Uploaded image for project: 'Red Hat Advanced Cluster Security'
  1. Red Hat Advanced Cluster Security
  2. ROX-32208

[Design] Granular Exception Management for Vulnerabilities

XMLWordPrintable

    • Icon: Feature Feature
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • None
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • Not Selected

      Goal Summary:

      Granular exception management for vulnerabilities allows users to define and apply vulnerability exceptions at the namespace level rather than the broad image level. This enables team-specific security posture control and delegated security responsibility, ensuring exceptions for a shared image only apply to a specific team's workload without affecting others or requiring centralized, overly broad access management.

      Goals and expected user outcomes:

      • A user can define a security exception (defer a CVE) that is strictly scoped to one or more namespaces/deployments using a specific image, without impacting other deployments using that same image.

      Acceptance Criteria:

      • The system must allow a user with appropriate permissions to create a new exception resource that explicitly specifies the scope as one or more target namespaces in addition to the image name and the specific CVE(s).
      • A Platform Administrator must still have the ability to create exceptions that are globally scoped (applied to the image across all namespaces).
      • Both the UI and the underlying API must be updated to support the creation, viewing, editing, and deletion of namespace-scoped exceptions.

      ACS multi-tenancy strategy brief

              Unassigned Unassigned
              saledort@redhat.com Sabina Aledort
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: