{ "description": "RbacAssessmentReport is a specification for the RbacAssessmentReport resource.", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "report": { "properties": { "checks": { "description": "Checks provides results of conducting audit steps.", "items": { "description": "Check provides the result of conducting a single audit step.", "properties": { "category": { "type": "string" }, "checkID": { "type": "string" }, "description": { "type": "string" }, "messages": { "items": { "type": "string" }, "type": "array" }, "remediation": { "description": "Remediation provides description or links to external resources to remediate failing check.", "type": "string" }, "scope": { "description": "Scope indicates the section of config that was audited.", "properties": { "type": { "description": "Type indicates type of this scope, e.g. Container, ConfigMapKey or JSONPath.", "type": "string" }, "value": { "description": "Value indicates value of this scope that depends on Type, e.g. container name, ConfigMap key or JSONPath expression", "type": "string" } }, "required": [ "type", "value" ], "type": "object", "additionalProperties": false }, "severity": { "description": "Severity level of a vulnerability or a configuration audit check.", "type": "string" }, "success": { "type": "boolean" }, "title": { "type": "string" } }, "required": [ "checkID", "severity", "success" ], "type": "object", "additionalProperties": false }, "type": "array" }, "scanner": { "description": "Scanner is the spec for a scanner generating a security assessment report.", "properties": { "name": { "description": "Name the name of the scanner.", "type": "string" }, "vendor": { "description": "Vendor the name of the vendor providing the scanner.", "type": "string" }, "version": { "description": "Version the version of the scanner.", "type": "string" } }, "required": [ "name", "vendor", "version" ], "type": "object", "additionalProperties": false }, "summary": { "description": "RbacAssessmentSummary counts failed checks by severity.", "properties": { "criticalCount": { "description": "CriticalCount is the number of failed checks with critical severity.", "type": "integer" }, "highCount": { "description": "HighCount is the number of failed checks with high severity.", "type": "integer" }, "lowCount": { "description": "LowCount is the number of failed check with low severity.", "type": "integer" }, "mediumCount": { "description": "MediumCount is the number of failed checks with medium severity.", "type": "integer" } }, "required": [ "criticalCount", "highCount", "lowCount", "mediumCount" ], "type": "object", "additionalProperties": false } }, "required": [ "checks", "scanner", "summary" ], "type": "object", "additionalProperties": false } }, "required": [ "report" ], "type": "object", "x-kubernetes-preserve-unknown-fields": true }