diff --git a/internal/zero/api/api.go b/internal/zero/api/api.go
index a13570ed5..1dc6c2550 100644
--- a/internal/zero/api/api.go
+++ b/internal/zero/api/api.go
@@ -127,43 +127,3 @@ func (api *API) GetClusterResourceBundles(ctx context.Context) (*cluster_api.Get
 		api.cluster.GetClusterResourceBundlesWithResponse(ctx),
 	)
 }
-
-// ReportBundleAppliedSuccess reports a successful bundle application
-func (api *API) ReportBundleAppliedSuccess(ctx context.Context, bundleID string, metadata map[string]string) error {
-	status := cluster_api.BundleStatus{
-		Success: &cluster_api.BundleStatusSuccess{
-			Metadata: metadata,
-		},
-	}
-
-	_, err := apierror.CheckResponse[cluster_api.EmptyResponse](
-		api.cluster.ReportClusterResourceBundleStatusWithResponse(ctx, bundleID, status),
-	)
-	if err != nil {
-		return fmt.Errorf("error reporting bundle status: %w", err)
-	}
-	return err
-}
-
-// ReportBundleAppliedFailure reports a failed bundle application
-func (api *API) ReportBundleAppliedFailure(
-	ctx context.Context,
-	bundleID string,
-	source cluster_api.BundleStatusFailureSource,
-	err error,
-) error {
-	status := cluster_api.BundleStatus{
-		Failure: &cluster_api.BundleStatusFailure{
-			Message: err.Error(),
-			Source:  source,
-		},
-	}
-
-	_, err = apierror.CheckResponse[cluster_api.EmptyResponse](
-		api.cluster.ReportClusterResourceBundleStatusWithResponse(ctx, bundleID, status),
-	)
-	if err != nil {
-		return fmt.Errorf("error reporting bundle status: %w", err)
-	}
-	return err
-}
diff --git a/internal/zero/bootstrap/file.go b/internal/zero/bootstrap/file.go
index 41fe14d9e..59d613736 100644
--- a/internal/zero/bootstrap/file.go
+++ b/internal/zero/bootstrap/file.go
@@ -15,6 +15,7 @@ import (
 	"os"
 
 	"github.com/pomerium/pomerium/pkg/cryptutil"
+	"github.com/pomerium/pomerium/pkg/health"
 	cluster_api "github.com/pomerium/pomerium/pkg/zero/cluster"
 )
 
@@ -40,6 +41,16 @@ func LoadBootstrapConfigFromFile(fp string, cipher cipher.AEAD) (*cluster_api.Bo
 
 // SaveBootstrapConfigToFile saves the bootstrap configuration to a file.
 func SaveBootstrapConfigToFile(src *cluster_api.BootstrapConfig, fp string, cipher cipher.AEAD) error {
+	err := saveBootstrapConfigToFile(src, fp, cipher)
+	if err != nil {
+		health.ReportError(health.ZeroBootstrapConfigSave, err)
+	} else {
+		health.ReportOK(health.ZeroBootstrapConfigSave)
+	}
+	return err
+}
+
+func saveBootstrapConfigToFile(src *cluster_api.BootstrapConfig, fp string, cipher cipher.AEAD) error {
 	plaintext, err := json.Marshal(src)
 	if err != nil {
 		return fmt.Errorf("marshal file config: %w", err)
diff --git a/internal/zero/reconciler/report_status.go b/internal/zero/reconciler/report_status.go
index 7b677c22d..42896324e 100644
--- a/internal/zero/reconciler/report_status.go
+++ b/internal/zero/reconciler/report_status.go
@@ -1,44 +1,28 @@
 package reconciler
 
 import (
-	"context"
+	"fmt"
 
-	"github.com/pomerium/pomerium/internal/log"
-	cluster_api "github.com/pomerium/pomerium/pkg/zero/cluster"
+	"github.com/pomerium/pomerium/pkg/health"
 )
 
