-
Feature Request
-
Resolution: Unresolved
-
Undefined
-
None
-
None
-
False
-
None
-
False
-
Not Selected
-
-
1. Proposed title of this feature request
Add an alert to Compliance Operator when ComplianceScans fail
2. What is the nature and description of the request?
The request is to add a new alert to Compliance Operator for when ComplianceScans fail. Currently if a scan fails due to unforeseen reasons like pod failures, cluster issues, etc...there is nothing to alert customers/SREP that scans have not completed. Without results, we cannot validate if the systems are actually compliant.
3. Why does the customer need this? (List the business requirements here)
Compliance Operator (CO) is utilized in FedRAMP ROSA clusters to ensure we are meeting requirements to monitor the security of clusters. CO is deployed to all FedRAMP clusters shortly after completion of the cluster creation.
If CO's scans are unable to complete for any reason, the ComplianceScans should fail (we intend to implement this setting the timeout option). When those scans fail, we need to be aware that they are failing so we can address the issue. If scan's do not complete, we cannot prove if we are compliant or not. An alert that we can send to PagerDuty would aid us in ensuring we can follow up
4. List any affected packages or components.
Compliance Operator only