122 lines
No EOL
2.3 KiB
JSON
122 lines
No EOL
2.3 KiB
JSON
{
|
|
"cpu_limit_max": [],
|
|
"cpu_limit_min": [],
|
|
"cpu_request_max": [],
|
|
"cpu_request_min": [],
|
|
"imageRepositoryAllowList": [
|
|
"ghcr.io"
|
|
],
|
|
"insecureCapabilities": [
|
|
"SETPCAP",
|
|
"NET_ADMIN",
|
|
"NET_RAW",
|
|
"SYS_MODULE",
|
|
"SYS_RAWIO",
|
|
"SYS_PTRACE",
|
|
"SYS_ADMIN",
|
|
"SYS_BOOT",
|
|
"MAC_OVERRIDE",
|
|
"MAC_ADMIN",
|
|
"PERFMON",
|
|
"ALL",
|
|
"BPF"
|
|
],
|
|
"k8sRecommendedLabels": [
|
|
"app.kubernetes.io/name",
|
|
"app.kubernetes.io/instance",
|
|
"app.kubernetes.io/version",
|
|
"app.kubernetes.io/component",
|
|
"app.kubernetes.io/part-of",
|
|
"app.kubernetes.io/managed-by",
|
|
"app.kubernetes.io/created-by"
|
|
],
|
|
"listOfDangerousArtifcats": [
|
|
"bin/bash",
|
|
"sbin/sh",
|
|
"bin/ksh",
|
|
"bin/tcsh",
|
|
"bin/zsh",
|
|
"usr/bin/scsh",
|
|
"bin/csh",
|
|
"bin/busybox",
|
|
"usr/bin/busybox"
|
|
],
|
|
"max_critical_vulnerabilities": [
|
|
"5"
|
|
],
|
|
"max_high_vulnerabilities": [
|
|
"10"
|
|
],
|
|
"memory_limit_max": [],
|
|
"memory_limit_min": [],
|
|
"memory_request_max": [],
|
|
"memory_request_min": [],
|
|
"publicRegistries": [
|
|
"quay.io",
|
|
"registry.hub.docker.com"
|
|
],
|
|
"recommendedLabels": [
|
|
"app.kubernetes.io/name",
|
|
"app.kubernetes.io/instance"
|
|
],
|
|
"sensitiveInterfaces": [
|
|
"nifi",
|
|
"argo-server",
|
|
"weave-scope-app",
|
|
"kubeflow",
|
|
"kubernetes-dashboard"
|
|
],
|
|
"sensitiveKeyNames": [
|
|
"aws_access_key_id",
|
|
"aws_secret_access_key",
|
|
"azure_batchai_storage_account",
|
|
"azure_batchai_storage_key",
|
|
"azure_batch_account",
|
|
"azure_batch_key",
|
|
"secret",
|
|
"key",
|
|
"password",
|
|
"pwd",
|
|
"token",
|
|
"jwt",
|
|
"bearer",
|
|
"credential"
|
|
],
|
|
"sensitiveValues": [
|
|
"BEGIN \\w+ PRIVATE KEY",
|
|
"PRIVATE KEY",
|
|
"eyJhbGciO",
|
|
"JWT",
|
|
"Bearer"
|
|
],
|
|
"sensitiveValuesAllowed": [],
|
|
"servicesNames": [
|
|
"nifi-service",
|
|
"argo-server",
|
|
"minio",
|
|
"postgres",
|
|
"workflow-controller-metrics",
|
|
"weave-scope-app",
|
|
"kubernetes-dashboard"
|
|
],
|
|
"untrustedRegistries": [],
|
|
"wlKnownNames": [
|
|
"coredns",
|
|
"kube-proxy",
|
|
"event-exporter-gke",
|
|
"kube-dns",
|
|
"17-default-backend",
|
|
"metrics-server",
|
|
"ca-audit",
|
|
"ca-dashboard-aggregator",
|
|
"ca-notification-server",
|
|
"ca-ocimage",
|
|
"ca-oracle",
|
|
"ca-posture",
|
|
"ca-rbac",
|
|
"ca-vuln-scan",
|
|
"ca-webhook",
|
|
"ca-websocket",
|
|
"clair-clair"
|
|
]
|
|
} |