You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When applying posturePolicies for given control, the ruleName section doesn't seem to build proper list of rule exclusions, but rather applies all-or-nothing approach.
For example, for C-0211 control I want to scan for some rules like privileged container rule-privilege-escalation & immutable-container-filesystem, but don't scan for set-seLinuxOptions, drop-capability-netraw and few other rules.
According to the documentation, I should pass a map, but when I do that it excludes from scan even the rules I need - I took this as a reference:
Description
When applying
posturePolicies
for given control, theruleName
section doesn't seem to build proper list of rule exclusions, but rather applies all-or-nothing approach.For example, for
C-0211
control I want to scan for some rules like privileged containerrule-privilege-escalation
&immutable-container-filesystem
, but don't scan forset-seLinuxOptions
,drop-capability-netraw
and few other rules.According to the documentation, I should pass a map, but when I do that it excludes from scan even the rules I need - I took this as a reference:
https://github.com/kubescape/regolibrary/blob/e98a0d43c5c1d74da5233ce83e9afae9e86ffb9e/controls/C-0211-applysecuritycontexttoyourpodsandcontainers.json
Completely skips the control
On the other hand
Checks every rule regardless if it's on the list or not.
Could you please either provide an example of proper use or confirm this is a bug
https://github.com/kubescape/kubescape/tree/master/examples/exceptions
Kubescape v3.0.8
The text was updated successfully, but these errors were encountered: