-
Notifications
You must be signed in to change notification settings - Fork 497
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
0fa06ff
commit 31fd3f3
Showing
91 changed files
with
534 additions
and
352 deletions.
There are no files selected for viewing
26 changes: 14 additions & 12 deletions
26
pkg/policies/opa/rego/k8s/kubernetes_ingress/AC-K8-NS-IN-H-0020.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,14 +1,16 @@ | ||
{ | ||
"name": "noHttps", | ||
"file": "noHttps.rego", | ||
"template_args": { | ||
"name": "noHttps", | ||
"prefix": "", | ||
"suffix": "" | ||
}, | ||
"severity": "HIGH", | ||
"description": "TLS disabled can affect the confidentiality of the data in transit", | ||
"reference_id": "AC-K8-NS-IN-H-0020", | ||
"category": "Infrastructure Security", | ||
"version": 1 | ||
} | ||
"file": "noHttps.rego", | ||
"policy_type": "k8s", | ||
"resource_type": "kubernetes_ingress", | ||
"template_args": { | ||
"name": "noHttps", | ||
"prefix": "", | ||
"suffix": "" | ||
}, | ||
"severity": "HIGH", | ||
"description": "TLS disabled can affect the confidentiality of the data in transit", | ||
"reference_id": "AC-K8-NS-IN-H-0020", | ||
"category": "Infrastructure Security", | ||
"version": 1 | ||
} |
26 changes: 14 additions & 12 deletions
26
pkg/policies/opa/rego/k8s/kubernetes_namespace/AC-K8-OE-NS-L-0128.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,14 +1,16 @@ | ||
{ | ||
"name": "noOwnerLabel", | ||
"file": "noOwnerLabel.rego", | ||
"template_args": { | ||
"name": "noOwnerLabel", | ||
"prefix": "", | ||
"suffix": "" | ||
}, | ||
"severity": "LOW", | ||
"description": "No owner for namespace affects the operations", | ||
"reference_id": "AC-K8-OE-NS-L-0128", | ||
"category": "Security Best Practices", | ||
"version": 1 | ||
} | ||
"file": "noOwnerLabel.rego", | ||
"policy_type": "k8s", | ||
"resource_type": "kubernetes_namespace", | ||
"template_args": { | ||
"name": "noOwnerLabel", | ||
"prefix": "", | ||
"suffix": "" | ||
}, | ||
"severity": "LOW", | ||
"description": "No owner for namespace affects the operations", | ||
"reference_id": "AC-K8-OE-NS-L-0128", | ||
"category": "Security Best Practices", | ||
"version": 1 | ||
} |
2 changes: 2 additions & 0 deletions
2
pkg/policies/opa/rego/k8s/kubernetes_namespace/accurics.kubernetes.OPS.460.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 2 additions & 0 deletions
2
pkg/policies/opa/rego/k8s/kubernetes_namespace/accurics.kubernetes.OPS.461.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 2 additions & 0 deletions
2
pkg/policies/opa/rego/k8s/kubernetes_namespace/accurics.kubernetes.OPS.462.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
40 changes: 21 additions & 19 deletions
40
pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-CA-PO-H-0165.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,21 +1,23 @@ | ||
{ | ||
"name": "privilegeEscalationCheck", | ||
"file": "securityContextCheck.rego", | ||
"template_args": { | ||
"allowed": "false", | ||
"arg1": "cpu", | ||
"arg2": "limits", | ||
"name": "privilegeEscalationCheck", | ||
"not_allowed": "true", | ||
"param": "allowPrivilegeEscalation", | ||
"param1": "securityContext", | ||
"prefix": "", | ||
"suffix": "", | ||
"value": "true" | ||
}, | ||
"severity": "HIGH", | ||
"description": "Containers Should Not Run with AllowPrivilegeEscalation", | ||
"reference_id": "AC-K8-CA-PO-H-0165", | ||
"category": "Compliance Validation", | ||
"version": 1 | ||
} | ||
"file": "securityContextCheck.rego", | ||
"policy_type": "k8s", | ||
"resource_type": "kubernetes_pod", | ||
"template_args": { | ||
"allowed": "false", | ||
"arg1": "cpu", | ||
"arg2": "limits", | ||
"name": "privilegeEscalationCheck", | ||
"not_allowed": "true", | ||
"param": "allowPrivilegeEscalation", | ||
"param1": "securityContext", | ||
"prefix": "", | ||
"suffix": "", | ||
"value": "true" | ||
}, | ||
"severity": "HIGH", | ||
"description": "Containers Should Not Run with AllowPrivilegeEscalation", | ||
"reference_id": "AC-K8-CA-PO-H-0165", | ||
"category": "Compliance Validation", | ||
"version": 1 | ||
} |
26 changes: 14 additions & 12 deletions
26
pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-DS-PO-M-0176.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,14 +1,16 @@ | ||
{ | ||
"name": "kubeDashboardEnabled", | ||
"file": "kubeDashboardEnabled.rego", | ||
"template_args": { | ||
"name": "kubeDashboardEnabled", | ||
"prefix": "", | ||
"suffix": "" | ||
}, | ||
"severity": "MEDIUM", | ||
"description": "Ensure Kubernetes Dashboard Is Not Deployed", | ||
"reference_id": "AC-K8-DS-PO-M-0176", | ||
"category": "Data Protection", | ||
"version": 1 | ||
} | ||
"file": "kubeDashboardEnabled.rego", | ||
"policy_type": "k8s", | ||
"resource_type": "kubernetes_pod", | ||
"template_args": { | ||
"name": "kubeDashboardEnabled", | ||
"prefix": "", | ||
"suffix": "" | ||
}, | ||
"severity": "MEDIUM", | ||
"description": "Ensure Kubernetes Dashboard Is Not Deployed", | ||
"reference_id": "AC-K8-DS-PO-M-0176", | ||
"category": "Data Protection", | ||
"version": 1 | ||
} |
26 changes: 14 additions & 12 deletions
26
pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-DS-PO-M-0177.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,14 +1,16 @@ | ||
{ | ||
"name": "tillerDeployed", | ||
"file": "tillerDeployed.rego", | ||
"template_args": { | ||
"name": "tillerDeployed", | ||
"prefix": "", | ||
