-
Notifications
You must be signed in to change notification settings - Fork 48
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
improve remediation - return fix path in every case #614
Conversation
Signed-off-by: YiscahLevySilas1 <[email protected]>
PR Description updated to latest commit (9abea86) |
PR Review
✨ Review tool usage guide:Overview: The tool can be triggered automatically every time a new PR is opened, or can be invoked manually by commenting on any PR.
See the review usage page for a comprehensive guide on using this tool. |
PR Code Suggestions
✨ Improve tool usage guide:Overview:
See the improve usage page for a comprehensive guide on using this tool. |
Summary:
|
Signed-off-by: YiscahLevySilas1 <[email protected]>
Summary:
|
User description
Overview
Type
enhancement
Description
is_allow_privilege_escalation_container
.get_fix_path
to generate fix paths for adjusting container security contexts.Changes walkthrough
raw.rego
Simplify Privilege Escalation Check and Introduce Fix Path Generation
rules/rule-allow-privilege-escalation/raw.rego
is_allow_privilege_escalation_container
function to nolonger return paths.
get_fix_path
function to generate fix paths for securitycontext adjustments.
expected.json
Update Expected Test Output for CronJob
rules/rule-allow-privilege-escalation/test/cronjob/expected.json
generation.
expected.json
Update Expected Test Output for Pod
rules/rule-allow-privilege-escalation/test/pod/expected.json
structure.
expected.json
Update Expected Test Output for Workloads
rules/rule-allow-privilege-escalation/test/workloads/expected.json
logic.