-const (
-	// BundleStatusFailureDatabrokerError indicates a failure due to a databroker error
-	BundleStatusFailureDatabrokerError = cluster_api.DatabrokerError
-	// BundleStatusFailureDownloadError indicates a failure due to a download error
-	BundleStatusFailureDownloadError = cluster_api.DownloadError
-	// BundleStatusFailureInvalidBundle indicates a failure due to an invalid bundle
-	BundleStatusFailureInvalidBundle = cluster_api.InvalidBundle
-	// BundleStatusFailureIO indicates a failure due to an IO error
-	BundleStatusFailureIO = cluster_api.IoError
-	// BundleStatusFailureUnknownError indicates a failure due to an unknown error
-	BundleStatusFailureUnknownError = cluster_api.UnknownError
-)
+// sourceAttr is to indicate the source of this health check is not host specific
+var sourceAttr = health.StrAttr("source", "pomerium-managed-core")
 
 func (c *service) ReportBundleAppliedSuccess(
-	ctx context.Context,
 	bundleID string,
 	metadata map[string]string,
 ) {
-	err := c.config.api.ReportBundleAppliedSuccess(ctx, bundleID, metadata)
-	if err != nil {
-		log.Ctx(ctx).Err(err).Msg("reconciler: error reporting bundle status")
+	attr := []health.Attr{sourceAttr}
+	for k, v := range metadata {
+		attr = append(attr, health.StrAttr(fmt.Sprintf("download-metadata-%s", k), v))
 	}
+	health.ReportOK(health.ZeroResourceBundle(bundleID), attr...)
 }
 
 func (c *service) ReportBundleAppliedFailure(
-	ctx context.Context,
 	bundleID string,
-	source cluster_api.BundleStatusFailureSource,
 	err error,
 ) {
-	err = c.config.api.ReportBundleAppliedFailure(ctx, bundleID, source, err)
-	if err != nil {
-		log.Ctx(ctx).Err(err).Msg("reconciler: error reporting bundle status")
-	}
+	health.ReportError(health.ZeroResourceBundle(bundleID), err, sourceAttr)
 }
diff --git a/internal/zero/reconciler/sync.go b/internal/zero/reconciler/sync.go
index 09cebd6f1..289bc76f6 100644
--- a/internal/zero/reconciler/sync.go
+++ b/internal/zero/reconciler/sync.go
@@ -136,7 +136,7 @@ func (c *service) syncBundle(ctx context.Context, key string) error {
 
 	result, err := c.config.api.DownloadClusterResourceBundle(ctx, fd, key, conditional)
 	if err != nil {
-		c.ReportBundleAppliedFailure(ctx, key, BundleStatusFailureDownloadError, err)
+		c.ReportBundleAppliedFailure(key, fmt.Errorf("download bundle: %w", err))
 		return fmt.Errorf("download bundle: %w", err)
 	}
 
@@ -157,7 +157,7 @@ func (c *service) syncBundle(ctx context.Context, key string) error {
 
 	bundleRecordTypes, err := c.syncBundleToDatabroker(ctx, key, fd, cached.GetRecordTypes())
 	if err != nil {
-		c.ReportBundleAppliedFailure(ctx, key, BundleStatusFailureDatabrokerError, err)
+		c.ReportBundleAppliedFailure(key, fmt.Errorf("sync bundle to databroker: %w", err))
 		return fmt.Errorf("apply bundle to databroker: %w", err)
 	}
 	current := BundleCacheEntry{
@@ -176,11 +176,11 @@ func (c *service) syncBundle(ctx context.Context, key string) error {
 	err = c.SetBundleCacheEntry(ctx, key, current)
 	if err != nil {
 		err = fmt.Errorf("set bundle cache entry: %w", err)
-		c.ReportBundleAppliedFailure(ctx, key, BundleStatusFailureDatabrokerError, err)
+		c.ReportBundleAppliedFailure(key, fmt.Errorf("set bundle cache entry: %w", err))
 		return err
 	}
 
-	c.ReportBundleAppliedSuccess(ctx, key, result.Metadata)
+	c.ReportBundleAppliedSuccess(key, result.Metadata)
 	return nil
 }
 
diff --git a/pkg/health/check.go b/pkg/health/check.go
index 453f05120..bff5ac861 100644
--- a/pkg/health/check.go
+++ b/pkg/health/check.go
@@ -1,5 +1,7 @@
 package health
 
+import "fmt"
+
 type Check string
 
 const (
@@ -11,4 +13,11 @@ const (
 	XDSRouteConfiguration = Check("xds.route-configuration")
 	// XDSOther is a catch-all for other XDS resources
 	XDSOther = Check("xds.other")
+	// ZeroBootstrapConfigSave checks whether the Zero bootstrap config was saved
+	ZeroBootstrapConfigSave = Check("zero.bootstrap-config.save")
 )
+
+// ZeroResourceBundle checks whether the Zero resource bundle was applied
+func ZeroResourceBundle(bundleID string) Check {
+	return Check(fmt.Sprintf("zero.resource-bundle.%s", bundleID))
+}