Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding VersionStream for gatekeeper-3.15 #17324

Merged
merged 2 commits into from
Apr 20, 2024
Merged

Conversation

octo-sts[bot]
Copy link
Contributor

@octo-sts octo-sts bot commented Apr 20, 2024

No description provided.

Copy link
Contributor

Package gatekeeper-3.15: Click to expand/collapse

Package gatekeeper-3.15:
Added: /.PKGINFO
Added: /usr/bin/manager

Package gatekeeper-3.15-compat: Click to expand/collapse

Package gatekeeper-3.15-compat:
Added: /.PKGINFO

Package gatekeeper-3.15-gator: Click to expand/collapse

Package gatekeeper-3.15-gator:
Added: /.PKGINFO
Added: /usr/bin/gator

bincapz found differences: Click to expand/collapse

Added: gatekeeper-3.15/usr/bin/manager

Overall risk: ✅ 2/MEDIUM

RISK KEY DESCRIPTION
meta lang c++
meta compiler go
+2/MEDIUM archives/zip works with zip files
+2/MEDIUM combo/net/host_port uses struct with JSON representations for host:port: "json:"hostname"
json:"ip"
json:"port""
+2/MEDIUM combo/net/tunnel_proxy network tunnel proxy: "Proxy
TLS13
TLSVersion
crypto
proxy
socket
tunnel"
+2/MEDIUM data/embedded/base64/terms contains base64 CERTIFICATE: "DRVJUSUZJQ0FUR::$CERTIFICATE
Q0VSVElGSUNBVE::$CERTIFICATE"
+2/MEDIUM data/embedded/html contains HTML content
+2/MEDIUM databases/mysql accesses MySQL databases
+2/MEDIUM evasion/content/length/0 sets HTTP content length to zero
+2/MEDIUM exec/program executes another program
+2/MEDIUM fs/permission/chown changes file ownership
+2/MEDIUM fs/permission/modify modifies file permissions
+2/MEDIUM kernel/dev/block/device accesses raw generic block devices: "/dev/sda1"
+2/MEDIUM kernel/uname/get get system identification (os_release)
+2/MEDIUM net/dns/reverse looks up the reverse hostname for an IP
+2/MEDIUM net/download downloads files
+2/MEDIUM net/fetch invokes curl: "curl -v -X"
+2/MEDIUM net/http/cookies able to access HTTP resources using cookies
+2/MEDIUM net/http/post able to submit content via HTTP POST
+2/MEDIUM net/ip/parse parses IP address (IPv4 or IPv6)
+2/MEDIUM net/mac/address retrieves network MAC address
+2/MEDIUM net/upload uploads files
+2/MEDIUM net/url/encode encodes URL, likely to pass GET variables
+2/MEDIUM net/url/request requests resources via URL
+2/MEDIUM procfs/self/cgroup accesses /proc files within own cgroup: "/proc/self/cgroupOTEL_SERVICE_NAMEalloc_bytes_tot"
+2/MEDIUM procfs/self/exe gets executable associated to this process
+2/MEDIUM ref/path/etc/hosts references /etc/hosts: "/etc/hosts"
+2/MEDIUM ref/path/tmp references paths within /tmp: "/tmp/auditevent_typeviolationsImplied
/tmp/auditfailed"
+2/MEDIUM ref/path/var/run references subfolder within /var/run: "/var/run/secrets/"
+2/MEDIUM ref/words/intercept references interception: "intercept"
+2/MEDIUM ref/words/server_address references a 'server address', possible C2 client: "preconditionsserverAddressincludeObjectfieldSelector
serverAddressByClientCIDRs"
+2/MEDIUM secrets/gcloud access gcloud configuration files: ".config/gcloud
application_default_credentials.json"
+1/LOW cloud/aws/metadata references the AWS EC2 metadata token
+1/LOW cloud/google/metadata includes the token required to use the Google Cloud Platform metadata server
+1/LOW compression/gzip works with gzip files
+1/LOW compression/zstd zstandard - fast real-time compression algorithm
