnerabilities in the Quay repo. They have few top level Quay organizations.

      Use Cases:

      Given many images in Quay with vulnerability information, organize the vulnerability information as an aggregate view. Have the ability to track total number of vulnerabilities of certain levels, the number of instances of a particular vulnerability, and have the ability to see a timestamp of image age (filtering based on image age could be useful) 

       

      Key Functionality:

      ACS integrates to Quay in some way to pull its vulnerability information for many images. ACS then makes that information available as a spreadsheet report.

       

      Benefits:

      • Aggregate vulnerability reports from a Quay registry and images deployed to an environment will help development teams make estimates on how to bulk fix image vulnerabilities or purge images that should not be used in an environment.
      • Trend analysis between reports of total vulnerability counts might help a team realize their vulnerability hygiene.
      • Knowing aggregate vulnerability information helps plan for migrations especially for images that are not yet deployable to a cluster.

      Acceptance criteria:

      A vulnerability summary report (spreadsheet) can be generated for images that exist in a Quay repository.

      Implementation Suggestions (optional):

      • Integration: [Specify any existing systems or tools that the new feature should integrate with]

       

      • Dependencies: [Describe any dependencies on other 3rd party integrations or OCP components] 

       

      • User Experience: [Provide suggestions for designing the UI to optimize usability. Highlight other relevant aspects of the user experience ]

       

      Timeline:

      [Specify the preferred implementation date or any specific deadlines for the feature implementation]

       

              sbadve@redhat.com Shubha Badve
              rhn-gps-abaumann Andrew Baumann
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: