--- # Source: trivy/charts/trivy-operator/crds/aquasecurity.github.io_clustercompliancereports.yaml --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.14.0 name: clustercompliancereports.aquasecurity.github.io spec: group: aquasecurity.github.io names: kind: ClusterComplianceReport listKind: ClusterComplianceReportList plural: clustercompliancereports shortNames: - compliance singular: clustercompliancereport scope: Cluster versions: - additionalPrinterColumns: - description: The age of the report jsonPath: .metadata.creationTimestamp name: Age type: date - description: The number of checks that failed jsonPath: .status.summary.failCount name: Fail priority: 1 type: integer - description: The number of checks that passed jsonPath: .status.summary.passCount name: Pass priority: 1 type: integer name: v1alpha1 schema: openAPIV3Schema: description: ClusterComplianceReport is a specification for the ClusterComplianceReport resource. properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: ReportSpec represent the compliance specification properties: compliance: properties: controls: description: Control represent the cps controls data and mapping checks items: description: Control represent the cps controls data and mapping checks properties: checks: items: description: SpecCheck represent the scanner who perform the control check properties: id: description: id define the check id as produced by scanner type: string required: - id type: object type: array commands: items: description: Commands represent the commands to be executed by the node-collector properties: id: description: id define the commands id type: string required: - id type: object type: array defaultStatus: description: define the default value for check status in case resource not found enum: - PASS - WARN - FAIL type: string description: type: string id: description: id define the control check id type: string name: type: string severity: description: define the severity of the control enum: - CRITICAL - HIGH - MEDIUM - LOW - UNKNOWN type: string required: - id - name - severity type: object type: array description: type: string id: type: string platform: type: string relatedResources: items: type: string type: array title: type: string type: type: string version: type: string required: - controls - description - id - platform - relatedResources - title - type - version type: object cron: description: cron define the intervals for report generation pattern: ^(((([\*]{1}){1})|((\*\/){0,1}(([0-9]{1}){1}|(([1-5]{1}){1}([0-9]{1}){1}){1}))) ((([\*]{1}){1})|((\*\/){0,1}(([0-9]{1}){1}|(([1]{1}){1}([0-9]{1}){1}){1}|([2]{1}){1}([0-3]{1}){1}))) ((([\*]{1}){1})|((\*\/){0,1}(([1-9]{1}){1}|(([1-2]{1}){1}([0-9]{1}){1}){1}|([3]{1}){1}([0-1]{1}){1}))) ((([\*]{1}){1})|((\*\/){0,1}(([1-9]{1}){1}|(([1-2]{1}){1}([0-9]{1}){1}){1}|([3]{1}){1}([0-1]{1}){1}))|(jan|feb|mar|apr|may|jun|jul|aug|sep|okt|nov|dec)) ((([\*]{1}){1})|((\*\/){0,1}(([0-7]{1}){1}))|(sun|mon|tue|wed|thu|fri|sat)))$ type: string reportType: enum: - summary - all type: string required: - compliance - cron - reportType type: object status: properties: detailReport: description: ComplianceReport represents a kubernetes scan report properties: description: type: string id: type: string relatedVersion: items: type: string type: array results: items: properties: checks: items: description: ComplianceCheck provides the result of conducting a single compliance step. properties: category: type: string checkID: type: string description: type: string messages: items: type: string type: array remediation: description: Remediation provides description or links to external resources to remediate failing check. type: string severity: description: Severity level of a vulnerability or a configuration audit check. type: string success: type: boolean target: type: string title: type: string required: - checkID - severity - success type: object type: array description: type: string id: type: string name: type: string severity: type: string status: type: string required: - checks type: object type: array title: type: string version: type: string type: object x-kubernetes-preserve-unknown-fields: true summary: properties: failCount: type: integer passCount: type: integer type: object summaryReport: description: SummaryReport represents a kubernetes scan report with consolidated findings properties: controlCheck: items: properties: id: type: string name: type: string severity: type: string totalFail: type: integer type: object type: array id: type: string title: type: string type: object x-kubernetes-preserve-unknown-fields: true updateTimestamp: format: date-time type: string required: - updateTimestamp type: object type: object x-kubernetes-preserve-unknown-fields: true served: true storage: true subresources: status: {}