Uploaded image for project: 'Red Hat Advanced Cluster Security'
  1. Red Hat Advanced Cluster Security
  2. ROX-28187

Enabling ScannerV4 for IBM

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Obsolete
    • Icon: Major Major
    • None
    • None
    • None
    • Product / Portfolio Work
    • False
    • Hide

      None

      Show
      None
    • False
    • 0

      • Background:
        • IBM is our (ACSCS) "friendly tenant", they're willing to go through some pain and let us try new features
        • IBM is the biggest tenant. They will become even bigger (scalability?) soon.
        • We want to first test ScannerV4 on IBM, then move everybody to ScannerV4
        • We understand that there is some OOMing issue going on, related to ScannerV4
        • We are trying to understand the risks
        • So far, we(ACSCS)'ve gathered that
          • Switching back to ScannerV2 is impossible if node scanning was enabled
          • Switching back to ScannerV2, regardless, causes some "pain, broken policies and confusion"
          • ScannerV4 components have started OOMed recently, and we wanted to make sure that the memory usage was expected.
      • We have only a very piecemeal/partial understanding of the consequences of enabling Scanner V4:
        • ScannerV4 and/or ScannerV4 interactions/cohabitation
        • Node scanning
        • Delegated Scanning
        • Others? Maybe SBOM generation ?
      • Some more background: in a nutshell, our objective is to assess the risk of enabling ScannerV4 for IBM on the Cloud Service.

              Unassigned Unassigned
              rh-ee-yli3 Yi Li
              ACS Scanner
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: