README.md

Report API

The Report API enables uniform reporting of results and findings from policy engines, scanners, or other tooling.

This repository contains the API specification and Custom Resource Definitions (CRDs).

Concepts

The API provides a ClusterReport and its namespaced variant Report.

Each Report contains a set of results and a summary. Each result contains attributes such as the source policy and rule name, severity, timestamp, and the resource.

Reference

• API Reference

Demonstration

Typically the Report API is installed and managed by a producer. However, to try out the API in a test cluster you can follow the steps below:

1. Add Report API CRDs to your cluster:

kubectl create -f crd/openreports.io/v1alpha1/

2. Create a sample policy report resource:

kubectl create -f samples/sample-cis-k8s.yaml

3. View policy report resources:

kubectl get reports

Implementations

The following is a list of projects that produce or consume policy reports:

(To add your project, please create a pull request.)

Producers

• Falco
• Image Scanner
• jsPolicy
• Kyverno
• Netchecks
• Tracee Adapter
• Trivy Operator
• Kubewarden

Consumers

• Fairwinds Insights
• Kyverno Policy Reporter
• Open Cluster Management

Building

make all

Community, discussion, contribution, and support

You can reach the maintainers of this project at:

• Slack
• Mailing List
• WG Policy

Code of conduct

Participation in the OpenReport community is governed by the CNCF Code of Conduct.

Historical References

See the Kubernetes policy working group and the proposal for background and details.