Sign upLogin

cyberark/secrets-provider-for-k8s

View on GitHub
Star
kics.config

Summary

Maintainability
Test Coverage
# All of the following issues are not a concern for the infrastructure files in this
# repository since they're only used in the build process or testing. Some of these
# issues are not of concern even for the production Dockerfiles.
exclude-queries:
  - 965a08d7-ef86-4f14-8792-4a3b2098937e # Apt Get Install Pin Version Not Defined
  - fd54f200-402c-4333-a5a4-36ef6709af2f # Missing User Instruction
  - ce76b7d0-9e77-464d-b86f-c5c48e03e22d # Container Capabilities Unrestricted
  - 8c978947-0ff6-485c-b0c2-0bfca6026466 # Shared Volumes Between Containers
  - 610e266e-6c12-4bca-9925-1ed0cd29742b # Security Opt Not Set
  - b03a748a-542d-44f4-bb86-9199ab4fd2d5 # Healthcheck Instruction Missing
  - 698ed579-b239-4f8f-a388-baa4bcb13ef8 # Healthcheck Not Set
  - 451d79dc-0588-476a-ad03-3c7f0320abb3 # Container Traffic Not Bound To Host Interface
  - df746b39-6564-4fed-bf85-e9c44382303c # Apt Get Install Lists Were Not Deleted
  - 4f31dd9f-2cc3-4751-9b53-67e4af83dac0 # Host Namespace is Shared
  - ce14a68b-1668-41a0-ab7d-facd9f784742 # Networks Not Set
  - cf34805e-3872-4c08-bf92-6ff7bb0cfadb # Container Running As Root
  - 02323c00-cdc3-4fdc-a310-4f2b3e7a1660 # Container Running With Low UID
  - b14d1bc4-a208-45db-92f0-e21f8e2588e9 # Memory Limits Not Defined
  - 229588ef-8fde-40c8-8756-f4f2b5825ded # Memory Requests Not Defined
  - a659f3b5-9bf0-438a-bd9a-7d3a6427f1e3 # Readiness Probe Is Not Configured
  - f377b83e-bd07-4f48-a591-60c82b14a78b # Seccomp Profile Is Not Configured
  - 48471392-d4d0-47c0-b135-cdec95eb3eef # Service Account Token Automount Not Disabled
  - c1032cf7-3628-44e2-bd53-38c17cf31b6b # Shared Service Account
  - d3499f6d-1651-41bb-a9a7-de925fea487b # Unpinned Package Version in Apk Add
  - f45ea400-6bbe-4501-9fc7-1c3d75c32067 # Image Version Using 'latest'
  - 4ac0e2b7-d2d2-4af7-8799-e8de6721ccda # CPU Limits Not Set
  - ca469dd4-c736-448f-8ac1-30a642705e0a # CPU Requests Not Set
  - b7652612-de4e-4466-a0bf-1cd81f0c6063 # Volume Mount With OS Directory Write Permissions
  - 9efb0b2d-89c9-41a3-91ca-dcc0aec911fd # Image Version Not Explicit
  - 7c81d34c-8e5a-402b-9798-9f442630e678 # Image Without Digest
  - 583053b7-e632-46f0-b989-f81ff8045385 # Invalid Image Tag
  - 8b36775e-183d-4d46-b0f7-96a6f34a723f # Missing AppArmor Profile
  - 4a20ebac-1060-4c81-95d1-1f7f620e983b # Pod or Container Without LimitRange
  - 48a5beba-e4c0-4584-a2aa-e6894e4cf424 # Pod or Container Without ResourceQuota
  - a9c2f49d-0671-4fc9-9ece-f4e261e128d0 # Root Container Not Mounted Read-only
  - 3d658f8b-d988-41a0-a841-40043121de1e # Secrets As Environment Variables
  - 555ab8f9-2001-455e-a077-f2d0f41e2fb9 # Unpinned Actions Full Length Commit SHA
  - e84eaf4d-2f45-47b2-abe8-e581b06deb66 # Ensure Administrative Boundaries Between Resources
  - ade74944-a674-4e00-859e-c6eab5bde441 # Liveness Probe Is Not Defined
  - 0008c003-79aa-42d8-95b8-1c2fe37dbfe6 # Multiple RUN, ADD, COPY, Instructions Listed
  - aa93e17f-b6db-4162-9334-c70334e7ac28 # Chown Flag Exists