+1/LOW crypto/aes supports AES (Advanced Encryption Standard)
+1/LOW crypto/ecdsa uses the Go crypto/ecdsa library
+1/LOW crypto/ed25519 elliptic curve algorithm used by TLS and SSH
+1/LOW crypto/tls tls
+1/LOW encoding/base64 supports base64 encoded strings
+1/LOW encoding/json supports JSON encoded objects
+1/LOW encoding/json/decode decodes JSON messages
+1/LOW encoding/json/encode encodes JSON
+1/LOW env/USER uSER
+1/LOW fs/directory/list uses Go functions to list a directory
+1/LOW fs/directory/remove uses libc functions to remove directories
+1/LOW fs/file/delete deletes files
+1/LOW fs/file/read reads files
+1/LOW fs/file/stat access filesystem information
+1/LOW fs/link/read read value of a symbolic link
+1/LOW fs/mount mounts file systems
+1/LOW fs/watch monitors filesystem events
+1/LOW kernel/cpu/info gets number of processors
+1/LOW kernel/hostname/get gets the hostname of the machine
+1/LOW kernel/netlink communicate with kernel services
+1/LOW kernel/seccomp operate on Secure Computing state of the process
+1/LOW net/dns uses DNS (Domain Name Service)
+1/LOW net/dns/txt uses DNS TXT (text) records
+1/LOW net/grpc uses the gRPC Remote Procedure Call framework
+1/LOW net/hostname/resolve uses Go to resolve network hosts
+1/LOW net/http/accept/encoding able to decode multiple forms of HTTP responses (example: gzip)
+1/LOW net/http/auth makes HTTP requests with basic authentication
+1/LOW net/http/request makes HTTP requests
+1/LOW net/http2 uses the HTTP/2 protocol
+1/LOW net/http_proxy able to use an HTTP proxy that requires authentication
+1/LOW net/ip/multicast/send send data to multiple nodes simultaneously
+1/LOW net/oauth2 supports OAuth2
+1/LOW net/sendfile transfer data between file descriptors
+1/LOW net/socket/listen listen on a socket
+1/LOW net/socket/local/address get local address of connected socket
+1/LOW net/socket/peer/address get peer address of connected socket
+1/LOW net/socket/receive receive a message from a socket
+1/LOW net/socket/send send a message to a socket
+1/LOW net/udp/receive listens for UDP responses
+1/LOW net/udp/send sends UDP packets
+1/LOW net/url handles URL strings
+1/LOW process/groupid/set set real and effective group ID of process
+1/LOW ref/path/etc references paths within /etc:
/etc/apache/mime.typesgzip
/etc/ceph/keyring.
/etc/ceph/user.secret
/etc/groupkubeconfig
/etc/hostsgetsockoptnetlinkribsetsock
/etc/httpd/conf/mime.typesmime
/etc/machine-id/etc/os-releaseheap
/etc/mime.types
/etc/nsswitch.confinvalid
/etc/passwd
/etc/pki/ca-trust/extracted/pem/tls-c
/etc/pki/tls/cacert.peminvalid
/etc/pki/tls/certs/ca-bundle.crtx
/etc/pki/tls/certsvalue
/etc/protocolsunknown
/etc/resolv.confnon-
/etc/servicesempty
/etc/ssl/ca-bundle.pemx
/etc/ssl/cert.peminvalid
/etc/ssl/certs/ca-certificates.crtadd
/etc/ssl/certsunexpected
/etc/zoneinfoparsing
+1/LOW ref/path/etc/resolv.conf accesses DNS resolver configuration: "/etc/resolv.conf"
+1/LOW ref/path/var references paths within /var:
/var/lib/dbus/machine-idDesc
/var/lib/dbus/machine-idTotal
/var/run/secrets/kubernetes.io/serviceaccount/ca.crtresource
/var/run/secrets/kubernetes.io/serviceaccount/namespaceunable
/var/run/secrets/kubernetes.io/serviceaccount/tokenuser
+1/LOW ref/site/url contains embedded HTTPS URLs:
https://127.0.0.1
https://access.redhat.com/documentation/en-us/red_hat_subscription_manage
https://accounts.google.com/o/oauth2/authhttps
https://cloud.google.com/blog/products/containers-kubernetes/kubectl-auth
https://cloud.google.com/docs/authentication/external/set-up-adcgrpc
https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-req
https://en.wikipedia.org/wiki/Cron.ClusterTrustBundleList
https://en.wikipedia.org/wiki/List_of_tz_database_time_zones.
https://examples.k8s.io/mysql-cinder-pd/README.mdAPIVersions
https://examples.k8s.io/mysql-cinder-pd/README.mdContainer
https://examples.k8s.io/mysql-cinder-pd/README.mdList
https://examples.k8s.io/mysql-cinder-pd/README.mdPersistentVolume
https://examples.k8s.io/mysql-cinder-pd/README.mdauditAnnotations
https://examples.k8s.io/volumes/cephfs/README.md
https://examples.k8s.io/volumes/glusterfs/README.mdGenerates
https://examples.k8s.io/volumes/glusterfs/README.mdIf
https://examples.k8s.io/volumes/iscsi/README.mdConverts
https://examples.k8s.io/volumes/rbd/README.mdReturns
https://examples.k8s.io/volumes/storageos/README.mdspec
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conv
https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gatesT
https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configu
https://git.k8s.io/enhancements/keps/sig-node/585-runtime-classaddresses
https://git.k8s.io/enhancements/keps/sig-node/585-runtime-classallocateLo
https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.mdR
https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.mdn
https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md
https://github.com/google/cel-spec
https://github.com/google/re2/wiki/Syntax.Watch
https://github.com/grpc/grpc/blob/master/doc/health-checking.md
https://github.com/kubernetes-sigs/windows-gmsa
https://github.com/kubernetes/apiserver/blob/master/pkg/authentication/us
https://github.com/kubernetes/enhancements/pull/1111the
https://github.com/kubernetes/enhancements/pull/1111volumeID
kubernetes/kubernetes#108255.
https://github.com/opencontainers/runtime-spec/blob/master/config.md
https://golang.org/pkg/time/
https://golang.org/pkg/unicode/
https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/
https://issue.k8s.io/106267AuditAnnotations
https://issues.k8s.io/61966Path
https://k8s.io/docs/reference/access-authn-authz/certificate-signing-requ
https://kubernetes-csi.github.io/docs/ephemeral-local-volumes.html
https://kubernetes.io/docs/concepts/architecture/garbage-collection/
https://kubernetes.io/docs/concepts/architecture/nodes/
https://kubernetes.io/docs/concepts/configuration/assign-pod-node/MaxLimi
https://kubernetes.io/docs/concepts/configuration/manage-resources-contai
https://kubernetes.io/docs/concepts/configuration/secret/
https://kubernetes.io/docs/concepts/configuration/secretID
https://kubernetes.io/docs/concepts/configuration/secretuncountedTerminat
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
https://kubernetes.io/docs/concepts/containers/images.includes
https://kubernetes.io/docs/concepts/containers/images/
https://kubernetes.io/docs/concepts/containers/imagesOS
https://kubernetes.io/docs/concepts/containers/runtime-class/Standard
https://kubernetes.io/docs/concepts/nodes/node/
https://kubernetes.io/docs/concepts/overview/working-with-objects/annotat
https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
https://kubernetes.io/docs/concepts/overview/working-with-objects/labelsT
