checkov
checkov copied to clipboard
bridgecrewio
CKV_ARGO_1 / CKV_ARGO_2 - false positives for kinds Application / ApplicationSet / AppProject
Describe the issue CKV_ARGO_1 / CKV_ARGO_2 checks trigger false positives for argocd kinds Application / ApplicationSet / AppProject
Examples
# AppProject
---
apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
name: default
spec:
clusterResourceWhitelist:
- group: "*"
kind: "*"
destinations:
- namespace: "*"
server: "*"
sourceRepos:
- "*"
# Application
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cert-manager
spec:
destination:
namespace: cert-manager
server: https://kubernetes.default.svc
project: default
source:
chart: cert-manager
helm:
values: |
installCRDs: true
prometheus:
enabled: false
repoURL: https://charts.jetstack.io
targetRevision: v1.9.0
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
# ApplicationSet
---
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: cert-manager
spec:
generators:
- matrix:
generators:
- list:
elements:
- env: dev
- env: qa
- env: preprod
- env: demo
- env: training
template:
metadata:
name: "cert-manager-{{env}}"
spec:
project: "{{env}}"
source:
chart: cert-manager
helm:
values: |
installCRDs: true
prometheus:
enabled: false
repoURL: https://charts.jetstack.io
targetRevision: v1.9.0
destination:
namespace: "cert-manager-{{env}}"
server: https://kubernetes.default.svc
Version (please complete the following information):
- 2.1.207
