Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Override empty/default controls-config during installation #595

Open
AdonisOkpidi opened this issue Jan 16, 2025 · 2 comments
Open

Override empty/default controls-config during installation #595

AdonisOkpidi opened this issue Jan 16, 2025 · 2 comments
Assignees
@matthyx
Labels
bug Something isn't working

Comments

@AdonisOkpidi
Copy link

AdonisOkpidi commented Jan 16, 2025
edited
Loading

Overview

The compliance scan results includes a number of skipped controls status: skipped because no controls-config file was supplied.

Question

How do you override the default control file similar to using the kubescape scan command --controls-config flag, which allows using custom control configuration?

Environment

  • OS: Windows
  • Kubescape Version: v3.0.18

Example result

```bash
  C-0078:
  controlID: C-0078
  name: CIS-5.1.4 Minimize Container Registries to only those approved
  rules:
  - appliedIgnoreRules: null
    controlConfigurations:
      imageRepositoryAllowList: []
    name: container-image-repository-v1
    paths:
    - failedPath: spec.template.spec.containers[0].image
      fixCommand: ""
      fixPath: ""
      fixPathValue: ""
    - failedPath: ""
      fixCommand: ""
      fixPath: ""
      fixPathValue: ""
    relatedResourcesIDs: null
    status:
      status: failed
      subStatus: ""
  severity:
    scoreFactor: 5
    severity: Medium
  status:
    info: 'Control configurations are empty (docs: https://kubescape.io/docs/frameworks-and-controls/configuring-controls)'
    status: skipped
    subStatus: configuration

Expected behavior

Scan completes successfully with no skipped scans after supplying the controls-config.
@AdonisOkpidi AdonisOkpidi added the bug Something isn't working label Jan 16, 2025
@AdonisOkpidi AdonisOkpidi changed the title Override default controls-config during installation Override empty/default controls-config during installation Jan 16, 2025
@matthyx matthyx moved this to Triage in Kubescaping Jan 20, 2025
@matthyx matthyx self-assigned this Jan 21, 2025
@matthyx matthyx moved this from Triage to Accepted in Kubescaping Jan 21, 2025
@matthyx
Copy link
Contributor

matthyx commented Jan 22, 2025

As of today continuous scanning is in beta and missing some capabilities, including the ability to override the scanv1 command, as you can see here: https://github.com/kubescape/operator/blob/6685293de766f6730f53ac24a7b0d3ca2cb89064/continuousscanning/handlers.go#L42

Yesterday during the community meeting, we agreed on finishing continuous scanning this year, but you can already submit a PR for operator to read it from a ConfigMap like we do for the kubescapeScheduler:

helm-charts/charts/kubescape-operator/values.yaml

Line 805 in 0cc9f94

scanV1: {}

@AdonisOkpidi
Copy link
Author

Thanks for getting back about continuous scanning!

My main question here is about the control-configs and how to configure this during installation https://kubescape.io/docs/frameworks-and-controls/configuring-controls/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@matthyx matthyx

Labels
bug Something isn't working
Projects
Kubescaping
Status: Accepted
Milestone
No milestone
Development

No branches or pull requests
2 participants
@AdonisOkpidi @matthyx