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/
https://kubernetes.io/docs/concepts/overview/working-with-objects/namespa
https://kubernetes.io/docs/concepts/policy/resource-quotas/List
https://kubernetes.io/docs/concepts/policy/resource-quotas/secretRef
https://kubernetes.io/docs/concepts/policy/resource-quotas/volumeName
https://kubernetes.io/docs/concepts/scheduling-eviction/pod-overhead/APIG
https://kubernetes.io/docs/concepts/services-networking/service/MatchCons
https://kubernetes.io/docs/concepts/storage/persistent-volumes/
https://kubernetes.io/docs/concepts/storage/persistent-volumesItems
https://kubernetes.io/docs/concepts/storage/persistent-volumesfsType
https://kubernetes.io/docs/concepts/storage/volumesSpecifies
https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/
https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/Alloc
https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/Allow
https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/readO
https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-com
https://kubernetes.io/docs/concepts/workloads/controllers/replicationcont
https://kubernetes.io/docs/concepts/workloads/pods/init-containers/Cluste
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/
https://kubernetes.io/docs/concepts/workloads/pods/pod-qos/
https://kubernetes.io/docs/reference/access-authn-authz/authentication/
https://kubernetes.io/docs/reference/using-api/api-concepts/
https://kubernetes.io/docs/reference/using-api/cel/
https://kubernetes.io/docs/tasks/access-application-cluster/create-extern
https://kubernetes.io/docs/tasks/administer-cluster/namespaces/Pod
https://kubernetes.io/docs/tasks/administer-cluster/namespaces/secretFile
https://kubernetes.io/docs/tasks/configure-pod-container/configure-servic
https://kubernetes.io/docs/tasks/configure-pod-container/security-context
https://kubernetes.io/docs/tasks/inject-data-application/define-command-a
https://localhost
https://monitoring.googleapis.com/AWS_S3_US_EAST_1_REGIONAL_ENDPOINTAssum
https://oauth2.googleapis.com/device/codetimed
https://oauth2.googleapis.com/tokenoauth2/google
https://oauth2.mtls.googleapis.com/tokengrpc.io/server/received_messages_
https://opentelemetry.io/schemas/1.21.0failed
https://pkg.go.dev/crypto/tls
https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library
https://pkg.go.dev/text/templateselector
https://pr.k8s.io/79391
https://protobuf.dev/reference/go/faq
https://tools.ietf.org/html/rfc1123
https://tools.ietf.org/html/rfc4648
https://tools.ietf.org/html/rfc5280
https://www.googleapis.com/auth/cloud-platformk8s.io.api.admission.v1beta
https://www.googleapis.com/auth/monitoring.readB
https://www.googleapis.com/auth/monitoring.readactor
https://www.googleapis.com/auth/monitoring.writeB
https://www.googleapis.com/auth/monitoring.writeactor
https://www.googleapis.com/auth/monitoringno
https://www.googleapis.com/auth/trace.appendB
https://www.googleapis.com/auth/trace.appendk8s.io.api.admission.v1beta1.
https://www.iana.org/assignments/service-names
https://www.openpolicyagent.org/docs/latest/
https://www.rfc-editor.org/rfc/rfc6455
https://www.rfc-editor.org/rfc/rfc7540
+1/LOW ref/words/password references a password: "Password
password"
+1/LOW secrets/private_key references private keys: "privateKey
private_key"
+1/LOW time/tzinfo uses timezone information

Added: gatekeeper-3.15-gator/usr/bin/gator

Overall risk: ✅ 2/MEDIUM

RISK KEY DESCRIPTION
meta compiler go
meta lang c++
+2/MEDIUM archives/zip works with zip files
+2/MEDIUM combo/net/host_port uses struct with JSON representations for host:port: "json:"ip"
json:"port""
+2/MEDIUM combo/net/tunnel_proxy network tunnel proxy: "Proxy
TLS13
TLSVersion
crypto
proxy
socket
tunnel"
+2/MEDIUM data/embedded/html contains HTML content
+2/MEDIUM databases/mysql accesses MySQL databases
+2/MEDIUM evasion/content/length/0 sets HTTP content length to zero
+2/MEDIUM exec/program executes another program
+2/MEDIUM fs/permission/chown changes file ownership
+2/MEDIUM fs/permission/modify modifies file permissions
+2/MEDIUM kernel/dev/block/device accesses raw generic block devices: "/dev/sda1"
+2/MEDIUM kernel/uname/get get system identification (os_release)
+2/MEDIUM net/bpf bPF (Berkeley Packet Filter)
+2/MEDIUM net/dns/reverse looks up the reverse hostname for an IP
+2/MEDIUM net/download downloads files
+2/MEDIUM net/http/cookies able to access HTTP resources using cookies
+2/MEDIUM net/http/post able to submit content via HTTP POST
+2/MEDIUM net/ip/parse parses IP address (IPv4 or IPv6)
+2/MEDIUM net/mac/address retrieves network MAC address
+2/MEDIUM net/upload uploads files
+2/MEDIUM net/url/encode encodes URL, likely to pass GET variables
+2/MEDIUM net/url/request requests resources via URL
+2/MEDIUM process/chdir changes current working directory: "cd"
+2/MEDIUM ref/path/etc/hosts references /etc/hosts: "/etc/hosts"
+2/MEDIUM ref/path/var/run references subfolder within /var/run: "/var/run/secrets/"
+2/MEDIUM ref/site/http/dynamic uRL that is dynamically generated: "https://%sdirty"
+2/MEDIUM ref/words/intercept references interception: "intercept"
+2/MEDIUM ref/words/server_address references a 'server address', possible C2 client: "dserverAddressByClientCIDRs
preconditionsserverAddressincludeObjectfieldSelector"
+2/MEDIUM secrets/keychain may access the macOS keychain
+2/MEDIUM security_controls/linux/ufw interacts with the ufw firewall
+1/LOW compression/gzip works with gzip files
+1/LOW compression/zstd zstandard - fast real-time compression algorithm
+1/LOW crypto/aes supports AES (Advanced Encryption Standard)
+1/LOW crypto/ecdsa uses the Go crypto/ecdsa library
+1/LOW crypto/ed25519 elliptic curve algorithm used by TLS and SSH
+1/LOW crypto/tls tls
+1/LOW encoding/base64 supports base64 encoded strings
+1/LOW encoding/json supports JSON encoded objects
+1/LOW encoding/json/decode decodes JSON messages
+1/LOW encoding/json/encode encodes JSON
+1/LOW env/USER uSER
+1/LOW fs/directory/list uses Go functions to list a directory
+1/LOW fs/directory/remove uses libc functions to remove directories
+1/LOW fs/file/delete deletes files
+1/LOW fs/file/read reads files
+1/LOW fs/file/stat access filesystem information
+1/LOW fs/file/times/set change file timestamps with nanosecond precision
+1/LOW fs/link/create may create hard file links
+1/LOW fs/link/read read value of a symbolic link
+1/LOW fs/mount mounts file systems
+1/LOW fs/tempfile/create uses mktemp to create temporary files
+1/LOW fs/watch monitors filesystem events
+1/LOW kernel/cpu/info gets number of processors
+1/LOW kernel/hostname/get gets the hostname of the machine
+1/LOW kernel/netlink communicate with kernel services
+1/LOW kernel/seccomp operate on Secure Computing state of the process
+1/LOW net/dns uses DNS (Domain Name Service)
+1/LOW net/dns/txt uses DNS TXT (text) records
+1/LOW net/grpc uses the gRPC Remote Procedure Call framework
+1/LOW net/hostname/resolve uses Go to resolve network hosts
+1/LOW net/http/accept/encoding able to decode multiple forms of HTTP responses (example: gzip)
+1/LOW net/http/auth makes HTTP requests with basic authentication
+1/LOW net/http/request makes HTTP requests
+1/LOW net/http2 uses the HTTP/2 protocol
+1/LOW net/http_proxy able to use an HTTP proxy that requires authentication
+1/LOW net/ip/multicast/send send data to multiple nodes simultaneously
