Generate compliance reports

Get reports on the state of compliance for your environment.

The StackRox Kubernetes Security Platform enables you to generate reports to keep track of the compliance state of your environment. You can use these reports to convey compliance status across various industry mandates to other stakeholders.

You can generate:

  • Executive reports: Focused on the business audience and includes charts and summary of compliance status in PDF format.
  • Evidence reports: Focused on the technical audience and includes detailed information in CSV format. See the Evidence reports section for more details.

To generate these reports:

  1. Select Compliance from the left-hand navigation menu.
  2. On the compliance dashboard, click Export on the top right side.
    • To generate an executive report, select Download page as PDF.
    • To generate an evidence report, select Download Evidence as CSV.
      Generate compliance reports
      Generate compliance reports

The Export option appears on all compliance pages and filtered views.

Evidence reports

You can export comprehensive compliance-related data from the StackRox Kubernetes Security Platform in CSV format as an Evidence report. This evidence report contains detailed information about the compliance assessment, and it’s tailored towards technical roles, such as compliance auditors, DevOps engineers, or security practitioners.

Evidence report contains the following information:

CSV fieldDescription
StandardThe compliance standard, for example, CIS Kubernetes.
ClusterThe name of the assessed cluster.
NamespaceThe name of the namespace (or project) where the deployment exists.
Object TypeThe Kubernetes entity type of the object. For example, node, cluster, DaemonSet, Deployment, or StaticPod.
Object NameThe name of the object which is a Kubernetes systems-generated string that uniquely identify objects. For example, gke-setup-dev21380-default-pool-8e086a77-1jfq.
ControlThe control number as it appears in the compliance standard.
Control DescriptionDescription about the compliance check that the control carries out.
StateWhether the compliance check passed or failed. For example, Pass or Fail. See states for more details.
EvidenceThe explanation about why a specific compliance check failed or passed.
Assessment TimeThe time and date when you ran the compliance scan.

States

StateDescription
FailThe compliance check failed.
PassThe compliance check passed.
N/AThe StackRox Kubernetes Security Platform skipped the check because it wasn’t applicable.
InfoThe compliance check gathered data, but the StackRox Kubernetes Security Platform couldn’t make a Pass or Fail determination.
ErrorThe compliance check failed due to a technical issue.

In a compliance scan:

  • Control describes a single line item in an industry or regulatory compliance standard against which an auditor evaluates an information system for compliance with said standard. The StackRox Kubernetes Security Platform checks the evidence of compliance with a single control by completing one or more checks.
  • Check is the single test performed during a single control assessment.
  • Some controls have multiple checks associated with them. If any of the associated check fails for a control, the entire control state is marked as Fail.

Questions?

We're happy to help! Reach out to us to discuss questions, issues, or feature requests.

© 2021 StackRox Inc. All rights reserved.