Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OCP4: Add container_security_operator_exists to PCIDSS profile #11776

Merged
merged 1 commit into from
Apr 26, 2024
Merged

OCP4: Add container_security_operator_exists to PCIDSS profile #11776

merged 1 commit into from
Apr 26, 2024

Conversation

Vincent056
Copy link
Contributor

@Vincent056 Vincent056 commented Apr 1, 2024
edited
Loading

This pr adds container_security_operator_exists rule to PCI-DSS 4.0 6.3.2

@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 1, 2024

Start a new ephemeral environment with changes proposed in this pull request:

Fedora Environment
Open in Gitpod

Oracle Linux 8 Environment
Open in Gitpod

@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 2, 2024
edited
Loading

🤖 A k8s content image for this PR is available at:
ghcr.io/complianceascode/k8scontent:11776
This image was built from commit: 6dcc5bc

Click here to see how to deploy it

If you alread have Compliance Operator deployed:
utils/build_ds_container.py -i ghcr.io/complianceascode/k8scontent:11776

Otherwise deploy the content and operator together by checking out ComplianceAsCode/compliance-operator and:
CONTENT_IMAGE=ghcr.io/complianceascode/k8scontent:11776 make deploy-local

@marcusburghardt marcusburghardt added the OpenShift OpenShift product related. label Apr 3, 2024
@yuumasato yuumasato self-assigned this Apr 9, 2024
yuumasato
yuumasato reviewed Apr 9, 2024
View reviewed changes
Copy link
Member

@yuumasato yuumasato left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The rule seems to align closer to 6.3.2.

It is not clear to me how the rule container_security_operator_exists supports requirements 8.6.1, 8.6.2 and 8.6.3.

applications/openshift/risk-assessment/container_security_operator_exists/rule.yml Outdated Show resolved Hide resolved
@openshift-merge-robot openshift-merge-robot added the needs-rebase Used by openshift-ci bot. label Apr 22, 2024
@yuumasato
Copy link
Member

@Vincent056 You got into a conflict with another PR of yours:
#11675

@openshift-merge-robot openshift-merge-robot removed the needs-rebase Used by openshift-ci bot. label Apr 25, 2024
@Vincent056
Copy link
Contributor Author

@yuumasato wondering if you have seen ValueError: Rule container_security_operator_exists contains pcidss4 reference, but this reference type is provided by pcidss_4 controls. Please remove the reference from rule.yml.

@yuumasato
Copy link
Member

yuumasato commented Apr 25, 2024
edited
Loading

@yuumasato wondering if you have seen ValueError: Rule container_security_operator_exists contains pcidss4 reference, but this reference type is provided by pcidss_4 controls. Please remove the reference from rule.yml.

@Vincent056 Yes, It means that pcidss4 references are added by a control file.

content/controls/pcidss_4.yml

Line 8 in 593f865

reference_type: pcidss4

So you don't need to add the reference in the rule.
So you can probally add reference_type: pcidss4 to controls/pcidss_4_ocp4.yml, and it will work.
If not, the build system will need adjustments, and we can do that lataer.

@Vincent056
OCP4: Add container_security_operator_exists to PCIDSS profile
6dcc5bc 
This pr adds container_security_operator_exists rule to PCI-DSS 4.0 6.3.2
@codeclimate CodeClimate
Copy link

codeclimate bot commented Apr 25, 2024

Code Climate has analyzed commit 6dcc5bc and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 59.2% (0.0% change).

View more on Code Climate.

@yuumasato yuumasato added this to the 0.1.73 milestone Apr 26, 2024
@yuumasato
Copy link
Member

Merging.
This PR is just selecting a rule for OCP4 PCI-DSS.
There is no need to run profile remediations for rhel7, 8 and 9.

@yuumasato yuumasato merged commit 91b6b27 into ComplianceAsCode:master Apr 26, 2024
34 checks passed
@Mab879 Mab879 added the Update Profile Issues or pull requests related to Profiles updates. label May 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yuumasato yuumasato yuumasato approved these changes

Assignees

@yuumasato yuumasato

Labels
OpenShift OpenShift product related. Update Profile Issues or pull requests related to Profiles updates.
Projects
None yet
Milestone
0.1.73
Development

Successfully merging this pull request may close these issues.
5 participants
@Vincent056 @yuumasato @Mab879 @marcusburghardt @openshift-merge-robot