Usecase of security checks against system (Github and Managed Kubernetes clusters) by multiple PVPs (Auditree, Kyverno, and OCM Policy).
- (Optional) Create OSCAL Component Defintion including multiple PVPs as validation components
- Generate PVP policies from the OSCAL Component Definition
python samples_public/heterogeneous/compliance_to_policy.py \ -c ./plugins_public/tests/data/heterogeneous/component-definition.json \ -o ./policies- Policies for each PVP are generated
$ tree -L 2 policies policies ├── auditree │ └── auditree.json ├── kyverno │ ├── allowed-base-images │ └── disallow-capabilities └── ocm ├── kustomization.yaml ├── parameters.yaml ├── policy-deployment ├── policy-disallowed-roles ├── policy-generator.yaml └── policy-high-scan
- Policies for each PVP are generated
- (Optional) Collect policy validation results from system
- Example all PVP results are located in /plugins_public/tests/data.
- Generate OSCAL Assessment Results from PVP results
python samples_public/heterogeneous/result_to_compliance.py \ -c ./plugins_public/tests/data/heterogeneous/component-definition.json \ -r ./plugins_public/tests/data > assessment-results.json - OSCAL Assessment Results is not human readable format. You can see the merged report in markdown by a quick viewer.
e.g. result.md
c2p tools viewer \ -cdef ./plugins_public/tests/data/heterogeneous/component-definition.json \ -ar assessment-results.json