The StackRox Kubernetes Security Platform enables you to generate reports to keep track of the compliance state of your environment. You can use these reports to convey compliance status across various industry mandates to other stakeholders.
You can generate:
- Executive reports: Focused on the business audience and includes charts and summary of compliance status in PDF format.
- Evidence reports: Focused on the technical audience and includes detailed information in CSV format. See the Evidence reports section for more details.
To generate these reports:
- Select Compliance from the left-hand navigation menu.
- On the compliance dashboard, click Export on the top right side.
- To generate an executive report, select Download page as PDF.
- To generate an evidence report, select Download Evidence as CSV.
The Export option appears on all compliance pages and filtered views.
You can export comprehensive compliance-related data from the StackRox Kubernetes Security Platform in CSV format as an Evidence report. This evidence report contains detailed information about the compliance assessment, and it’s tailored towards technical roles, such as compliance auditors, DevOps engineers, or security practitioners.
Evidence report contains the following information:
|Standard||The compliance standard, for example, |
|Cluster||The name of the assessed cluster.|
|Namespace||The name of the namespace (or project) where the deployment exists.|
|Object Type||The Kubernetes entity type of the object. For example, |
|Object Name||The name of the object which is a Kubernetes systems-generated string that uniquely identify objects. For example, |
|Control||The control number as it appears in the compliance standard.|
|Control Description||Description about the compliance check that the control carries out.|
|State||Whether the compliance check passed or failed. For example, |
|Evidence||The explanation about why a specific compliance check failed or passed.|
|Assessment Time||The time and date when you ran the compliance scan.|
|The compliance check failed.|
|The compliance check passed.|
|The StackRox Kubernetes Security Platform skipped the check because it wasn’t applicable.|
|The compliance check gathered data, but the StackRox Kubernetes Security Platform couldn’t make a |
|The compliance check failed due to a technical issue.|
In a compliance scan:
- Control describes a single line item in an industry or regulatory compliance standard against which an auditor evaluates an information system for compliance with said standard. The StackRox Kubernetes Security Platform checks the evidence of compliance with a single control by completing one or more checks.
- Check is the single test performed during a single control assessment.
- Some controls have multiple checks associated with them. If any of the
associated check fails for a control, the entire control state is marked as
We're happy to help! Reach out to us to discuss questions, issues, or feature requests.