From ff9f2705d74189bdebd3886bfb05ee027e78ad3b Mon Sep 17 00:00:00 2001
From: Dries De Peuter <dries@stenic.io>
Date: Sun, 12 Mar 2023 00:21:20 +0100
Subject: [PATCH] fix: kubescape

---
 .github/kubescape-exceptions.json | 22 ++++++++++++++++++++++
 .github/workflows/chart.yaml      |  2 +-
 2 files changed, 23 insertions(+), 1 deletion(-)
 create mode 100644 .github/kubescape-exceptions.json

diff --git a/.github/kubescape-exceptions.json b/.github/kubescape-exceptions.json
new file mode 100644
index 0000000..541f547
--- /dev/null
+++ b/.github/kubescape-exceptions.json
@@ -0,0 +1,22 @@
+[
+  {
+    "name": "exclude-default-namespace-control",
+    "policyType": "postureExceptionPolicy",
+    "actions": [
+      "alertOnly"
+    ],
+    "resources": [
+      {
+        "designatorType": "Attributes",
+        "attributes": {
+          "kind": ".*"
+        }
+      }
+    ],
+    "posturePolicies": [
+      {
+        "controlID": "CIS-5.7.4"
+      }
+    ]
+  }
+]
\ No newline at end of file
diff --git a/.github/workflows/chart.yaml b/.github/workflows/chart.yaml
index c5124cd..ab79987 100644
--- a/.github/workflows/chart.yaml
+++ b/.github/workflows/chart.yaml
@@ -78,7 +78,7 @@ jobs:
           version: v3.7.1
 
       - name: Scan helm 
-        run: helm template ./charts/well-known --generate-name --dry-run | kubescape scan --controls-config .github/kubescape-controls-inputs.json -v --fail-threshold 5 -
+        run: helm template ./charts/well-known --generate-name --dry-run | kubescape scan --controls-config .github/kubescape-controls-inputs.json --exceptions .github/kubescape-exceptions.json -v --fail-threshold 5 -
 
   pluto-scan:
     runs-on: ubuntu-latest