feat: add violation details to report.results.properties for PSa policies (#5908)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-04-08 10:04:25 +00:00 · 2023-01-06 11:40:06 +01:00 · 2023-01-06 11:40:06 +01:00 · 28c0f8f56a
commit 28c0f8f56a
parent 24c98f4c40
1 changed files with 12 additions and 10 deletions
--- a/pkg/utils/report/results.go
+++ b/pkg/utils/report/results.go
@ -1,7 +1,8 @@
 package report

 import (
-	"fmt"
+	"sort"
+	"strings"
 	"time"

 	"github.com/go-logr/logr"
@ -99,17 +100,18 @@ func EngineResponseToReportResults(response *response.EngineResponse) []policyre
 			Severity: severityFromString(annotations[kyvernov1.AnnotationPolicySeverity]),
 		}
 		if ruleResult.PodSecurityChecks != nil {
+			var controls []string
 			for _, check := range ruleResult.PodSecurityChecks.Checks {
 				if !check.CheckResult.Allowed {
-					if result.Properties == nil {
-						result.Properties = map[string]string{}
-					}
-					key := fmt.Sprintf("%s/%s/%s", ruleResult.PodSecurityChecks.Level, ruleResult.PodSecurityChecks.Version, check.ID)
-					value := check.CheckResult.ForbiddenDetail
-					if value == "" {
-						value = check.CheckResult.ForbiddenReason
-					}
-					result.Properties[key] = value
+					controls = append(controls, check.ID)
+				}
+			}
+			if len(controls) > 0 {
+				sort.Strings(controls)
+				result.Properties = map[string]string{
+					"standard": string(ruleResult.PodSecurityChecks.Level),
+					"version":  ruleResult.PodSecurityChecks.Version,
+					"controls": strings.Join(controls, ","),
 				}
 			}
 		}