"suffix": "" | ||
}, | ||
"severity": "MEDIUM", | ||
"description": "Ensure That Tiller (Helm V2) Is Not Deployed", | ||
"reference_id": "AC-K8-DS-PO-M-0177", | ||
"category": "Data Protection", | ||
"version": 1 | ||
} | ||
"file": "tillerDeployed.rego", | ||
"policy_type": "k8s", | ||
"resource_type": "kubernetes_pod", | ||
"template_args": { | ||
"name": "tillerDeployed", | ||
"prefix": "", | ||
"suffix": "" | ||
}, | ||
"severity": "MEDIUM", | ||
"description": "Ensure That Tiller (Helm V2) Is Not Deployed", | ||
"reference_id": "AC-K8-DS-PO-M-0177", | ||
"category": "Data Protection", | ||
"version": 1 | ||
} |
2 changes: 2 additions & 0 deletions
2
pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-H-0106.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 2 additions & 0 deletions
2
pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-H-0137.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 2 additions & 0 deletions
2
pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-H-0138.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 2 additions & 0 deletions
2
pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-H-0168.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 2 additions & 0 deletions
2
pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-M-0105.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 2 additions & 0 deletions
2
pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-M-0135.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 2 additions & 0 deletions
2
pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-M-0139.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 2 additions & 0 deletions
2
pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-M-0140.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 2 additions & 0 deletions
2
pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-M-0141.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 2 additions & 0 deletions
2
pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-M-0143.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 2 additions & 0 deletions
2
pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-M-0162.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 2 additions & 0 deletions
2
pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PS-M-0112.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
26 changes: 14 additions & 12 deletions
26
pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-NS-PO-H-0117.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,14 +1,16 @@ | ||
{ | ||
"name": "secretsAsEnvVariables", | ||
"file": "secretsAsEnvVariables.rego", | ||
"template_args": { | ||
"name": "secretsAsEnvVariables", | ||
"prefix": "", | ||
"suffix": "" | ||
}, | ||
"severity": "HIGH", | ||
"description": "Prefer using secrets as files over secrets as environment variables", | ||
"reference_id": "AC-K8-NS-PO-H-0117", | ||
"category": "Infrastructure Security", | ||
"version": 1 | ||
} | ||
"file": "secretsAsEnvVariables.rego", | ||
"policy_type": "k8s", | ||
"resource_type": "kubernetes_pod", | ||
"template_args": { | ||
"name": "secretsAsEnvVariables", | ||
"prefix": "", | ||
"suffix": "" | ||
}, | ||
"severity": "HIGH", | ||
"description": "Prefer using secrets as files over secrets as environment variables", | ||
"reference_id": "AC-K8-NS-PO-H-0117", | ||
"category": "Infrastructure Security", | ||
"version": 1 | ||
} |
26 changes: 14 additions & 12 deletions
26
pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-NS-PO-H-0170.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,14 +1,16 @@ | ||
{ | ||
"name": "capSysAdminUsed", | ||
"file": "capSysAdminUsed.rego", | ||
"template_args": { | ||
"name": "capSysAdminUsed", | ||
"prefix": "", | ||
"suffix": "" | ||
}, | ||
"severity": "HIGH", | ||
"description": "Do Not Use CAP_SYS_ADMIN Linux Capability", | ||
"reference_id": "AC-K8-NS-PO-H-0170", | ||
"category": "Infrastructure Security", | ||
"version": 1 | ||
} | ||
"file": "capSysAdminUsed.rego", | ||
"policy_type": "k8s", | ||
"resource_type": "kubernetes_pod", | ||
"template_args": { | ||
"name": "capSysAdminUsed", | ||
"prefix": "", | ||
"suffix": "" | ||
}, | ||
"severity": "HIGH", | ||
"description": "Do Not Use CAP_SYS_ADMIN Linux Capability", | ||
"reference_id": "AC-K8-NS-PO-H-0170", | ||
"category": "Infrastructure Security", | ||
"version": 1 | ||
} |
26 changes: 14 additions & 12 deletions
26
pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-NS-PO-M-0122.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,14 +1,16 @@ | ||
{ | ||
"name": "securityContextUsed", | ||
"file": "securityContextUsed.rego", | ||
"template_args": { | ||
"name": "securityContextUsed", | ||
"prefix": "", | ||
"suffix": "" | ||
}, | ||
"severity": "MEDIUM", | ||
"description": "Apply Security Context to Your Pods and Containers", | ||
"reference_id": "AC-K8-NS-PO-M-0122", | ||
"category": "Infrastructure Security", | ||
"version": 1 | ||
} | ||
"file": "securityContextUsed.rego", | ||
"policy_type": "k8s", | ||
"resource_type": "kubernetes_pod", | ||
"template_args": { | ||
"name": "securityContextUsed", | ||
"prefix": "", | ||
"suffix": "" | ||
}, | ||
"severity": "MEDIUM", | ||
"description": "Apply Security Context to Your Pods and Containers", | ||
"reference_id": "AC-K8-NS-PO-M-0122", | ||
"category": "Infrastructure Security", | ||
"version": 1 | ||
} |
Oops, something went wrong.