-
Notifications
You must be signed in to change notification settings - Fork 686
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Defined notes and rules for BSI APP.4.4.A17 #12153
base: master
Are you sure you want to change the base?
Defined notes and rules for BSI APP.4.4.A17 #12153
Conversation
Hi @benruland. Thanks for your PR. I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
🤖 A k8s content image for this PR is available at: Click here to see how to deploy itIf you alread have Compliance Operator deployed: Otherwise deploy the content and operator together by checking out ComplianceAsCode/compliance-operator and: |
0e0275f
to
241636c
Compare
Code Climate has analyzed commit 241636c and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 100.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 59.4% (0.0% change). View more on Code Climate. |
@@ -416,9 +416,58 @@ controls: | |||
message to the control plane. The control plane SHOULD ONLY accept nodes into a cluster | |||
that have successfully proven their integrity. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you should number the sections here.
(1) Nodes SHOULD send a cryptographically secured (and, if possible, TPM-verified) status
message to the control plane. (2) The control plane SHOULD ONLY accept nodes into a cluster
that have successfully proven their integrity.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@sluetze Would you like to handle this on a subsequent PR?
Also, the addition of bsi:
references in the rules is not needed anymore.
Verification passed |
Description:
Notes / Rules for BSI APP4.4.A17
Rationale:
As we have multiple customers asking for a BSI profile to be included in the compliance-operator, we are contributing a profile. To provide a better review process, the individual controle are implemented as separate PRs.
This is a follow-up of #11659. It was breaken up for better reviewability.