a page in security and compliance section showing shoot spects (for Azure, GCP and AWS) and diki configs which Gardener is using in order to produce the Hardened Shoots diki report
Copy diki report in a dedicated (html) page visible in the site
Other considerations for the report:
Use latest Gardener release
With recommended K8S v
Against the latest supported DISA STIGs for Kubernetes version
No need to keep older versions here but we will have them anyways from git
Remove internal info (e.g. urls from our landscapes), consider opening an internal PR with the changes before the public PR
The project MUST provide an assurance case that justifies why its security requirements are met. The assurance case MUST include: a description of the threat model, clear identification of trust boundaries, an argument that secure design principles have been applied, and an argument that common implementation security weaknesses have been countered. (URL required)
What would you like to be added:
Hardened Shoots
diki reportOther considerations for the report:
Why is this needed:
https://www.bestpractices.dev/en/projects/1822?criteria_level=1#security