kubewarden-controller

kubewarden-controller copied to clipboard

Our policies have constants updates from dependabot. But we do not release these changes often. For this reason, it would be nice to add a periodic job (e.g. every month)...

jvanz

### Is your feature request related to a problem? Some metrics are useful in the lifecycle of a project to better understand how the project is evolving. I would love...

olblak

Fix Kubewarden policies version dates

5

The Kubewarden policies published in the Artifacthub have wrong dates for their version. For example the [allow-privilege-escalation-psp](https://artifacthub.io/packages/kubewarden/allow-privilege-escalation-psp/allow-privilege-escalation-psp) and [environment-variable-policy](https://artifacthub.io/packages/kubewarden/environment-variable-policy/environment-variable-policy) show `19 Jul, 2022` as the last release date. But this...

jvanz

These are the policies that require access to the image scanner service of NV: * [ ] CVE names * [ ] CVE score * [ ] count of high...

flavio

Update some of our policies that are targeting `Pod`, to make them process higher level objects

11

Update some of our policies that are targeting `Pod`, to make them process higher level objects like deployments. This is a better practice because we prevent the resources to be...

jvanz

Research a solution to allow operator rejects requests using not allowed Kubernetes API versions.

2

Bad actors could deploy workloads using features (API versions) not cover by the admission controller. Thus, bypassing the validations. We should look for a solution of how to prevent this...

jvanz

[FOSSA] Issue with github.com/chzyer/logex - UNLICENSED_DEPENDENCY

2

## UNLICENSED_DEPENDENCY - github.com/chzyer/logex (v1.1.10) [View issue on FOSSA](https://app.fossa.com/projects/custom%2B25850%2Fgithub.com%2Fkubewarden%2Fkubewarden-controller/refs/branch/main/b689790aad9413b44672b2fa5b9311e9a837209d/issues/licensing/1922379?filter=unlicensed_dependency&revScanId=29850560&status=any) ### Component URL https://proxy.golang.org/github.com/chzyer/logex/@v/v1.1.10.zip ### Affected Projects - https://github.com/kubewarden/kubewarden-controller - rancher/rancher ### Issue This dependency hasn't specified a license. You may...

flavio

Feature Request: Kubewarden Telemetry

4

### Is your feature request related to a problem? In an attempt to better understand how users benefit from Kubewarden, It would be interesting to start collecting various information from...

olblak

As described at [threat #11 ](https://github.com/kubewarden/rfc/blob/main/rfc/0006-threat-model.md#threat-11---attacker-deploys-workloads-to-namespaces-that-are--exempt-from-admission-control)of the threat mode, bad actors can deploy workloads to namespaces not cover in the admission control. To help mitigate this, `ClusterAdmissionPolicy` could have a...

jvanz

There are some threat from the threat model that explain how a bad actor could intercept the traffic between the admission controller and API server. To mitigate this, the Kubewarden...

jvanz