Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-6537

Need ways to get to the information of images with violations that are not deployed via K8S deployment.

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • None
    • rhacs-vuln-management
    • None
    • False
    • None
    • False
    • Not Selected

      Business Problem:

      The challenge with all the images reported with CVE that do not have a K8S deployment is that there is no way to get information about them in the UI. 

      From the security admin's point of view, that image will become abandoned, making it impossible to trace back or find the location of the offending image. Equally, if there is a policy violation and the deployment never existed or is removed, we will have no record of where or how that violation took place (cron jobs, pipelines).

      As an ACS admin who does not know about the deployment activities, he/she should still be able to identify the information about the images even if it is not coming from a K8s deployment.

       

      Use Cases:

      In ACS, all images are tracked via a deployment. If the deployment is removed or if the deployment never existed that image will become abandoned, making it impossible to trace back or find the location of the offending image. Equally, if there is a policy violation, and the deployment never existed or it is removed, we will have no record of where or how that violation took place. (cron jobs, pipelines)

      In the above use case, end users will see the error message like, "Warning alert: There was an error fetching the deployment details. This deployment may no longer exist. Deployment with id '2efbb0e2-7a4d-497a-829c-7c438412c197' does not exist: not found."

       

      Key Functionality:

      We need to provide a way for the security admins to identify information (namespace, type of ACS deployment, & related info) about the images, even if it is not coming from a K8s deployment. 

       

      Benefits:

      Meeting the regulatory compliance to have the ability to trace back the location of a violation, including any corresponding metadata. 

      Acceptance criteria:

      A way to trace back the images with violations, including any corresponding information for the image with violations.

      Implementation Suggestions (optional):

      • Integration: [Specify any existing systems or tools that the new feature should integrate with]

       

      • Dependencies: [Describe any dependencies on other 3rd party integrations or OCP components] 

       

      • User Experience: [Provide suggestions for designing the UI to optimize usability. Highlight other relevant aspects of the user experience ]

       

      Timeline:

      [Specify the preferred implementation date or any specific deadlines for the feature implementation]

       

      Please use the following Jira fields to complete this Feature Request

      1. [Jira Field] Summary Required: [Provide a clear and concise name/description for the feature]
      2. [Jira Field] Description:
      3. [Jira Field] Component:
      4. [Jira Field] Priority: [Indicate the importance or urgency of the feature on a scale of High, Medium, or Low]
      1. [Jira Field] Supporting Documentation:
         
      1. [Attach any relevant documents, research, or supporting materials that provide additional context or information]

       

       

              sbadve@redhat.com Shubha Badve
              shanna_chan Pui Chan
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: