The mgmt-cis-scan test fails because no cluster scan reports are available.

Error of mgmt-cis-scan :

Report name: 
You must specify the type of resource to get. Use "kubectl api-resources" for a complete list of supported resources.
error: Required resource not specified.
Use "kubectl explain <resource>" for a detailed description of that resource (e.g. kubectl explain pods).
See 'kubectl get -h' for help and examples
Traceback (most recent call last):
  File "/builds/sylva-projects/sylva-core/tools/display-scan-report.py", line 11, in <module>
    data = json.load(sys.stdin)
           ^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/json/__init__.py", line 293, in load
    return loads(fp.read(),
           ^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/json/__init__.py", line 346, in loads
    return _default_decoder.decode(s)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/json/decoder.py", line 338, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/json/decoder.py", line 356, in raw_decode
    raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)

https://gitlab.com/sylva-projects/sylva-core/-/blob/main/.gitlab/ci/tests/security/cis-scan.yml?ref_type=heads :

kubectl --kubeconfig management-cluster-kubeconfig -n cis-operator-system get clusterscanreports -o name

^ It seems that the ci test cant retrieve any clusterscanreports. According to the mgmt cluster artifacts, the cis-operatorpod is running.

But we can see the following events :

2025-09-16T00:57:58Z	2025-09-16T00:57:58Z	kubelet-mgmt-2041327005-rke2-capo-cp-05ebe36753-wcpt6	Pod	sonobuoy-rancher-kube-bench-daemon-set-97995024559c4f35-tc5pr	1	Created	Created container: sonobuoy-worker
2025-09-16T00:57:58Z	2025-09-16T00:57:58Z	kubelet-mgmt-2041327005-rke2-capo-cp-05ebe36753-wcpt6	Pod	sonobuoy-rancher-kube-bench-daemon-set-97995024559c4f35-tc5pr	1	Started	Started container sonobuoy-worker
2025-09-16T00:58:36Z	2025-09-16T00:58:36Z	kubelet-mgmt-2041327005-rke2-capo-md0-tsmql-pflfq	Pod	sonobuoy-rancher-kube-bench-daemon-set-97995024559c4f35-59c9n	1	Killing	Stopping container rancher-kube-bench
2025-09-16T00:58:36Z	2025-09-16T00:58:36Z	kubelet-mgmt-2041327005-rke2-capo-md0-tsmql-pflfq	Pod	sonobuoy-rancher-kube-bench-daemon-set-97995024559c4f35-59c9n	1	Killing	Stopping container sonobuoy-worker
2025-09-16T00:58:36Z	2025-09-16T00:58:36Z	kubelet-mgmt-2041327005-rke2-capo-md0-tsmql-99n7c	Pod	sonobuoy-rancher-kube-bench-daemon-set-97995024559c4f35-bfxlq	1	Killing	Stopping container rancher-kube-bench
2025-09-16T00:58:36Z	2025-09-16T00:58:36Z	kubelet-mgmt-2041327005-rke2-capo-md0-tsmql-99n7c	Pod	sonobuoy-rancher-kube-bench-daemon-set-97995024559c4f35-bfxlq	1	Killing	Stopping container sonobuoy-worker
2025-09-16T00:58:36Z	2025-09-16T00:58:36Z	kubelet-mgmt-2041327005-rke2-capo-cp-05ebe36753-d84ms	Pod	sonobuoy-rancher-kube-bench-daemon-set-97995024559c4f35-jpl2q	1	Killing	Stopping container rancher-kube-bench
2025-09-16T00:58:36Z	2025-09-16T00:58:36Z	kubelet-mgmt-2041327005-rke2-capo-cp-05ebe36753-d84ms	Pod	sonobuoy-rancher-kube-bench-daemon-set-97995024559c4f35-jpl2q	1	Killing	Stopping container sonobuoy-worker
2025-09-16T00:58:36Z	2025-09-16T00:58:36Z	kubelet-mgmt-2041327005-rke2-capo-md0-tsmql-69bq2	Pod	sonobuoy-rancher-kube-bench-daemon-set-97995024559c4f35-qx4vr	1	Killing	Stopping container rancher-kube-bench
2025-09-16T00:58:36Z	2025-09-16T00:58:36Z	kubelet-mgmt-2041327005-rke2-capo-md0-tsmql-69bq2	Pod	sonobuoy-rancher-kube-bench-daemon-set-97995024559c4f35-qx4vr	1	Killing	Stopping container sonobuoy-worker
2025-09-16T00:58:36Z	2025-09-16T00:58:36Z	kubelet-mgmt-2041327005-rke2-capo-cp-05ebe36753-5c44n	Pod	sonobuoy-rancher-kube-bench-daemon-set-97995024559c4f35-s4wxq	1	Killing	Stopping container rancher-kube-bench
2025-09-16T00:58:36Z	2025-09-16T00:58:36Z	kubelet-mgmt-2041327005-rke2-capo-cp-05ebe36753-5c44n	Pod	sonobuoy-rancher-kube-bench-daemon-set-97995024559c4f35-s4wxq	1	Killing	Stopping container sonobuoy-worker
2025-09-16T00:58:36Z	2025-09-16T00:58:36Z	kubelet-mgmt-2041327005-rke2-capo-cp-05ebe36753-wcpt6	Pod	sonobuoy-rancher-kube-bench-daemon-set-97995024559c4f35-tc5pr	1	Killing	Stopping container rancher-kube-bench
2025-09-16T00:58:36Z	2025-09-16T00:58:36Z	kubelet-mgmt-2041327005-rke2-capo-cp-05ebe36753-wcpt6	Pod	sonobuoy-rancher-kube-bench-daemon-set-97995024559c4f35-tc5pr	1	Killing	Stopping container sonobuoy-worker
2025-09-16T00:58:39Z	2025-09-16T00:58:39Z	job-controller-	Job	security-scan-runner-rke2-cis	1	BackoffLimitExceeded	Job has reached the specified backoff limit

(Unfortunately, we no longer have the logs for this job.)

(low priority since we have only seen this failure once. The priority will be adjusted if necessary)

Edited Sep 16, 2025 by Remi Le Trocquer