Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add OpenShift SecurityContextConstraints object linting #650

Merged
merged 10 commits into from
Nov 2, 2023

Conversation

mancubus77
Copy link
Contributor

resolves #649

Add SecurityContextConstraints objects parsing, and adds check of allowPrivilegedContainer: true what enabled privileged mode to attached objects.

Name: scc-deny-privileged-container
Description: Indicates when allowPrivilegedContainer SSC set to True
Remediation: SecurityContextConstraints has AllowPrivilegedContainer set to "true". Using this option is dangerous, please consider using allowedCapabilities instead
Template: scc-deny-privileged-container
Parameters: map[AllowPrivilegedContainer:true]
Enabled by default: false

@mancubus77 mancubus77 requested a review from janisz as a code owner October 26, 2023 10:46
Copy link
Collaborator

@janisz janisz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, I've just left small nitpics comment

docs/generated/checks.md Outdated Show resolved Hide resolved
pkg/templates/sccdenypriv/template.go Outdated Show resolved Hide resolved
pkg/templates/sccdenypriv/template_test.go Outdated Show resolved Hide resolved
docs/generated/checks.md Outdated Show resolved Hide resolved
@mancubus77
Copy link
Contributor Author

Thank you @janisz
Updated according your advice

@mancubus77
Copy link
Contributor Author

👋 @janisz
Just wondering if you are fine with the commit
Thank you

@janisz janisz merged commit 41071a5 into stackrox:main Nov 2, 2023
7 checks passed
@janisz janisz added new-check enhancement New feature or request and removed new-check enhancement New feature or request labels Nov 2, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[FEATURE_REQUEST] Add OpenShift SecurityContextConstraints
2 participants