From f6ed751dc23f39cff6f9b4b66ea10cb2adcdbb7e Mon Sep 17 00:00:00 2001 From: Erich Blume Date: Mon, 30 Mar 2026 17:39:17 -0700 Subject: [PATCH] Organize scan reports into date-based subdirectories Change Prowler (k8s, iac, image) and Kingfisher CronJobs to write reports under YYYY-MM-DD subdirectories instead of a flat directory. Prevents clutter as weekly scans accumulate. Before: /reports/prowler/prowler-output-In-Cluster-20260329030006.html After: /reports/prowler/2026-03-29/prowler-output-In-Cluster-20260329030006.html Co-Authored-By: Claude Opus 4.6 (1M context) --- argocd/manifests/kingfisher/cronjob.yaml | 2 +- .../manifests/prowler/cronjob-iac-scan.yaml | 19 ++++++++-------- .../manifests/prowler/cronjob-image-scan.yaml | 19 ++++++++-------- argocd/manifests/prowler/cronjob.yaml | 22 +++++++++---------- 4 files changed, 29 insertions(+), 33 deletions(-) diff --git a/argocd/manifests/kingfisher/cronjob.yaml b/argocd/manifests/kingfisher/cronjob.yaml index d05fc0c..3c47528 100644 --- a/argocd/manifests/kingfisher/cronjob.yaml +++ b/argocd/manifests/kingfisher/cronjob.yaml @@ -23,7 +23,7 @@ spec: - | set -e STAMP=$(date +%Y%m%d-%H%M%S) - OUTDIR=/reports/kingfisher + OUTDIR=/reports/kingfisher/$(date +%Y-%m-%d) mkdir -p "$OUTDIR" # Exit codes: 0=clean, 200=findings, 205=validated findings. diff --git a/argocd/manifests/prowler/cronjob-iac-scan.yaml b/argocd/manifests/prowler/cronjob-iac-scan.yaml index c2e2fac..49c8ce6 100644 --- a/argocd/manifests/prowler/cronjob-iac-scan.yaml +++ b/argocd/manifests/prowler/cronjob-iac-scan.yaml @@ -18,17 +18,16 @@ spec: containers: - name: prowler image: registry.ops.eblu.me/blumeops/prowler:kustomized + command: ["/bin/sh", "-c"] args: - - iac - - --scan-repository-url - - https://forge.ops.eblu.me/eblume/blumeops.git - - -z - - --output-formats - - html - - csv - - json-ocsf - - --output-directory - - /reports/prowler-iac + - | + DATEDIR=/reports/prowler-iac/$(date +%Y-%m-%d) + mkdir -p "$DATEDIR" + prowler iac \ + --scan-repository-url https://forge.ops.eblu.me/eblume/blumeops.git \ + -z \ + --output-formats html csv json-ocsf \ + --output-directory "$DATEDIR" volumeMounts: - name: reports mountPath: /reports diff --git a/argocd/manifests/prowler/cronjob-image-scan.yaml b/argocd/manifests/prowler/cronjob-image-scan.yaml index b69ad63..5d8ea7e 100644 --- a/argocd/manifests/prowler/cronjob-image-scan.yaml +++ b/argocd/manifests/prowler/cronjob-image-scan.yaml @@ -48,17 +48,16 @@ spec: containers: - name: prowler image: registry.ops.eblu.me/blumeops/prowler:kustomized + command: ["/bin/sh", "-c"] args: - - image - - --image-list - - /shared/images.txt - - -z - - --output-formats - - html - - csv - - json-ocsf - - --output-directory - - /reports/prowler-images + - | + DATEDIR=/reports/prowler-images/$(date +%Y-%m-%d) + mkdir -p "$DATEDIR" + prowler image \ + --image-list /shared/images.txt \ + -z \ + --output-formats html csv json-ocsf \ + --output-directory "$DATEDIR" volumeMounts: - name: reports mountPath: /reports diff --git a/argocd/manifests/prowler/cronjob.yaml b/argocd/manifests/prowler/cronjob.yaml index 5b2199b..95b7dee 100644 --- a/argocd/manifests/prowler/cronjob.yaml +++ b/argocd/manifests/prowler/cronjob.yaml @@ -40,19 +40,17 @@ spec: containers: - name: prowler image: registry.ops.eblu.me/blumeops/prowler:kustomized + command: ["/bin/sh", "-c"] args: - - kubernetes - - --compliance - - cis_1.11_kubernetes - - --mutelist-file - - /tmp/mutelist/mutelist.yaml - - -z - - --output-formats - - html - - csv - - json-ocsf - - --output-directory - - /reports/prowler + - | + DATEDIR=/reports/prowler/$(date +%Y-%m-%d) + mkdir -p "$DATEDIR" + prowler kubernetes \ + --compliance cis_1.11_kubernetes \ + --mutelist-file /tmp/mutelist/mutelist.yaml \ + -z \ + --output-formats html csv json-ocsf \ + --output-directory "$DATEDIR" volumeMounts: - name: reports mountPath: /reports