mirror of
https://github.com/FairwindsOps/polaris.git
synced 2026-05-12 04:06:44 +00:00
75f70352ba
**Changes** - Refactored the way controllers work to be an interface - Added configurable controllers to include in scans - Added daemonsets, jobs and cronjobs in scans - Added `ReplicationController` type controllers to the supported list - Adjusted logic for failed YAML parsing to bubble up errors - Added better logic for calculating summaries on cluster wide results - Relocated responsibilities for counting types into validators vs spreading it around more packages - Fixed bug where cronjob parsing was using wrong KIND - Added fixtures for mocking new controller types - Added example yamls to test scanning files - Added functions to NamespacedResult(s) to reduce code complexity deep set iterations - Refactored how results get added to namespacedresults so adding more later is easier - Minor signature changes for interface implementing structs for controllers
51 lines
1.0 KiB
YAML
51 lines
1.0 KiB
YAML
resources:
|
|
cpuRequestsMissing: warning
|
|
cpuLimitsMissing: warning
|
|
memoryRequestsMissing: warning
|
|
memoryLimitsMissing: warning
|
|
images:
|
|
tagNotSpecified: error
|
|
pullPolicyNotAlways: ignore
|
|
healthChecks:
|
|
readinessProbeMissing: warning
|
|
livenessProbeMissing: warning
|
|
networking:
|
|
hostNetworkSet: warning
|
|
hostPortSet: warning
|
|
security:
|
|
hostIPCSet: error
|
|
hostPIDSet: error
|
|
notReadOnlyRootFileSystem: warning
|
|
privilegeEscalationAllowed: error
|
|
runAsRootAllowed: warning
|
|
runAsPrivileged: error
|
|
capabilities:
|
|
error:
|
|
ifAnyAdded:
|
|
- SYS_ADMIN
|
|
- NET_ADMIN
|
|
- ALL
|
|
warning:
|
|
ifAnyAddedBeyond:
|
|
- CHOWN
|
|
- DAC_OVERRIDE
|
|
- FSETID
|
|
- FOWNER
|
|
- MKNOD
|
|
- NET_RAW
|
|
- SETGID
|
|
- SETUID
|
|
- SETFCAP
|
|
- SETPCAP
|
|
- NET_BIND_SERVICE
|
|
- SYS_CHROOT
|
|
- KILL
|
|
- AUDIT_WRITE
|
|
controllers_to_scan:
|
|
- Deployments
|
|
- StatefulSets
|
|
- DaemonSets
|
|
- CronJobs
|
|
- Jobs
|
|
- ReplicationControllers
|