POC: Evaluate PolicyReport CRD by Kubernetes wg-policy #708
Replies: 4 comments
-
|
I'd like to try it |
Beta Was this translation helpful? Give feedback.
-
|
Great @krol3 ! Notice that I opened kubernetes-sigs/wg-policy-prototypes#79 to allow importing wg-policy as Go module. However, just to try things out we could temporarily copy structures defined in https://github.com/kubernetes-sigs/wg-policy-prototypes/blob/master/policy-report/api/v1alpha2/policyreport_types.go directly into our source code tree and regenerate code as explained in Generate code. |
Beta Was this translation helpful? Give feedback.
-
|
Thnaks @danielpacak , is this POC related to this issue? kubernetes-sigs/wg-policy-prototypes#57 |
Beta Was this translation helpful? Give feedback.
-
Somehow yes. The main difference though is that we can try it out in Starboard repository very easily without waiting for all discussions to be resolved by WG Policy. On the other hand the intent is to collaborate with the WG folks and share our experience with this POC. For this project stand point we want to confirm that the PolicyReport schema is sufficient to replace VulnerabilityReport. |
Beta Was this translation helpful? Give feedback.
-
Starboard is using proprietary VulnerabilityReport CRD to represent weaknesses found in container images. As an alternative or replacement we may consider PolicyReport.
In scope of this POC we should evaluate PolicyReport CRD by mapping Trivy JSON output to PolicyReport schema and identify any issues / limitations.
/cc @itaysk
Beta Was this translation helpful? Give feedback.
All reactions