fix(query): covered additional deprecated API versions in k8s rule #4830
Conversation
|
Scan submitted to Checkmarx |
|
Cx-SAST SummaryTotal of 5 vulnerabilities Violation SummaryNo policy violation found |
There was a problem hiding this comment.
Hello, @Churro 🙂
Your observations are always on point 🚀 Thank you so much for sharing them and contributing to KICS!
I would suggest including even more deprecated API versions If you do not mind. The comment below addresses my suggestion. Let me know what you think about it, please.
| "ClusterRoleBinding": "rbac.authorization.k8s.io/v1", | ||
| "Role": "rbac.authorization.k8s.io/v1", | ||
| "RoleBinding": "rbac.authorization.k8s.io/v1", | ||
| }, |
There was a problem hiding this comment.
| }, | |
| "batch/v1beta1": { | |
| "CronJob": "batch/v1", | |
| }, | |
| "policy/v1beta1": { | |
| "PodDisruptionBudget": "policy/v1", | |
| } |
There was a problem hiding this comment.
Very good suggestion, thank you! I also thought about these two additions but hesitated due to the fact that the substitutes for these deprecations were only introduced with Kubernetes v1.21. In other words, someone still running v1.20 would not be able to apply the recommended version without running into unforeseen issues. It seems that the 1.20 branch is also still maintained until 2022-02-28.
I'd therefore suggest to add the two deprecations you suggested only when 1.25 is released. Would you prefer having them added already now or would it be better to wait?
There was a problem hiding this comment.
Yes, you are right. It would be better to add it when 1.25 is released! Thank you so much 😊
Problem
Ingressinextensions/v1beta1recommendsapps/v1but correct would benetworking.k8s.io/v1negative.yamlincludes an Ingress withnetworking.k8s.io/v1beta1but this API version is also deprecatedProposed Changes
I submit this contribution under the Apache-2.0 license.