Benchmarks and Compliance

Note: Sysdig follows the Prometheus-compabtible naming convention for both metrics and labels as opposed to the previous statsd-compatible one. However, this page still shows metrics in the legacy Sysdig naming convention. Until this page is updated, see Metrics and Label Mapping for the mapping between legacy Sysdig and Prometheus naming conventions.

Compliance metrics are generated from scheduled CIS Benchmark scans that occur in Sysdig Secure. These metrics cover aggregate results of the various CIS Benchmark sections, as well as granular details about how many running containers are failing specific run-time compliance checks.