Open czunker opened 2 years ago
I guess we should return the score from the scan. The Mondoo Client has a --score-threshold
which determines when a scan will exit with 1. On the longer term we probably need to expose such a configuration for the admission controller as well that would deny only resources with a threshold below a certain value. If we head in that direction, then showing the score should be sufficient I suppose.
To make it a bit nicer we could technically also return the link to view the asset in the Mondoo UI. Not sure if we have enough information to generate that link though.
Is your feature request related to a problem? Please describe.
Describe the solution you'd like When we run the admission webhook in
enforcing
mode, it does not provide details why an object was denied: https://github.com/mondoohq/mondoo-operator/blob/main/pkg/webhooks/handler/webhook.go#L135With kubectl it looks like this:
Describe alternatives you've considered The current way is to look up the details in the Mondoo console.
Additional context What do we do, when multiple rules report problems? Do we only report the worst rule?