Installing the Cascading Scans hook will add a ReadOnly Hook to your namespace which looks for matching CascadingRules in the namespace and start the according scans.
The CascadingRules are included directly in each helm chart of the individual scanners.
Starting a cascading Scan
When you start a normal Scan, no CascadingRule will be applied. To use a CascadingRule the scan must be marked to allow cascading rules. This is implemented using kubernetes label selectors, meaning that scans mark the classes of scans which are allowed to be cascaded by the current one.
This Scan will use all CascadingRules which are labeled with a "light" intensity. You can lookup which CascadingRules this selects by running:
The label selectors also allow the more powerful matchExpression selectors:
This selection can be replicated in kubectl using:
|hookJob.ttlSecondsAfterFinished||string||Seconds after which the kubernetes job for the hook will be deleted. Requires the Kubernetes TTLAfterFinished controller: https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/|
|image.repository||string||Hook image repository|
|image.tag||string||defaults to the charts version||The image Tag defaults to the charts version if not defined.|