UNCLASSIFIED - NO CUI

Skip to content
Snippets Groups Projects
New look: Off

Add Kyverno Reporter Data to PostgreSQL and Implement Vulnerability Endpoint

    • Closed Issue created by Manuel Ucles @mucles

    Description:

    Integrate Kyverno Policy Reporter data into PostgreSQL and develop a policy-endpoint API to retrieve and process this data for compliance and security reporting.

    Tasks:

    1. Database Schema Update

      • Define a new table for storing Kyverno Policy Reporter vulnerability data.
      • Fields may include:
        • id (UUID, Primary Key)
        • namespace (VARCHAR)
        • policy_name (VARCHAR)
        • rule_name (VARCHAR)
        • severity (VARCHAR)
        • status (VARCHAR - Pass/Fail)
        • timestamp (TIMESTAMP)
        • raw_data (JSONB - for detailed policy violation information)
      • Implement necessary indexes for performance optimization.

    2. Ingest Kyverno Reporter Data

      • Normalize and insert policy violation data into PostgreSQL.
      • Implement error handling and logging.

    3. Create Vulnerability API Endpoint

      • Develop a new GET /api/v1/policy-scans endpoint.
      • Support filtering by namespace, policy_name, severity, and timestamp.
      • Query the PostgreSQL database to fetch and return vulnerability reports.

    4. Testing & Validation

      • Write unit tests for data ingestion and API queries.

    5. Documentation

      • Document database schema changes and API usage.
      • Provide examples of API requests and expected responses.

    Acceptance Criteria:

    • Kyverno Policy Reporter vulnerability data is stored in PostgreSQL.
    • GET /api/v1/policy-scans returns correct policy violation results with filters.
    • Unit and integration tests validate data ingestion and API behavior.
    • Documentation is complete and published.
    Edited by Manuel Ucles

    Designs

      Child items ...

      2. Activity

      Please register or sign in to reply

      UNCLASSIFIED - NO CUI