-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ValidatingAdmissionPolicy for C-0013 #11
base: main
Are you sure you want to change the base?
Conversation
Hi @slashben, there is a mismatch between the documentation and the rego functionality. This is what the rego actually does:
|
|
This is a very complex control, I will review a bit later |
Hi @suhasgumma |
Thank you @Daniel-GrunbergerCA . |
Signed-off-by: Suhas Gumma <[email protected]>
Signed-off-by: Suhas Gumma <[email protected]>
Hi @Daniel-GrunbergerCA, this is what I have done:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good job! Sorry for the delay :)
@slashben can you have a look, Daniel did approve in the past, but a second review before merging would be good |
Control C-0013
Related Resources: CronJob, DaemonSet, Deployment, Job, Pod, ReplicaSet, StatefulSet
Control Docs: https://hub.armosec.io/docs/c-0013
Control Rego: https://github.com/kubescape/regolibrary/blob/master/rules/non-root-containers/raw.rego