Alauda Security Service

Responding to Violations

Alauda Security Service helps you view, investigate, and address policy violations.

Its built-in policies detect vulnerabilities, configuration issues, risky build or deploy actions, and suspicious runtime behaviors. Violations are reported when enabled policies are not met.

TOC

Violation ViewsPlatform Workload ClassificationViewing ViolationsInvestigating a ViolationWorking with Policy ActionsEnforcement Context

Violation Views

The main entry point is Violations.

In the current UI, violations are grouped into these top-level views:

  • User Workloads
  • Platform
  • All Violations

Within each view, you can switch between these violation states:

  • Active
  • Resolved
  • Attempted

Use these tabs to separate current problems from historical and blocked events.

Platform Workload Classification

Platform violations depend on the platform component definition configured in Platform Configuration > System Configuration.

Platform-related violations should therefore be interpreted together with the current platform component configuration, not only by hard-coded namespace assumptions. The exact platform namespace patterns can vary by environment.

Viewing Violations

  1. In the portal, click Violations.
  2. Choose the appropriate top-level view:
    • User Workloads
    • Platform
    • All Violations
  3. Choose a state tab:
    • Active
    • Resolved
    • Attempted
  4. Filter, sort, and review the results as needed.

When matching data exists, the page also shows the current result count above the table for the selected view and state.

The current results table includes fields such as:

  • Policy
  • Entity
  • Type
  • Enforced
  • Severity
  • Categories
  • Lifecycle
  • Time
  • Row actions

Investigating a Violation

Selecting a violation opens a details panel for further investigation.

Typical information includes:

  • the violated policy
  • the affected workload or platform component
  • whether enforcement was active
  • severity and category
  • lifecycle stage
  • deployment-specific details, when applicable
  • policy details and policy behavior

Depending on the violation type, the details area can also include deployment, container, network, or runtime context.

Working with Policy Actions

From the violations workflow, you can review the policy that triggered the finding and take follow-up actions such as:

  • investigating the affected resource
  • updating the relevant workload or image
  • adjusting policy scope where appropriate
  • excluding deployments from a policy when supported by available actions

Enforcement Context

Violations are shaped by the enforcement mode configured on the related policy.

Common enforcement behavior includes:

  • Build: policy checks fail CI or image validation steps
  • Deploy: admission enforcement blocks or edits noncompliant deployments
  • Runtime: runtime responses apply when matching activity occurs

For existing deployments, reassessment can be triggered from Policy Management using Reassess all.