Skip to content

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[POC] Evaluate PolicyReport CRD by Kubernetes wg-policy #601

Closed
danielpacak opened this issue May 25, 2021 · 4 comments
Closed

[POC] Evaluate PolicyReport CRD by Kubernetes wg-policy #601

danielpacak opened this issue May 25, 2021 · 4 comments
Assignees
Labels
🙏 help wanted Extra attention is needed

Comments

@danielpacak
Copy link
Contributor

danielpacak commented May 25, 2021

Starboard is using proprietary VulnerabilityReport CRD to represent weaknesses found in container images. As an alternative or replacement we may consider PolicyReport.

In scope of this POC we should evaluate PolicyReport CRD by mapping Trivy JSON output to PolicyReport schema and identify any issues / limitations.

/cc @itaysk

@krol3
Copy link
Contributor

krol3 commented Jul 8, 2021

I'd like to try it

@danielpacak
Copy link
Contributor Author

danielpacak commented Jul 8, 2021

Great @krol3 ! Notice that I opened kubernetes-sigs/wg-policy-prototypes#79 to allow importing wg-policy as Go module. However, just to try things out we could temporarily copy structures defined in https://github.com/kubernetes-sigs/wg-policy-prototypes/blob/master/policy-report/api/v1alpha2/policyreport_types.go directly into our source code tree and regenerate code as explained in Generate code.

@krol3
Copy link
Contributor

krol3 commented Jul 8, 2021

Thnaks @danielpacak , is this POC related to this issue? kubernetes-sigs/wg-policy-prototypes#57

@danielpacak
Copy link
Contributor Author

danielpacak commented Jul 8, 2021

Thnaks @danielpacak , is this POC related to this issue? kubernetes-sigs/wg-policy-prototypes#57

Somehow yes. The main difference though is that we can try it out in Starboard repository very easily without waiting for all discussions to be resolved by WG Policy. On the other hand the intent is to collaborate with the WG folks and share our experience with this POC.

For this project stand point we want to confirm that the PolicyReport schema is sufficient to replace VulnerabilityReport.

@aquasecurity aquasecurity locked and limited conversation to collaborators Sep 14, 2021

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

Labels
🙏 help wanted Extra attention is needed
Projects
None yet
Development

No branches or pull requests

2 participants