diff --git a/_topic_maps/_topic_map.yml b/_topic_maps/_topic_map.yml index 172d13fe6077..75fb30ef3b24 100644 --- a/_topic_maps/_topic_map.yml +++ b/_topic_maps/_topic_map.yml @@ -162,6 +162,8 @@ Topics: File: reissue-internal-certificates - Name: Adding security notices File: add-security-notices +- Name: Customizing platform components + File: customizing-platform-components - Name: Enabling offline mode File: enable-offline-mode - Name: Enabling alert data retention diff --git a/configuration/customizing-platform-components.adoc b/configuration/customizing-platform-components.adoc new file mode 100644 index 000000000000..1484e45acf68 --- /dev/null +++ b/configuration/customizing-platform-components.adoc @@ -0,0 +1,20 @@ +:_mod-docs-content-type: ASSEMBLY +[id="customizing-platform-components_{context}"] += Customizing platform components +include::modules/common-attributes.adoc[] +:context: customizing-platform-components + +toc::[] + +[role="_abstract"] +You can view and customize platform components within {rh-rhacs-first}. +By using {product-title-short}, you can identify vulnerabilities in your user workloads and platform components. +User workloads are the applications and images that you deploy. +Platform components include the underlying infrastructure, Operators, and third-party services that support application development. +Defining these components helps categorize security findings and segments them by area of responsibility. + +In previous versions, {product-title-short} automatically identified platform components based on predefined namespaces. Now, you can customize which namespaces {product-title-short} identifies as platform components. Allowing for more granular control over how {product-title-short} categorizes security findings. + +include::modules/understanding-platform-components.adoc[leveloffset=+1] + +include::modules/modifying-platform-component-definitions.adoc[leveloffset=+1] diff --git a/modules/modifying-platform-component-definitions.adoc b/modules/modifying-platform-component-definitions.adoc new file mode 100644 index 000000000000..b2b739327ca7 --- /dev/null +++ b/modules/modifying-platform-component-definitions.adoc @@ -0,0 +1,24 @@ +// Module included in the following assemblies: +// +// * configuration/customizing-platform-components.adoc +:_mod-docs-content-type: PROCEDURE +[id="modifying-platform-component-definitions_{context}"] += Modifying platform component definitions + +You can define platform components by using namespaces to segment platform security findings from user workloads. + +.Prerequisites +* You must have the `Administration` role with `read` permission to view the platform component configuration options. +* You must have the `Administration` role with `write` permission to modify the platform component configuration. + +.Procedure + +. In the RHACS portal, go to **Platform Configuration** > **System Configuration**. +. On the *System Configuration* view header, click **Edit**. +. Under the **Platform components configuration** section, click on the **Red Hat layered products** tab. Components found in Red {nbsp}Hat layered and partner product namespaces are included in the platform definition by default. +.. To modify the Red{nbsp}Hat layered products definition, enter one or more namespaces using regular expressions, separated by a pipe `|` symbol. For more information on the syntax structure, see the link:https://github.com/google/re2/wiki/syntax[RE2 syntax reference]. +. Click on the **Custom components** tab. +.. To add a custom platform component, click **Add custom platform component**. You can add more than one. +.. In the new **Custom component** entry, enter a descriptive **Name**. +.. Enter the **Namespace rules (Regex)** for this custom component. Enter one or more namespaces using regular expressions, separated by a pipe `|` symbol. For more information on the syntax structure, see the link:https://github.com/google/re2/wiki/syntax[RE2 syntax reference]. +. Click **Save**. diff --git a/modules/understanding-platform-components.adoc b/modules/understanding-platform-components.adoc new file mode 100644 index 000000000000..a82849535ede --- /dev/null +++ b/modules/understanding-platform-components.adoc @@ -0,0 +1,20 @@ +// Module included in the following assemblies: +// +// * configuration/customizing-platform-components.adoc +:_mod-docs-content-type: CONCEPT +[id="understanding-platform-components_{context}"] += Understanding platform components + +When viewing violations in {product-title-short}, you can view them in the context of user workloads and platform components. By understanding this context distinction, you can better understand the scope of the vulnerabilities. + +**User workloads** includes vulnerabilities that affect the workloads and images you deploy in your system. You deploy and manage these workloads. + +**Platform** includes vulnerabilities related to the platform itself. For example, these vulnerabilities might be in workloads and images that the {ocp} platform and layered services deploy. {product-title-short} uses regular expression patterns to examine workload namespaces and identify workloads that belong to platform components. + +You can view the platform components definition in the {product-title-short} portal by going to **Platform Configuration** > **System Configuration**. + +The **Platform components configuration** section lists platform components in the following categories: + +* **Core system components**: These components are part of the core {ocp} and Kubernetes namespaces. {product-title-short} includes them in the platform definition by default. You cannot customize these definitions. These definitions might change when you upgrade the system. +* **Red{nbsp}Hat layered products**: Components found in Red{nbsp}Hat layered and partner product namespaces are included in the platform definition by default. +* **Custom components**: You can extend the platform definition by defining namespaces for additional applications and products.