gitea-bot
7a96d06727
This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow. Reviewed-on: #2259 Co-authored-by: gitea-bot <gitea-bot@alexlebens.net> Co-committed-by: gitea-bot <gitea-bot@alexlebens.net>
268 lines
11 KiB
YAML
268 lines
11 KiB
YAML
---
|
|
# Source: trivy/charts/trivy-operator/crds/aquasecurity.github.io_clustercompliancereports.yaml
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
controller-gen.kubebuilder.io/version: v0.14.0
|
|
name: clustercompliancereports.aquasecurity.github.io
|
|
spec:
|
|
group: aquasecurity.github.io
|
|
names:
|
|
kind: ClusterComplianceReport
|
|
listKind: ClusterComplianceReportList
|
|
plural: clustercompliancereports
|
|
shortNames:
|
|
- compliance
|
|
singular: clustercompliancereport
|
|
scope: Cluster
|
|
versions:
|
|
- additionalPrinterColumns:
|
|
- description: The age of the report
|
|
jsonPath: .metadata.creationTimestamp
|
|
name: Age
|
|
type: date
|
|
- description: The number of checks that failed
|
|
jsonPath: .status.summary.failCount
|
|
name: Fail
|
|
priority: 1
|
|
type: integer
|
|
- description: The number of checks that passed
|
|
jsonPath: .status.summary.passCount
|
|
name: Pass
|
|
priority: 1
|
|
type: integer
|
|
name: v1alpha1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: ClusterComplianceReport is a specification for the ClusterComplianceReport resource.
|
|
properties:
|
|
apiVersion:
|
|
description: |-
|
|
APIVersion defines the versioned schema of this representation of an object.
|
|
Servers should convert recognized schemas to the latest internal value, and
|
|
may reject unrecognized values.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind is a string value representing the REST resource this object represents.
|
|
Servers may infer this from the endpoint the client submits requests to.
|
|
Cannot be updated.
|
|
In CamelCase.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: ReportSpec represent the compliance specification
|
|
properties:
|
|
compliance:
|
|
properties:
|
|
controls:
|
|
description: Control represent the cps controls data and mapping checks
|
|
items:
|
|
description: Control represent the cps controls data and mapping checks
|
|
properties:
|
|
checks:
|
|
items:
|
|
description: SpecCheck represent the scanner who perform the control check
|
|
properties:
|
|
id:
|
|
description: id define the check id as produced by scanner
|
|
type: string
|
|
required:
|
|
- id
|
|
type: object
|
|
type: array
|
|
commands:
|
|
items:
|
|
description: Commands represent the commands to be executed by the node-collector
|
|
properties:
|
|
id:
|
|
description: id define the commands id
|
|
type: string
|
|
required:
|
|
- id
|
|
type: object
|
|
type: array
|
|
defaultStatus:
|
|
description: define the default value for check status in case resource not found
|
|
enum:
|
|
- PASS
|
|
- WARN
|
|
- FAIL
|
|
type: string
|
|
description:
|
|
type: string
|
|
id:
|
|
description: id define the control check id
|
|
type: string
|
|
name:
|
|
type: string
|
|
severity:
|
|
description: define the severity of the control
|
|
enum:
|
|
- CRITICAL
|
|
- HIGH
|
|
- MEDIUM
|
|
- LOW
|
|
- UNKNOWN
|
|
type: string
|
|
required:
|
|
- id
|
|
- name
|
|
- severity
|
|
type: object
|
|
type: array
|
|
