diff --git a/exceptions/kubescape.json b/exceptions/kubescape.json index 403314000..0f7dd69e0 100644 --- a/exceptions/kubescape.json +++ b/exceptions/kubescape.json @@ -1,4 +1,49 @@ [ + { + "name": "kubescape-ignore", + "policyType": "postureExceptionPolicy", + "actions": [ + "alertOnly" + ], + "attributes": { + "systemException": true + }, + "resources": [ + { + "designatorType": "Attributes", + "attributes": { + "kubescape.io/ignore": "true" + } + }, + { + "designatorType": "Attributes", + "attributes": { + "kubescape.io/ignore": "yes" + } + }, + { + "designatorType": "Attributes", + "attributes": { + "kubescape.io/ignore": "1" + } + }, + { + "designatorType": "Attributes", + "attributes": { + "kubescape.io/ignore": "enable" + } + }, + { + "designatorType": "Attributes", + "attributes": { + "kubescape.io/ignore": "enabled" + } + } + ], + "posturePolicies": [ + {} + ] + }, { "name": "exclude-kubescape-deployment-security-context", "policyType": "postureExceptionPolicy", @@ -89,6 +134,9 @@ }, { "controlID": "c-0058" + }, + { + "controlID": "c-0078" } ] }, @@ -392,6 +440,22 @@ "namespace": "kubescape" } }, + { + "designatorType": "Attributes", + "attributes": { + "kind": "ServiceAccount", + "name": "storage", + "namespace": "kubescape" + } + }, + { + "designatorType": "Attributes", + "attributes": { + "kind": "ServiceAccount", + "name": "kubevuln", + "namespace": "kubescape" + } + }, { "designatorType": "Attributes", "attributes": { @@ -520,12 +584,23 @@ "name": "kubescape-scheduler", "namespace": "kubescape" } + }, + { + "designatorType": "Attributes", + "attributes": { + "kind": "ServiceAccount", + "name": "storage", + "namespace": "kubescape" + } } ], "posturePolicies": [ { "controlID": "c-0030" }, + { + "controlID": "c-0034" + }, { "controlID": "c-0055" }, @@ -544,11 +619,17 @@ { "controlID": "c-0077" }, + { + "controlID": "c-0078" + }, { "controlID": "c-0210" }, { "controlID": "c-0211" + }, + { + "controlID": "c-0078" } ] },