New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Handle Pod Security Context #2630
Handle Pod Security Context #2630
Conversation
ben-elttam
commented
Jan 3, 2023
- Original rule only considered security context at container level, but security context can be applied at pod level as well.
- Updated the rules to handle both levels. This reduces false positives.
- Kubernetes gives precedence to container security context, test file includes positive/negative cases where both pod and container security context exist.
- Original rule only considered security context at container level, but security context can be applied at pod level as well. - Updated the rules to handle both levels. This reduces false positives. - Kubernetes gives precedence to container security context, test file includes positive/negative cases where both pod and container security context exist.
The pre-commit hook yaml check fails because of multi-document yaml in the tests. |
- This is rules from upstream PR semgrep/semgrep-rules#2630
- This file used to be excluded from check-yaml in pre-commit. - It's actually multi-document, hence the duplicate keys, but missing the `---` delinator. - Add missing `---` - Future updates will be checked against check-yaml with allow multi-documents.
I've updated |
I fixed the pre-commit exclude/include regex, it needed the full path.
|