Integrate Multicloud Cloud Account compliance findings into Security Dashboard

[TorstenD-SAP]

Description

The findings from the Multicloud Security team regarding the cloud accounts used by Kyma have to be integrated into our Vulnerability Management solution including the Security Dashboard to allow developers and SREs to work on them as they do right now with vulnerabilities.

Reasons

SAP Global Security defines the security settings of cloud accounts used by LoBs at SAP (Security Policy Framework) and the Multicloud has implemented a solution (Orca) to check compliance with this rules. Noncompliance is reported on a regular basis and there is also an API available to request this information on demand. Each LoB has to fix noncompliance or request an exception with a defined SLA. This process is part of a Compliance Control and regularly audited by external parties.

Acceptance Criteria

• [ ] Developers and SREs are able to see open findings on the Security Dashboard
• [ ] Noncompliance findings are de-duplicated in order to allow efficient processing by developers/SREs
• [ ] Github issues are created relating to the de-duplicated findings list and assigned to the responsible owner of the account
• [ ] Exceptions have to be taken into account before issues are created
• [ ] Developers / SREs have to be able to request exceptions for a finding (there is no consistent exception process in place and therefor "real" exceptions have to be requested by the Security Experts)

Attachments

[kyma-bot]

There is no kind/ label present. Please add one by using the following command:

• /kind <kind>

Available kinds: deprecation, bug, chore, feature, flake, cleanup, missing-test, failing-test

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.

[kyma-bot]

There are no area/ labels present. Please add one by using the following command:

• /area <area>

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.

[github-actions[bot]]

This issue has been automatically marked as stale due to the lack of recent activity. It will soon be closed if no further activity occurs. Thank you for your contributions.

[github-actions[bot]]

This issue has been automatically closed due to the lack of recent activity. /lifecycle rotten