+1/LOW net/oauth2 supports OAuth2
+1/LOW net/sendfile transfer data between file descriptors
+1/LOW net/socket/listen listen on a socket
+1/LOW net/socket/local/address get local address of connected socket
+1/LOW net/socket/peer/address get peer address of connected socket
+1/LOW net/socket/receive receive a message from a socket
+1/LOW net/socket/send send a message to a socket
+1/LOW net/udp/receive listens for UDP responses
+1/LOW net/udp/send sends UDP packets
+1/LOW net/url handles URL strings
+1/LOW process/groupid/set set real and effective group ID of process
+1/LOW process/groups/set set group access list
+1/LOW ref/path/etc references paths within /etc:
/etc/apache/mime.typeshpack
/etc/bash
/etc/ceph/keyring.
/etc/ceph/user.secret
/etc/docker/certs.dservice
/etc/groupauthorizerexpressioncompari
/etc/hostsgetsockoptnetlinkrib
/etc/httpd/conf/mime.typesmime
/etc/machine-id/etc/os-release
/etc/mime.types
/etc/nsswitch.confinvalid
/etc/passwd
/etc/pki/ca-trust/extracted/pem/tls-c
/etc/pki/tls/cacert.peminvalid
/etc/pki/tls/certs/ca-bundle.crtx
/etc/pki/tls/certsnegative
/etc/protocolsunknown
/etc/resolv.confnon-
/etc/servicesunexpected
/etc/ssl/ca-bundle.pemx
/etc/ssl/cert.peminvalid
/etc/ssl/certs/ca-certificates.crtadd
/etc/ssl/certszero
/etc/zoneinfoparsing
+1/LOW ref/path/etc/resolv.conf accesses DNS resolver configuration: "/etc/resolv.conf"
+1/LOW ref/path/var references paths within /var:
/var/lib/dbus/machine-idinvalid
/var/lib/dbus/machine-idx509
/var/run/secrets/kubernetes.io/serviceaccount/ca.crtTokenRequestStatu
/var/run/secrets/kubernetes.io/serviceaccount/namespaceproto
/var/run/secrets/kubernetes.io/serviceaccount/tokenproto
+1/LOW ref/site/url contains embedded HTTPS URLs:
https://access.redhat.com/documentation/en-us/red_hat_subscription_manage
https://auth.docker.com/
https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-req
https://en.wikipedia.org/wiki/Cron.ClusterTrustBundleList
https://en.wikipedia.org/wiki/List_of_tz_database_time_zones.
https://examples.k8s.io/mysql-cinder-pd/README.mdAPIVersions
https://examples.k8s.io/mysql-cinder-pd/README.mdContainer
https://examples.k8s.io/mysql-cinder-pd/README.mdList
https://examples.k8s.io/mysql-cinder-pd/README.mdPersistentVolume
https://examples.k8s.io/mysql-cinder-pd/README.mdauditAnnotations
https://examples.k8s.io/volumes/cephfs/README.md
https://examples.k8s.io/volumes/glusterfs/README.mdGenerates
https://examples.k8s.io/volumes/glusterfs/README.mdIf
https://examples.k8s.io/volumes/iscsi/README.mdConverts
https://examples.k8s.io/volumes/rbd/README.mdReturns
https://examples.k8s.io/volumes/storageos/README.mdspec
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conv
https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gatesT
https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configu
https://git.k8s.io/enhancements/keps/sig-node/585-runtime-classaddresses
https://git.k8s.io/enhancements/keps/sig-node/585-runtime-classallocateLo
https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.mdR
https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.mdn
https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md
https://github.com/google/cel-spec
https://github.com/google/re2/wiki/Syntax.a
https://github.com/grpc/grpc/blob/master/doc/health-checking.md
https://github.com/kubernetes-sigs/windows-gmsa
https://github.com/kubernetes/apiserver/blob/master/pkg/authentication/us
https://github.com/kubernetes/enhancements/pull/1111volumeID
kubernetes/kubernetes#108255.
https://github.com/opencontainers/runtime-spec/blob/master/config.md
spf13/cobra#1279
spf13/cobra#1508
https://golang.org/pkg/time/
https://golang.org/pkg/unicode/
https://index.docker.io/v1/io.deis.oras.content.unpackio.deis.oras.conten
https://issue.k8s.io/106267AuditAnnotations
https://issues.k8s.io/61966Path
https://k8s.io/docs/reference/access-authn-authz/certificate-signing-requ
https://kubernetes-csi.github.io/docs/ephemeral-local-volumes.html
https://kubernetes.io/docs/concepts/architecture/garbage-collection/
https://kubernetes.io/docs/concepts/architecture/nodes/
https://kubernetes.io/docs/concepts/configuration/assign-pod-node/MaxLimi
https://kubernetes.io/docs/concepts/configuration/manage-resources-contai
https://kubernetes.io/docs/concepts/configuration/secret/
https://kubernetes.io/docs/concepts/configuration/secretID
https://kubernetes.io/docs/concepts/configuration/secretuncountedTerminat
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
https://kubernetes.io/docs/concepts/containers/images.includes
https://kubernetes.io/docs/concepts/containers/images/
https://kubernetes.io/docs/concepts/containers/imagesOS
https://kubernetes.io/docs/concepts/containers/runtime-class/Standard
https://kubernetes.io/docs/concepts/nodes/node/
https://kubernetes.io/docs/concepts/overview/working-with-objects/annotat
https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
https://kubernetes.io/docs/concepts/overview/working-with-objects/labelsT
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/
https://kubernetes.io/docs/concepts/overview/working-with-objects/namespa
https://kubernetes.io/docs/concepts/policy/resource-quotas/List
https://kubernetes.io/docs/concepts/policy/resource-quotas/secretRef
https://kubernetes.io/docs/concepts/policy/resource-quotas/volumeName
https://kubernetes.io/docs/concepts/scheduling-eviction/pod-overhead/The
https://kubernetes.io/docs/concepts/services-networking/service/MatchCons
https://kubernetes.io/docs/concepts/storage/persistent-volumes/
https://kubernetes.io/docs/concepts/storage/persistent-volumesItems
https://kubernetes.io/docs/concepts/storage/persistent-volumesfsType
https://kubernetes.io/docs/concepts/storage/volumesSpecifies
https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/
https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/Alloc
https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/Allow
https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/readO
https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-com
https://kubernetes.io/docs/concepts/workloads/controllers/replicationcont
https://kubernetes.io/docs/concepts/workloads/pods/init-containers/Cluste
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/
https://kubernetes.io/docs/concepts/workloads/pods/pod-qos/
https://kubernetes.io/docs/reference/access-authn-authz/authentication/
https://kubernetes.io/docs/reference/using-api/api-concepts/
https://kubernetes.io/docs/reference/using-api/cel/
https://kubernetes.io/docs/tasks/access-application-cluster/create-extern
https://kubernetes.io/docs/tasks/administer-cluster/namespaces/Pod
https://kubernetes.io/docs/tasks/administer-cluster/namespaces/secretFile
https://kubernetes.io/docs/tasks/configure-pod-container/configure-servic
https://kubernetes.io/docs/tasks/configure-pod-container/security-context
https://kubernetes.io/docs/tasks/inject-data-application/define-command-a
https://pkg.go.dev/crypto/tls
https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library
https://pkg.go.dev/text/templateselector
https://pr.k8s.io/79391
https://protobuf.dev/reference/go/faq
https://tools.ietf.org/html/rfc1123
https://tools.ietf.org/html/rfc4648
https://tools.ietf.org/html/rfc5280
https://www.iana.org/assignments/service-names
https://www.openpolicyagent.org/docs/latest/
https://www.rfc-editor.org/rfc/rfc6455
https://www.rfc-editor.org/rfc/rfc7540
+1/LOW ref/words/password references a password: "Password
password"
+1/LOW secrets/private_key references private keys: "privateKey
private_key"
+1/LOW time/tzinfo uses timezone information

@dlorenc dlorenc merged commit f4f449a into main Apr 20, 2024
8 checks passed
@dlorenc dlorenc deleted the version-stream-gatekeeper-3.15 branch April 20, 2024 14:52
@rawlingsj rawlingsj mentioned this pull request Apr 20, 2024
3 tasks
@ajayk ajayk mentioned this pull request Apr 24, 2024
11 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants