Open TorstenD-SAP opened 5 months ago
There is no kind/
label present. Please add one by using the following command:
/kind <kind>
Available kinds:
deprecation
, bug
, chore
, feature
, flake
, cleanup
, missing-test
, failing-test
There are no area/
labels present. Please add one by using the following command:
/area <area>
This issue has been automatically marked as stale due to the lack of recent activity. It will soon be closed if no further activity occurs. Thank you for your contributions.
This issue has been automatically closed due to the lack of recent activity. /lifecycle rotten
Description
The findings from the Multicloud Security team regarding the cloud accounts used by Kyma have to be integrated into our Vulnerability Management solution including the Security Dashboard to allow developers and SREs to work on them as they do right now with vulnerabilities.
Reasons
SAP Global Security defines the security settings of cloud accounts used by LoBs at SAP (Security Policy Framework) and the Multicloud has implemented a solution (Orca) to check compliance with this rules. Noncompliance is reported on a regular basis and there is also an API available to request this information on demand. Each LoB has to fix noncompliance or request an exception with a defined SLA. This process is part of a Compliance Control and regularly audited by external parties.
Acceptance Criteria
Attachments