shuting

This field is defined as a pointer to an Enum, we can't use the kubebuilder tag to specify default. https://github.com/kyverno/kyverno/blob/44c0206463e8a809223f3ef175e3418981de780d/api/kyverno/v1/spec_types.go#L67 Alternatively, we can mutate this field via policy mutating webhook...

I realized we no longer do policy mutations via webhook: https://github.com/kyverno/kyverno/blob/main/pkg/webhooks/policy/handlers.go#L43 A similar situation also applies to `spec.applyRules` where we define a default value but it is not set in...

@prady0t - see this as a reference: https://github.com/kyverno/kyverno/blob/c2e388a71c1f9d903e8d925bb74f27502405e924/api/kyverno/v1/spec_types.go#L261-L266 Instead of mutating this field in the policy, we can set default whenever fetches it.

@prady0t - are you still working on this?

What does this command return? ``` kubectl auth can-i get secret --as system:serviceaccount:kyverno:kyverno-admission-controller ```

Hi @eddie-knight, thank you for your input, and thanks to @angellk for assisting with triage. We understand that TAG Security & Compliance is currently undergoing the chartering process. In the...

> [@realshuting](https://github.com/realshuting) We noticed that a self assessment was already created and will only need to be updated with the latest accurate info: > > https://github.com/cncf/tag-security/blob/main/community/assessments/projects/kyverno/self-assessment.md Thank you @eddie-knight for...

> > [@realshuting](https://github.com/realshuting) We noticed that a self assessment was already created and will only need to be updated with the latest accurate info: > > https://github.com/cncf/tag-security/blob/main/community/assessments/projects/kyverno/self-assessment.md > > Thank...

> [@realshuting](https://github.com/realshuting) And don't forget to work on the feedback given on your PR! [cncf/tag-security#1486](https://github.com/cncf/tag-security/pull/1486) Thank you for your patience, @JustinCappos. I have updated the PR based on your feedback....

Thanks @eddie-knight and @JustinCappos for the remindar, and apologies for the delayed reply. We’re ready to proceed with the Kyverno joint security assessment: - Primary contact: @realshuting - Backup contact:...