Attention Iron Bank Customers: On March 27, 2025, we are moving SBOM artifacts from the Anchore Scan job to the Build job to streamline the container hardening pipeline. If you currently download SBOMs from the Anchore Scan job, you can still get them from the Build job and from other sources, including IBFE and image attestations.
Cluster Auditor(CA) pulls data from the kubernetes API, transforms them and inserts them into Elasticsearch which can then be queried by Kibana. The types of objects are both OPA Gatekeeper CRDs and native kubernetes [objects](https://repo1.dso.mil/platform-one/big-bang/apps/core/cluster-auditor/-/blob/main/chart/templates/configMap.yaml).
Cluster Auditor(CA) pulls contstraints from the kubernetes API, transforms them and inserts them into Prometheus to be displayed in a Grafana Dashboard. Cluster Auditor uses OPA Gatekeeper CRDs and native kubernetes [objects](https://repo1.dso.mil/platform-one/big-bang/apps/core/cluster-auditor/-/blob/main/chart/templates/clusterRole.yaml).
## Big Bang Touch Points
...
...
@@ -12,8 +12,8 @@ graph TB
clusterauditor
end
subgraph "Elasticsearch"
clusterauditor --> elasticsearch
subgraph "Prometheus"
clusterauditor --> prometheus
end
```
...
...
@@ -23,7 +23,7 @@ CA currently does not support HA.
## Storage
It uses the currently deployed Elasticsearch that's deployed as part of the logging stack.
It uses the currently deployed Prometheus that's deployed as part of the monitoring stack.
## Single Sign On (SSO)
...
...
@@ -31,9 +31,9 @@ CA does not have SSO Integration.
## Licensing
CA parent image is `fluentd` which uses [Apache License 2.0](https://github.com/fluent/fluentd/blob/master/LICENSE).
CA is based off of the OPA Scorecard which uses the[Apache License 2.0](https://github.com/mcelep/opa-scorecard/blob/master/LICENSE).
