Skip to content

Commit 91a3f36

Browse files
GroceryBoyJrGroceryBoyJr
committed
CMP-4011: Document Custom OpenShift Compliance Scans using Compliance Operator CEL
1 parent 54c837f commit 91a3f36

File tree

2 files changed

+21
-0
lines changed

2 files changed

+21
-0
lines changed

security/compliance_operator/co-overview.adoc

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -54,6 +54,8 @@ xref:../../security/compliance_operator/co-scans/compliance-operator-remediation
5454

5555
xref:../../security/compliance_operator/co-scans/compliance-operator-advanced.adoc#compliance-operator-advanced[Performing advanced Compliance Operator tasks]
5656

57+
xref:../../security/compliance_operator/co-scans/compliance-operator-customrules.adoc#compliance-operator-customrules[Compliance Operator Custom Rules]
58+
5759
xref:../../security/compliance_operator/co-scans/compliance-operator-troubleshooting.adoc#compliance-operator-troubleshooting[Troubleshooting the Compliance Operator]
5860

5961
xref:../../security/compliance_operator/co-scans/oc-compliance-plug-in-using.adoc#using-oc-compliance-plug-in[Using the oc-compliance plugin]

security/compliance_operator/co-scans/compliance-operator-customrules.adoc

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
:_mod-docs-content-type: ASSEMBLY
2+
[id="compliance-operator-customrules_{context}"]
3+
= Defining CustomRules using the Compliance Operator
4+
include::_attributes/common-attributes.adoc[]
5+
:context: compliance-customrules
6+
7+
toc::[]
8+
9+
[role="_abstract"]
10+
OpenShift Compliance Operator includes a `CustomRule` Custom Resource Definition (CRD) that can create custom compliance checks using Common Expression Language (CEL). This allows Compliance Operator users to create custom scan rules that may not be provided by standardized security profiles. An example shows how to use a `CustomRule` to enforce security checks for `ClusterLogForwarder` resources, ensuring that log data is transmitted securely.
11+
12+
====
13+
[NOTE]
14+
For more information on the Kubernetes Common Expression Language (CEL), refer to link:https://kubernetes.io/docs/reference/using-api/cel/[Common Expression Language in Kubernetes]. For production deployments, always test `CustomRule` resources in non-production environments first and follow your organization's change management procedures when deploying `CustomRule` resources.
15+
====
16+
17+
include::modules/compliance-new-tailored-profiles.adoc[leveloffset=+1]
18+
19+
include::modules/compliance-tailored-profiles.adoc[leveloffset=+1]

0 commit comments

Comments
 (0)