Closed andrewg-xyz closed 2 years ago
Yes! Current Proof-of-concept will be targeting a live-environment. With one of the proposed architectures for kubernetes compliance, providing manifests as the target is feasible. Labeling with post-POC
to track extended functionality to support
This has been initially implemented in #25
Readme documents the --resource
or -r
flag that ingests many resource manifests and performs validation against those given a supplied OSCAL component file.
Closing.
Kubernetes is largely declarative, might there be a way to run the auditor against manifests before they are applied to the cluster to inform the security posture?