polaris icon indicating copy to clipboard operation
polaris copied to clipboard

Published 20 hours ago verified publisher icon FairwindsOps

FWI-2719: Enable and add exemptions for recently-added checks

Open ivanfetch-wt opened this issue 3 years ago • 2 comments

Checklist

  • [x] I have signed the CLA
  • [x] I have updated/added any relevant documentation

Description

What's the goal of this PR?

These checks are now enabled in the default Polaris configuration:

  • automountServiceAccountToken
  • linuxHardening
  • missingNetworkPolicy
  • sensitiveConfigmapContent and sensitiveContainerEnvVar
  • clusterrolebindingClusterAdmin, rolebindingClusterAdminClusterRole, and rolebindingClusterAdminRole
  • clusterrolePodExecAttach, rolePodExecAttach, clusterrolebindingPodExecAttach, rolebindingClusterRolePodExecAttach, and rolebindingRolePodExecAttach

Fixed the sensitiveContainerEnvVar check to ignore sensitive environment variable names when those variables use valueFrom to reference an external resource.

Added the *ClusterAdmin checks to examples/config-full.yaml.

ivanfetch-wt avatar Aug 31 '22 15:08 ivanfetch-wt

Fairwinds Insights CI Report

View the Full Report

:white_check_mark: No new Action Items detected!

fairwinds-insights[bot] avatar Aug 31 '22 15:08 fairwinds-insights[bot]

I'm waiting to merge this (making these checks live for the Polaris community) until a deeper round of initial testing has completed.

ivanfetch-wt avatar Aug 31 '22 19:08 ivanfetch-wt

Thanks for adding all the new test cases!

rbren avatar Nov 11 '22 18:11 rbren