Skip to content

CMP-2872: Implement the cel-scanner component #692

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Vincent056 wants to merge 2 commits into from
Closed

CMP-2872: Implement the cel-scanner component #692

Vincent056 wants to merge 2 commits into from

Conversation

@Vincent056
Copy link

@Vincent056 Vincent056 commented Feb 25, 2025

The cel-scanner reads collected resources and evaluates them against the defined CEL rules.
The scanner pod creates Compliance Check Results directly
The results are saved in a specified directory on the pod as optional.

@Vincent056
Add scannerType field, CustomRule CRD, and 'kind' property for rule r…
323d3b6 
…eferences

- Introduce scannerType to ComplianceScan and ComplianceSuite for specifying OpenSCAP or CEL.
- Add custom rule CRD (compliance.openshift.io_customrules.yaml) and types.
- Extend TailoredProfile references with a 'kind' field to differentiate between Rule and CustomRule.
@Vincent056
CMP-2872: Implement the cel-scanner component
1245440 
The cel-scanner reads collected resources and evaluates them against the defined CEL rules.
The scanner pod creates Compliance Check Result directly
The results are saved in a specified directory on the pod as optional.
@Vincent056
Copy link
Author

Vincent056 commented Feb 25, 2025

#686 needs to be merged before this PR, we cherry picked the commit from that PR

@openshift-ci-robot
Copy link
Collaborator

openshift-ci-robot commented Feb 25, 2025

@Vincent056: This pull request references CMP-2872 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.19.0" version, but no target version was set.

Details

In response to this:

The cel-scanner reads collected resources and evaluates them against the defined CEL rules.
The scanner pod creates Compliance Check Results directly
The results are saved in a specified directory on the pod as optional.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci bot requested review from xiaojiey and yuumasato February 25, 2025 11:08
@openshift-ci
Copy link

openshift-ci bot commented Feb 25, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Vincent056

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@rhmdnd rhmdnd added the CEL CEL features and functionality label Feb 27, 2025
@openshift-ci
Copy link

openshift-ci bot commented Feb 28, 2025

@Vincent056: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/verify 1245440 link true /test verify
ci/prow/unit 1245440 link true /test unit
ci/prow/images 1245440 link true /test images
ci/prow/e2e-aws-serial 1245440 link true /test e2e-aws-serial
ci/prow/e2e-rosa 1245440 link true /test e2e-rosa
ci/prow/e2e-aws-parallel 1245440 link true /test e2e-aws-parallel
ci/prow/e2e-aws-parallel-arm 1245440 link true /test e2e-aws-parallel-arm
ci/prow/e2e-aws-serial-arm 1245440 link true /test e2e-aws-serial-arm

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@rhmdnd rhmdnd mentioned this pull request Sep 27, 2025
Merged
@Vincent056
Copy link
Author

Vincent056 commented Oct 2, 2025

close in favor of #671

@Vincent056 Vincent056 closed this Oct 2, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@xiaojiey xiaojiey Awaiting requested review from xiaojiey

@yuumasato yuumasato Awaiting requested review from yuumasato

Assignees

No one assigned

Labels

approved CEL CEL features and functionality jira/valid-reference

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Vincent056 @openshift-ci-robot @rhmdnd