Uploaded image for project: 'Red Hat Advanced Cluster Security'
  1. Red Hat Advanced Cluster Security
  2. ROX-32141

[GA] Stateless Scanning in RHACS

XMLWordPrintable

    • Icon: Feature Feature
    • Resolution: Unresolved
    • Icon: Critical Critical
    • None
    • None
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • ROX-30042RHACS Enhanced Reliability and Scalability with HA/DR considerations
    • Not Selected
    • GA
    • Yes

      Goal Summary:

      CI/CD pipelines for RHACS customers are currently dependent on Central being available. If Central goes down, pipeline security scans fail, slowing developer velocity and creating gaps in supply chain visibility and compliance.  

      This feature delivers a fully supported, production-grade stateless scanning service for RHACS CI/CD pipelines, designed to improve availability and reliability even when Central is offline or degraded. The GA release includes end-to-end enterprise readiness.

      Goals and expected user outcomes:

      Goals:

      • Provide a fully supported stateless scanning service for container images and SBOMs used within CI/CD pipelines.
      • Ensure seamless external persistence of all scan results  
      • Deliver Kubernetes-native failure tolerance to improve scan availability and reliability.
      • Stretch goal: Support additional OCI artifact types (AI-BOMs, Helm charts) where applicable.

      Acceptance Criteria:

      • Users can run security scans in CI/CD pipelines without relying on Central’s uptime.
      • Pipeline execution becomes more resilient and reliable under varying cluster conditions.
      • Security and compliance posture remains intact through guaranteed persistence and ingestion of scan results.
      • Seamless reintegration with Central when it is available 

      Success Criteria or KPIs measured:

      •  
      • Stateless scanning for container images and SBOMs is fully implemented, production-ready, and supported.
      • External persistence for scan results provides durability, integrity, and retry guarantees, with mature integration into Central.
      • Scan service exhibits strong availability and reliability characteristics
      • Full observability provided, including logs, metrics, and alerts suited for production operations.

      Use Cases (Optional):

      • Main scenario: CI/CD pipeline triggers GA scanner → scan runs independently of Central → results persisted externally → pipeline completes without failure.
      • Alternative scenario: A scanner pod fails mid-scan → job is picked up by another instance → results are still captured and retrievable.

      Out of Scope (Optional):

      •  

              sbadve@redhat.com Shubha Badve
              atelang@redhat.com Anjali Telang
              Shubha Badve Shubha Badve
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: