Comments (5)
kuettai
commented on May 20, 2024
1
@dorukozturk , herewith the proposed JSON output that will help:
{ "cluster_wide": { "security": { "iam": { "disable_anonymous_access_for_cluster_roles": ["RESOURCE#1", "RESOURCE#3"] }, "multi_tenancy": { "ensure_namespace_quotas_exist": ["RESOURCE#4"] } }, "reliability": { "applications": { "check_metrics_server_is_running": ["RESOURCE#1", "RESOURCE#2"], "check_vertical_pod_autoscaler_exists": ["RESOURCE#3"] } } }, "namespace_based": { "pod_security": { "disallow_container_socket_mount": ["RESOURCE#4", "RESOURCE#2", "RESOURCE#1"], "set_requests_limits_for_containers": ["RESOURCE#5"] } } }
from hardeneks.
kuettai
commented on May 20, 2024
Do we have estimate timeline on when this will be deliver? @dorukozturk
from hardeneks.
dorukozturk
commented on May 20, 2024
@kuettai Realistically, early March I can deliver this. Even though it is relatively simple, I am planning to refactor the code a little and will try to integrate this feature as part of that big refactor.
from hardeneks.
mission-coliveros
commented on May 20, 2024
I'd also be interested in this. Would simplify the process of introducing failed checks to a board
from hardeneks.
dorukozturk
commented on May 20, 2024
@mission-coliveros This PR implements it (#21). It is getting reviewed and will be merged soon. After that I will release the new version and close this issue. Thanks for trying :)
from hardeneks.
Related Issues (20)
- System ClusterRoles should have '*' in Verbs or Resources and Maybe Others? HOT 1
- Unique identifier for each rules HOT 1
- Hardeneks doesn't work through the SSH tunnel HOT 5
- brew packaging HOT 5
- Add Date and Time to the Report Output HOT 1
- Not Able to Run On Windows
- Namespaces should have psa modes. - Not working HOT 3
- False Positive With "Don't bind clusterroles to anonymous/unauthenticated groups." HOT 2
- False Positive with "Update the aws-node daemonset to use IRSA." HOT 3
- Feature Request: Add a flag to generate a config file with all rules HOT 2
- HTML output is narrowed in linux runtime HOT 3
- JSON report not similar to HTML or TXT
- Typo for result object in rule "Namespaces should have quotas assigned" HOT 1
- doesn't work with sso HOT 4
- Check for runAsUser and runAsGroup at container level HOT 1
- Read-only root file system check broken if the container.security_context not defined HOT 1
- JSON Output Overwrites Results for Different Namespaces HOT 1
- Link is truncated for long links HOT 4
- Possibility to export to save the report HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hardeneks.