Notes to engineering

• This was originally a RFE, so some of the comments are describing a feature due to that reason.
• It was capture as a customer support help request (issue type "Ticket") add now part of the scanner rotation backlog
• Original description was left for reference.

Original (RFE) description

1. Proposed title of this feature request
Vulnerability manager in a box

2. What is the nature and description of the request?
In order to track down the validity of a vulnerability reported by ACS, I might look for the CVE/KEV (or other CNA bulletin), find the associated RHSA, look at a SBOM and determine if my running software is impacted. This process can/should be automated so that a person isn't responsible for determining every false positive that ACS seems to report. This can even be a playbook - even ansible or similar.

3. Why does the customer need this? (List the business requirements here)
ACS is reporting false positive findings

4. List any affected packages or components.
Openshift 4.18.22
 

Issue or Concern :

The customer is experiencing a high volume of false positive findings in Red Hat Advanced Cluster Security for Kubernetes (RHACS), particularly for cluster versions that RHACS should have access to.

These false positives add noise, causing the security team to spend unnecessary time triaging them and potentially overlooking more critical issues.
The customer is seeking an automated way to hide, tag differently, or exclude these findings to reduce the load on the security team.

Customer Expectations :

They'd like to be able to have/create an automated workflow to make simple checks (like the version the CVEs in a finding apply to and have ACS flag that can do differently if so.

They assume may be we have a script using roxcli or similar to do this?

If not, they say ACS becomes just another scanning tool they'd want to export data out of and have a script to run through a process with.