Chip Zoller
Chip Zoller
### Problem Statement When Policy Reports are created from a rule in Audit mode and that rule is later modified with an exclusion (or an existing exclusion is widened) in...
### Problem Statement Chainsaw is growing more complex and capable with more resources as well as more complexity to each resource. It's becoming more difficult to remember the structure of...
### Problem Statement Observed on 0.1.9-0.1.7. See a test case [here](https://github.com/kyverno/policies/actions/runs/8315349402/job/22753621117#step:13:416) where an update (patch) is supposed to fail yet does not causing Chainsaw to patch endlessly until it reaches...
See updates as of June 2021: https://neonmirrors.net/post/2021-02/kubernetes-policy-comparison-opa-gatekeeper-vs-kyverno/
### Problem Statement RBAC permissions are still unnecessarily wide today in that `pods` and `pod/exec` are granted too broadly. This isn't necessary as the only Pod which needs to be...
Need to beef up the security posture of the internal Pod data mover so it has things like: * No use of `ubuntu:latest` * Passes the Pod Security Standards restricted...
### Problem Statement Users who need customization would like to use Helm to deploy DAS. ### Solution Description Support deployment via a Helm chart. ### Alternatives _No response_ ### Additional...
### Problem Statement The intermediary Pod responsible for the copy operation in case of scale downs is not currently configurable. Many users will need to configure this Pod according to...
[Here](https://ko.build/advanced/faq/#how-can-i-set-ldflags), broken link to `builds` section.
The `cosign-vuln` value is not listed in README as a possible value for `format` despite it being supported and available in Trivy.