{ "description": "ClusterComplianceReport is a specification for the ClusterComplianceReport resource.", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "description": "ReportSpec represent the compliance specification", "properties": { "compliance": { "properties": { "controls": { "description": "Control represent the cps controls data and mapping checks", "items": { "description": "Control represent the cps controls data and mapping checks", "properties": { "checks": { "items": { "description": "SpecCheck represent the scanner who perform the control check", "properties": { "id": { "description": "id define the check id as produced by scanner", "type": "string" } }, "required": [ "id" ], "type": "object", "additionalProperties": false }, "type": "array" }, "commands": { "items": { "description": "Commands represent the commands to be executed by the node-collector", "properties": { "id": { "description": "id define the commands id", "type": "string" } }, "required": [ "id" ], "type": "object", "additionalProperties": false }, "type": "array" }, "defaultStatus": { "description": "define the default value for check status in case resource not found", "enum": [ "PASS", "WARN", "FAIL" ], "type": "string" }, "description": { "type": "string" }, "id": { "description": "id define the control check id", "type": "string" }, "name": { "type": "string" }, "severity": { "description": "define the severity of the control", "enum": [ "CRITICAL", "HIGH", "MEDIUM", "LOW", "UNKNOWN" ], "type": "string" } }, "required": [ "id", "name", "severity" ], "type": "object", "additionalProperties": false }, "type": "array" }, "description": { "type": "string" }, "id": { "type": "string" }, "platform": { "type": "string" }, "relatedResources": { "items": { "type": "string" }, "type": "array" }, "title": { "type": "string" }, "type": { "type": "string" }, "version": { "type": "string" } }, "required": [ "controls", "description", "id", "platform", "relatedResources", "title", "type", "version" ], "type": "object", "additionalProperties": false }, "cron": { "description": "cron define the intervals for report generation", "pattern": "^(((([\\*]{1}){1})|((\\*\\/){0,1}(([0-9]{1}){1}|(([1-5]{1}){1}([0-9]{1}){1}){1}))) ((([\\*]{1}){1})|((\\*\\/){0,1}(([0-9]{1}){1}|(([1]{1}){1}([0-9]{1}){1}){1}|([2]{1}){1}([0-3]{1}){1}))) ((([\\*]{1}){1})|((\\*\\/){0,1}(([1-9]{1}){1}|(([1-2]{1}){1}([0-9]{1}){1}){1}|([3]{1}){1}([0-1]{1}){1}))) ((([\\*]{1}){1})|((\\*\\/){0,1}(([1-9]{1}){1}|(([1-2]{1}){1}([0-9]{1}){1}){1}|([3]{1}){1}([0-1]{1}){1}))|(jan|feb|mar|apr|may|jun|jul|aug|sep|okt|nov|dec)) ((([\\*]{1}){1})|((\\*\\/){0,1}(([0-7]{1}){1}))|(sun|mon|tue|wed|thu|fri|sat)))$", "type": "string" }, "reportType": { "enum": [ "summary", "all" ], "type": "string" } }, "required": [ "compliance", "cron", "reportType" ], "type": "object", "additionalProperties": false }, "status": { "properties": { "detailReport": { "description": "ComplianceReport represents a kubernetes scan report", "properties": { "description": { "type": "string" }, "id": { "type": "string" }, "relatedVersion": { "items": { "type": "string" }, "type": "array" }, "results": { "items": { "properties": { "checks": { "items": { "description": "ComplianceCheck provides the result of conducting a single compliance step.", "properties": { "category": { "type": "string" }, "checkID": { "type": "string" }, "description": { "type": "string" }, "messages": { "items": { "type": "string" }, "type": "array" }, "remediation": { "description": "Remediation provides description or links to external resources to remediate failing check.", "type": "string" }, "severity": { "description": "Severity level of a vulnerability or a configuration audit check.", "type": "string" }, "success": { "type": "boolean" }, "target": { "type": "string" }, "title": { "type": "string" } }, "required": [ "checkID", "severity", "success" ], "type": "object", "additionalProperties": false }, "type": "array" }, "description": { "type": "string" }, "id": { "type": "string" }, "name": { "type": "string" }, "severity": { "type": "string" }, "status": { "type": "string" } }, "required": [ "checks" ], "type": "object", "additionalProperties": false }, "type": "array" }, "title": { "type": "string" }, "version": { "type": "string" } }, "type": "object", "x-kubernetes-preserve-unknown-fields": true, "additionalProperties": false }, "summary": { "properties": { "failCount": { "type": "integer" }, "passCount": { "type": "integer" } }, "type": "object", "additionalProperties": false }, "summaryReport": { "description": "SummaryReport represents a kubernetes scan report with consolidated findings", "properties": { "controlCheck": { "items": { "properties": { "id": { "type": "string" }, "name": { "type": "string" }, "severity": { "type": "string" }, "totalFail": { "type": "integer" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "id": { "type": "string" }, "title": { "type": "string" } }, "type": "object", "x-kubernetes-preserve-unknown-fields": true, "additionalProperties": false }, "updateTimestamp": { "format": "date-time", "type": "string" } }, "required": [ "updateTimestamp" ], "type": "object", "additionalProperties": false } }, "type": "object", "x-kubernetes-preserve-unknown-fields": true }