default-config-inputs.json

{
    "name": "default",
    "attributes": {
    },
    "scope": {
        "designatorType": "attributes",
        "attributes": {}
    },
    "settings": {
        "postureControlInputs": {
            "imageRepositoryAllowList": [
            ],
            "trustedCosignPublicKeys": [],
            "insecureCapabilities": [
                "SETPCAP",
                "NET_ADMIN",
                "NET_RAW",
                "SYS_MODULE",
                "SYS_RAWIO",
                "SYS_PTRACE",
                "SYS_ADMIN",
                "SYS_BOOT",
                "MAC_OVERRIDE",
                "MAC_ADMIN",
                "PERFMON",
                "ALL",
                "BPF"
            ],
            "listOfDangerousArtifacts": [
                "bin/bash",
                "sbin/sh",
                "bin/ksh",
                "bin/tcsh",
                "bin/zsh",
                "usr/bin/scsh",
                "bin/csh",
                "bin/busybox",
                "usr/bin/busybox"
            ],
            "publicRegistries": [],
            "sensitiveInterfaces": [
                "nifi",
                "argo-server",
                "weave-scope-app",
                "kubeflow",
                "kubernetes-dashboard",
                "jenkins",
                "prometheus-deployment"
            ],
            "max_critical_vulnerabilities": ["5"],
            "max_high_vulnerabilities": ["10"],
            "sensitiveKeyNames": [
                "aws_secret_access_key",
                "azure_batchai_storage_key",
                "azure_batch_key",
                "secret",
                "key",
                "password",
                "pwd",
                "token",
                "jwt",
                "bearer",
                "credential"
            ],
            "sensitiveValues": [
                "BEGIN \\w+ PRIVATE KEY",
                "PRIVATE KEY",
                "eyJhbGciO",
                "JWT",
                "Bearer",
                "_key_",
                "_secret_"
            ],
            "sensitiveKeyNamesAllowed": [],
            "sensitiveValuesAllowed": [],
            "servicesNames": [
                "nifi-service",
                "argo-server",
                "minio",
                "postgres",
                "workflow-controller-metrics",
                "weave-scope-app",
                "kubernetes-dashboard"
            ],
            "untrustedRegistries": [],
            "memory_request_max": [],
            "memory_request_min": ["0"],
            "memory_limit_max": [],
            "memory_limit_min": ["0"],
            "cpu_request_max": [],
            "cpu_request_min": ["0"],
            "cpu_limit_max": [],
            "cpu_limit_min": ["0"],
            "wlKnownNames": [
                "coredns",
                "kube-proxy",
                "event-exporter-gke",
                "kube-dns",
                "17-default-backend",
                "metrics-server",
                "ca-audit",
                "ca-dashboard-aggregator",
                "ca-notification-server",
                "ca-ocimage",
                "ca-oracle",
                "ca-posture",
                "ca-rbac",
                "ca-vuln-scan",
                "ca-webhook",
                "ca-websocket",
                "clair-clair"
            ],
            "recommendedLabels": ["app", "tier", "phase", "version", "owner", "env"],
            "k8sRecommendedLabels": ["app.kubernetes.io/name", "app.kubernetes.io/instance", "app.kubernetes.io/version", "app.kubernetes.io/component", "app.kubernetes.io/part-of", "app.kubernetes.io/managed-by", "app.kubernetes.io/created-by"]
        }
    }
}