Skip Tests

CIS scans can be run using test profiles with user-defined skips.

To skip tests, you will create a custom CIS scan profile. A profile contains the configuration for the CIS scan, which includes the benchmark versions to use and any specific tests to skip in that benchmark.

  1. In the upper left corner, click ☰ > Cluster Management.

  2. On the Clusters page, go to the cluster where you want to run a CIS scan and click Explore.

  3. Click CIS Benchmark > Profile.

  4. From here, you can create a profile in multiple ways. To make a new profile, click Create and fill out the form in the UI. To make a new profile based on an existing profile, go to the existing profile and click ⋮ Clone. If you are filling out the form, add the tests to skip using the test IDs, using the relevant CIS Benchmark as a reference. If you are creating the new test profile as YAML, you will add the IDs of the tests to skip in the skipTests directive. You will also give the profile a name:

    1. apiVersion: cis.cattle.io/v1
    2. kind: ClusterScanProfile
    3. metadata:
    4. annotations:
    5. meta.helm.sh/release-name: clusterscan-operator
    6. meta.helm.sh/release-namespace: cis-operator-system
    7. labels:
    8. app.kubernetes.io/managed-by: Helm
    9. name: "<example-profile>"
    10. spec:
    11. benchmarkVersion: cis-1.5
    12. skipTests:
    13. - "1.1.20"
    14. - "1.1.21"
  5. Click Create.

Result: A new CIS scan profile is created.

When you run a scan that uses this profile, the defined tests will be skipped during the scan. The skipped tests will be marked in the generated report as Skip.