Is your feature request related to a problem? Please describe.
Default behavior is to fail the run only if compliance < threshold. But some users may want to fail the run in case some specific controls fail even if the compliance threshold is reached.
Describe the solution you'd like
Add a mustPass boolean field to each control. By default, false, defers to the compliance > threshold behavior. If true, then this control must be compliant at 100% otherwise the analysis fails.
Configuration in .plumber.yaml
Example:
controls:
containerImageMustNotUseForbiddenTags:
enabled: true
mustPass: true
tags:
- latest
- dev
- development
- staging
- main
- master
containerImagesMustBePinnedByDigest: trueWhy It's Valuable
Gives more flexibility to the users to decide what must really be compliant, also allows them to still impose a set of controls that must pass even if they want to set a low threshold for passing due to them adding more controls that expect to fail but are fine with them failing for the time being.
Note: If you submit a PR for this feature, please keep "Allow edits from maintainers" enabled so we can collaborate more easily.
Is your feature request related to a problem? Please describe.
Default behavior is to fail the run only if compliance < threshold. But some users may want to fail the run in case some specific controls fail even if the compliance threshold is reached.
Describe the solution you'd like
Add a
mustPassboolean field to each control. By default, false, defers to the compliance > threshold behavior. If true, then this control must be compliant at 100% otherwise the analysis fails.Configuration in
.plumber.yamlExample:
Why It's Valuable
Gives more flexibility to the users to decide what must really be compliant, also allows them to still impose a set of controls that must pass even if they want to set a low threshold for passing due to them adding more controls that expect to fail but are fine with them failing for the time being.