description:
|
|
type: string
|
|
id:
|
|
type: string
|
|
platform:
|
|
type: string
|
|
relatedResources:
|
|
items:
|
|
type: string
|
|
type: array
|
|
title:
|
|
type: string
|
|
type:
|
|
type: string
|
|
version:
|
|
type: string
|
|
required:
|
|
- controls
|
|
- description
|
|
- id
|
|
- platform
|
|
- relatedResources
|
|
- title
|
|
- type
|
|
- version
|
|
type: object
|
|
cron:
|
|
description: cron define the intervals for report generation
|
|
pattern: ^(((([\*]{1}){1})|((\*\/){0,1}(([0-9]{1}){1}|(([1-5]{1}){1}([0-9]{1}){1}){1}))) ((([\*]{1}){1})|((\*\/){0,1}(([0-9]{1}){1}|(([1]{1}){1}([0-9]{1}){1}){1}|([2]{1}){1}([0-3]{1}){1}))) ((([\*]{1}){1})|((\*\/){0,1}(([1-9]{1}){1}|(([1-2]{1}){1}([0-9]{1}){1}){1}|([3]{1}){1}([0-1]{1}){1}))) ((([\*]{1}){1})|((\*\/){0,1}(([1-9]{1}){1}|(([1-2]{1}){1}([0-9]{1}){1}){1}|([3]{1}){1}([0-1]{1}){1}))|(jan|feb|mar|apr|may|jun|jul|aug|sep|okt|nov|dec)) ((([\*]{1}){1})|((\*\/){0,1}(([0-7]{1}){1}))|(sun|mon|tue|wed|thu|fri|sat)))$
|
|
type: string
|
|
reportType:
|
|
enum:
|
|
- summary
|
|
- all
|
|
type: string
|
|
required:
|
|
- compliance
|
|
- cron
|
|
- reportType
|
|
type: object
|
|
status:
|
|
properties:
|
|
detailReport:
|
|
description: ComplianceReport represents a kubernetes scan report
|
|
properties:
|
|
description:
|
|
type: string
|
|
id:
|
|
type: string
|
|
relatedVersion:
|
|
items:
|
|
type: string
|
|
type: array
|
|
results:
|
|
items:
|
|
properties:
|
|
checks:
|
|
items:
|
|
description: ComplianceCheck provides the result of conducting a single compliance step.
|
|
properties:
|
|
category:
|
|
type: string
|
|
checkID:
|
|
type: string
|
|
description:
|
|
type: string
|
|
messages:
|
|
items:
|
|
type: string
|
|
type: array
|
|
remediation:
|
|
description: Remediation provides description or links to external resources to remediate failing check.
|
|
type: string
|
|
severity:
|
|
description: Severity level of a vulnerability or a configuration audit check.
|
|
type: string
|
|
success:
|
|
type: boolean
|
|
target:
|
|
type: string
|
|
title:
|
|
type: string
|
|
required:
|
|
- checkID
|
|
- severity
|
|
- success
|
|
type: object
|
|
type: array
|
|
description:
|
|
type: string
|
|
id:
|
|
type: string
|
|
name:
|
|
type: string
|
|
severity:
|
|
type: string
|
|
status:
|
|
type: string
|
|
required:
|
|
- checks
|
|
type: object
|
|
type: array
|
|
title:
|
|
type: string
|
|
version:
|
|
type: string
|
|
type: object
|
|
x-kubernetes-preserve-unknown-fields: true
|
|
summary:
|
|
properties:
|
|
failCount:
|
|
type: integer
|
|
passCount:
|
|
type: integer
|
|
type: object
|
|
summaryReport:
|
|
description: SummaryReport represents a kubernetes scan report with consolidated findings
|
|
properties:
|
|
controlCheck:
|
|
items:
|
|
properties:
|
|
id:
|
|
type: string
|
|
name:
|
|
type: string
|
|
severity:
|
|
type: string
|
|
totalFail:
|
|
type: integer
|
|
type: object
|
|
type: array
|
|
id:
|
|
type: string
|
|
title:
|
|
type: string
|
|
type: object
|
|
x-kubernetes-preserve-unknown-fields: true
|
|
updateTimestamp:
|
|
format: date-time
|
|
type: string
|
|
required:
|
|
- updateTimestamp
|
|
type: object
|
|
type: object
|
|
x-kubernetes-preserve-unknown-fields: true
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|