CIS benchmark report
To create a CIS benchmark report, create a
GlobalReport with the
reportType set to
The following sample command uses a GlobalReport to create a daily CIS benchmark report that run on all the nodes.
kubectl apply -f - << EOF
schedule: 0 0 * * *
While there is no extra setup configuration required by the user to generate a benchmark report for Openshift, the result sets will be different than a report generated for regular Kubernetes clusters. Use the Openshift Container Platform Security Guide to cross-reference the benchmark results.
A textual representation of the dashboard.
|startTime||The report interval start time.||RFC3339 string|
|endTime||The report interval start time.||RFC3339 string|
|type||The type of benchmark report||string|
|hiPercentageThreshold||The percentage of passing tests required to rate a node as high||int|
|medPercentageThreshold||The percentage of passing tests required to rate a node as medium||int|
|hiNodeCount||The number of nodes rated as high||int|
|medNodeCount||The number of nodes rated as medium||int|
|lowNodeCount||The number of nodes rated as low||int|
A .csv file of test result summaries per node.
|node||The name of the node.||string|
|version||The version of the platform.||string|
|status||The rating of the node based on percentage of tests passing.||string|
|testsPassing||The number of tests passing.||int|
|testsFailing||The number of tests failing.||int|
|testsUnknown||The number of tests whose results are undetermined due to automation restrictions.||int|
|testsTotal||The total number of tests executed.||int|
A .csv file of tests that have failed.
|nodeName||Node where the test is executed.||string|
|testIndex||Index of the test on the Kubernetes CIS benchmark.||string|
|status||Test results: PASS, FAIL, INFO.||string|
|scored||Indicates whether the Kubernetes CIS benchmark counts this test towards their scoring.||string|
A .csv file with tests that were executed on all nodes. Format remains the same as above.