Goal Summary:

ACS API should provide: 

• Details of images that failed to scan.
• Reasons for the failures.
• Frequency of each failure; for ad-hoc scans (typically triggered via roxctl or ACS API)

Goals and expected user outcomes:

ACS admin users can retrieve administrative events generated by ad-hoc scan failures via ACS Administrative Events API. 

Acceptance Criteria:

Upon a failed ad-hoc vulnerability scan of an image

• via roxctl or 
• via ACS API ; for current commands: "image scan", "image check", "image sbom", and "deployment check"; an admin event is created in ACS. 

The “admin event” is accessible via ACS administrative events API. 

Considerations

• Requires Administration view permission to query the API endpoints
• No events are generated for successful scans
• No events are generated when scans are NOT happening (ie: reprocessing is stuck)
• Cannot pull events for a specific image directly, will need to pull all events and then filter externally.
• Administrative events are deduped if the same values are observed within a short period of time.
• Administrative events older than 4 days (by default) are deleted (configurable via System Configuration)

Success Criteria or KPIs measured:

Amplitude statistics <TBD>

Use Cases (Optional):

• Monitor and track failed ad-hoc scans (via roxctl or via ACS API)
• For triaging and reducing the number of failed scans

Out of Scope (Optional):

Making failed ad-hoc scans (via roxctl or via ACS API) failure administrative events accessible to non-admin users via ACS API