Skip to content

Commit

Permalink
Adding default exceptions (#576)
Browse files Browse the repository at this point in the history 
* Adding default exceptions

Signed-off-by: David Wertenteil <dwertent@armosec.io>

* Exclude based on labels

Signed-off-by: David Wertenteil <dwertent@armosec.io>

* clean

Signed-off-by: David Wertenteil <dwertent@armosec.io>

---------

Signed-off-by: David Wertenteil <dwertent@armosec.io>
  • Loading branch information
@dwertent
dwertent committed Feb 15, 2024
1 parent f3f68fa commit bc7b626
Showing 1 changed file with 126 additions and 0 deletions.
126 changes: 126 additions & 0 deletions exceptions/kubescape.json
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,55 @@
[
{
"name": "kubescape-ignore",
"policyType": "postureExceptionPolicy",
"actions": [
"alertOnly"
],
"attributes": {
"systemException": true
},
"resources": [
{
"designatorType": "Attributes",
"attributes": {
"kubescape.io/ignore": "true"
}
},
{
"designatorType": "Attributes",
"attributes": {
"kubescape.io/ignore": "True"
}
},
{
"designatorType": "Attributes",
"attributes": {
"kubescape.io/ignore": "yes"
}
},
{
"designatorType": "Attributes",
"attributes": {
"kubescape.io/ignore": "1"
}
},
{
"designatorType": "Attributes",
"attributes": {
"kubescape.io/ignore": "enable"
}
},
{
"designatorType": "Attributes",
"attributes": {
"kubescape.io/ignore": "enabled"
}
}
],
"posturePolicies": [
{}
]
},
{
"name": "exclude-kubescape-deployment-security-context",
"policyType": "postureExceptionPolicy",
Expand Down Expand Up @@ -75,20 +126,47 @@
}
],
"posturePolicies": [
{
"controlID": "c-0076"
},
{
"controlID": "c-0237"
},
{
"controlID": "c-0055"
},
{
"controlID": "c-0056"
},
{
"controlID": "c-0017"
},
{
"controlID": "c-0018"
},
{
"controlID": "c-0013"
},
{
"controlID": "c-0030"
},
{
"controlID": "c-0210"
},
{
"controlID": "c-0260"
},
{
"controlID": "c-0207"
},
{
"controlID": "c-0211"
},
{
"controlID": "c-0058"
},
{
"controlID": "c-0038"
}
]
},
Expand Down Expand Up @@ -206,6 +284,9 @@
"posturePolicies": [
{
"controlID": "c-0030"
},
{
"controlID": "c-0013"
}
]
},
Expand Down Expand Up @@ -376,6 +457,14 @@
"namespace": "kubescape"
}
},
{
"designatorType": "Attributes",
"attributes": {
"kind": "ServiceAccount",
"name": "storage",
"namespace": "kubescape"
}
},
{
"designatorType": "Attributes",
"attributes": {
Expand All @@ -384,6 +473,22 @@
"namespace": "kubescape"
}
},
{
"designatorType": "Attributes",
"attributes": {
"kind": "ServiceAccount",
"name": "node-agent",
"namespace": "kubescape"
}
},
{
"designatorType": "Attributes",
"attributes": {
"kind": "ServiceAccount",
"name": "kubevuln",
"namespace": "kubescape"
}
},
{
"designatorType": "Attributes",
"attributes": {
Expand All @@ -405,8 +510,20 @@
{
"controlID": "c-0034"
},
{
"controlID": "c-0207"
},
{
"controlID": "c-0013"
},
{
"controlID": "c-0015"
},
{
"controlID": "c-0053"
},
{
"controlID": "c-0186"
}
]
},
Expand Down Expand Up @@ -529,6 +646,12 @@
{
"controlID": "c-0055"
},
{
"controlID": "c-0260"
},
{
"controlID": "c-0013"
},
{
"controlID": "c-0056"
},
Expand Down Expand Up @@ -578,6 +701,9 @@
{
"controlID": "c-0034"
},
{
"controlID": "c-0260"
},
{
"controlID": "c-0055"
},
Expand Down

0 comments on commit bc7b626

Please sign in to comment.