CIS scans can be run using test profiles with user-defined skips.
To skip tests, you will create a custom CIS scan profile. A profile contains the configuration for the CIS scan, which includes the benchmark versions to use and any specific tests to skip in that benchmark.
In the upper left corner, click ☰ > Cluster Management.
On the Clusters page, go to the cluster where you want to run a CIS scan and click Explore.
Click CIS Benchmark > Profile.
From here, you can create a profile in multiple ways. To make a new profile, click Create and fill out the form in the UI. To make a new profile based on an existing profile, go to the existing profile and click ⋮ Clone. If you are filling out the form, add the tests to skip using the test IDs, using the relevant CIS Benchmark as a reference. If you are creating the new test profile as YAML, you will add the IDs of the tests to skip in the
skipTestsdirective. You will also give the profile a name:
Result: A new CIS scan profile is created.
When you run a scan that uses this profile, the defined tests will be skipped during the scan. The skipped tests will be marked in the generated report as