Skip to content

Commit

Permalink
Merge pull request #573 from kubescape/security-issues
Browse files Browse the repository at this point in the history 
add security issues controls to security fw
  • Loading branch information
@YiscahLevySilas1
YiscahLevySilas1 committed Feb 11, 2024
2 parents 491fe53 + 712158e commit d82cd29
Showing 1 changed file with 96 additions and 30 deletions.
126 changes: 96 additions & 30 deletions frameworks/security.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"name": "security",
"description": "Controls that are used to assess security threats.",
"attributes": {
"armoBuiltin": true
"armoBuiltin": true
},
"typeTags": [
"security"
Expand All @@ -15,57 +15,57 @@
},
"activeControls": [
{
"controlID": "C-0009",
"controlID": "C-0005",
"patch": {
"name": "Resource limits"
"name": "API server insecure port is enabled"
}
},
{
"controlID": "C-0017",
"controlID": "C-0009",
"patch": {
"name": "Immutable container filesystem"
"name": "Resource limits"
}
},
{
"controlID": "C-0256",
{
"controlID": "C-0012",
"patch": {
"name": "Exposure to Internet"
"name": "Applications credentials in configuration files"
}
},
{
"controlID": "C-0259",
{
"controlID": "C-0013",
"patch": {
"name": "Workload with credential access"
"name": "Non-root containers"
}
},
{
"controlID": "C-0258",
"controlID": "C-0016",
"patch": {
"name": "Workload with configMap access"
"name": "Allow privilege escalation"
}
},
{
"controlID": "C-0257",
"controlID": "C-0017",
"patch": {
"name": "Workload with PVC access"
"name": "Immutable container filesystem"
}
},
{
"controlID": "C-0260",
"controlID": "C-0034",
"patch": {
"name": "Missing network policy"
"name": "Automatic mapping of service account"
}
},
{
"controlID": "C-0261",
"controlID": "C-0035",
"patch": {
"name": "ServiceAccount token mounted"
"name": "Administrative Roles"
}
},
{
"controlID": "C-0255",
"controlID": "C-0038",
"patch": {
"name": "Workload with secret access"
"name": "Host PID/IPC privileges"
}
},
{
Expand Down Expand Up @@ -98,35 +98,101 @@
"name": "HostPath mount"
}
},
{
"controlID": "C-0057",
"patch": {
"name": "Privileged container"
}
},
{
"controlID": "C-0066",
"patch": {
"name": "Secret/etcd encryption enabled"
}
},
{
"controlID": "C-0069",
"patch": {
"name": "Disable anonymous access to Kubelet service"
}
},
{
"controlID": "C-0070",
"patch": {
"name": "Enforce Kubelet client TLS authentication"
}
},
{
"controlID": "C-0074",
"patch": {
"name": "Container runtime socket mounted"
}
},
{
"controlID": "C-0211",
"patch": {
"name": "Apply Security Context to Your Pods and Containers"
}
},
{
"controlID": "C-0262",
"controlID": "C-0255",
"patch": {
"name": "Anonymous access enabled"
"name": "Workload with secret access"
}
},
{
"controlID": "C-0265",
"controlID": "C-0256",
"patch": {
"name": "Authenticated user has sensitive permissions"
"name": "Exposure to Internet"
}
},
{
"controlID": "C-0057",
"controlID": "C-0257",
"patch": {
"name": "Privileged container"
"name": "Workload with PVC access"
}
},
{
"controlID": "C-0038",
"controlID": "C-0258",
"patch": {
"name": "Host PID/IPC privileges"
"name": "Workload with configMap access"
}
},
{
"controlID": "C-0259",
"patch": {
"name": "Workload with credential access"
}
},
{
"controlID": "C-0260",
"patch": {
"name": "Missing network policy"
}
},
{
"controlID": "C-0261",
"patch": {
"name": "ServiceAccount token mounted"
}
},
{
"controlID": "C-0262",
"patch": {
"name": "Anonymous access enabled"
}
},
{
"controlID": "C-0264",
"patch": {
"name": "PersistentVolume without encyption"
}
},
{
"controlID": "C-0265",
"patch": {
"name": "Authenticated user has sensitive permissions"
}
}
]
}
}

0 comments on commit d82cd29

Please sign in to comment.