rego-policies icon indicating copy to clipboard operation
rego-policies copied to clipboard

Published 20 hours ago verified publisher icon redhat-cop

Policy to deny pod running with high vulnerabilities

Open garethahealy opened this issue 3 years ago • 1 comments

Investigate if it's possible to hookup the data from the below operator to deny images that are bad:

  • https://operatorhub.io/operator/project-quay-container-security-operator

garethahealy avatar Aug 18 '20 13:08 garethahealy

@sabre1041 ; do you know if there is anything already in the quay ecosystem that would do this already?

garethahealy avatar Aug 18 '20 13:08 garethahealy

can be solved by RHACS (https://www.redhat.com/en/technologies/cloud-computing/openshift/advanced-cluster-security-kubernetes) or another admission controller (https://kyverno.io/policies/other/rec-req/require-vulnerability-scan/require-vulnerability-scan/)

garethahealy avatar Nov 14 '23 10:11 garethahealy