Open Rotfuks opened 1 year ago
FYI the scanning automation piece here does not need to be implemented. Trivy Operator will generate CIS and other benchmarks (NSA/DISA) reports in clusters where it is deployed. These reports are collected from MCs already, and it would be possible to collect them also from workload clusters during testing
Motivation
In the past we have done some CIS Benchmark tests in order to see how "secure" our platform is compared to that benchmark. In order to get a continuous picture about this benchmark we have to create automations that check our platform on a regular basis and result in a fresh list of findings/issues.
Todo
Outcome