Goal Summary:

CI/CD pipelines for RHACS customers are currently dependent on Central being available. If Central goes down, pipeline security scans fail, slowing developer velocity and creating gaps in supply chain visibility and compliance.  

The goal of this Technology Preview is to deliver a functional, installable stateless scanning service for RHACS CI/CD pipelines, allowing customers to validate the workflow in real environments. This TP provides core functionality with documented limitations, enabling customer feedback before a production-ready release. 

Goals and expected user outcomes:

Goals:

• Provide a working TP implementation of stateless scanning for container images and SBOMs.

• Support external persistence of scan results (via Central ingestion path or other configured backend).

• Validate Kubernetes HA behavior through scaling, pod restarts, and replica failover.

• Enable CI/CD pipelines to run scans even if Central is temporarily unreachable.

• Stretch goal: Evaluate scanning of additional OCI artifacts such as AI-BOMs and Helm charts.

Acceptance Criteria:

• TP scanner is installable and operational in customer clusters.

• Stateless scans for container images and SBOMs complete successfully using the TP workflow.

• External persistence mechanism for scan results is implemented and functional (e.g., Central ingestion API, object store, or event bus).

• HA behavior validated: multiple replicas can serve scan requests, and pods can restart without impacting scan correctness.

• Scan results remain retrievable even if a scanner instance fails mid-operation.

• Performance, scalability, and security characteristics are documented with known limitations clearly identified.

Success Criteria or KPIs measured:

• Customers can run CI/CD scans successfully without direct dependence on Central availability.

• Kubernetes HA patterns (replicas, failover, rescheduling) function as expected with a stateless design.

• Scan results are consistently persisted and retrievable through the external mechanism.

• TP informs gaps, risks, and priorities required for a production-ready release.

Use Cases (Optional):

• Main scenario: CI/CD pipeline triggers TechPreview scanner → scan runs independently of Central → results persisted externally → pipeline completes without failure.

• Alternative scenario: A scanner pod fails mid-scan → job is picked up by another instance → results are still captured and retrievable.

Out of Scope (Optional):

• Complete GA hardening; this phase focuses on delivering the TP implementation and collecting feedback.