Erich Blume
9053ce5955
Split report-reading guidance out of deploy-prowler into its own how-to (read-compliance-reports). Add security & compliance reference card (reference/operations/security) following the pattern of the observability card. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1 KiB
1 KiB
| title | modified | last-reviewed | tags | ||
|---|---|---|---|---|---|
| Prowler | 2026-03-24 | 2026-03-24 |
|
Prowler
CIS Kubernetes Benchmark scanner for compliance posture reporting.
Quick Reference
| Property | Value |
|---|---|
| Namespace | prowler |
| Image | registry.ops.eblu.me/blumeops/prowler (see argocd/manifests/prowler/kustomization.yaml for current tag) |
| Schedule | Weekly (Sunday 3am) |
| Reports | sifaka:/volume1/reports/prowler/ (NFS) |
| Manifests | argocd/manifests/prowler/ |
What it does
Runs Prowler 5 as a CronJob against minikube-indri, executing CIS Kubernetes Benchmark v1.11 checks across pod security, RBAC, apiserver, etcd, kubelet, controller-manager, and scheduler. Reports are written in HTML, CSV, and JSON-OCSF to the NFS share on sifaka.
See also
- security — security & compliance posture overview
- deploy-prowler — deployment how-to, ad-hoc scan instructions, check relevance notes
- read-compliance-reports — how to access and interpret reports