github/polaris
1
0
Fork 0
mirror of https://github.com/FairwindsOps/polaris.git synced 2026-02-14 18:09:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
467d06f4dbca2985201efc2c2956b125933b9dd2
polaris/docs/customization
History
ivanfetch-fw 467d06f4db FWI-2719: Enable new RBAC / sensitive content / Pod exec checks, add hasPrefix and hasSuffix functions to the GO template, exempt system: name prefixes for RBAC checks, sensitive content checks ignore valueFrom, (#832) 
* Enable these checks in the default configuration file, which may produce many new results:
  * automountServiceAccountToken
  * linuxHardening
  * sensitiveConfigmapContent and sensitiveContainerEnvVar
  * clusterrolebindingClusterAdmin, rolebindingClusterAdminClusterRole, and rolebindingClusterAdminRole
  * clusterrolePodExecAttach, rolePodExecAttach, clusterrolebindingPodExecAttach, rolebindingClusterRolePodExecAttach, and  rolebindingRolePodExecAttach
* Ignore the `missingNetworkPolicy` and `automountServiceAccountToken` checks by default
* `hasPrefix` and `hasSuffix` functions are now available in the go template
* Fix the `sensitiveContainerEnvVar` check to ignore sensitive environment
variable names when those variables use `valueFrom` to reference an
external resource.
* Add the `*ClusterAdmin` checks to `examples/config-full.yaml`.
* Exempt the prefix `system:` instead of individual entries for RBAC checks (#871)
2022-11-14 15:05:02 -07:00
..
checks.md
Update documentation from template (#609)
2021-08-17 11:26:25 -04:00
configuration.md
Update documentation from template (#609)
2021-08-17 11:26:25 -04:00
custom-checks.md
FWI-2719: Enable new RBAC / sensitive content / Pod exec checks, add hasPrefix and hasSuffix functions to the GO template, exempt system: name prefixes for RBAC checks, sensitive content checks ignore valueFrom, (#832)
2022-11-14 15:05:02 -07:00
exemptions.md
Update documentation from template (#609)
2021-08-17 11:26:25 -04:00