Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: k8s policy subtype support #1502

Merged
merged 1 commit into from
Dec 1, 2023
Merged

feat: k8s policy subtype support #1502

merged 1 commit into from
Dec 1, 2023

Conversation

chen-keinan
Copy link
Contributor

@simar7
Copy link
Member

simar7 commented Nov 29, 2023

Couple of points on this:

  1. We have a test for this here if you can update that test and use the latest defsec within trivy-iac to try it out, it'll be great.
  2. We might also need to revisit this

    defsec/pkg/rego/scanner.go

    Lines 299 to 306 in d640376

    case string: // k8s
    // TODO(simar): This logic probably needs to be revisited
    if services == st.Group ||
    services == st.Version ||
    services == st.Kind {
    return true
    }
    }

@chen-keinan
Copy link
Contributor Author

Couple of points on this:

  1. We have a test for this here if you can update that test and use the latest defsec within trivy-iac to try it out, it'll be great.
  2. We might also need to revisit this

    defsec/pkg/rego/scanner.go

    Lines 299 to 306 in d640376

    case string: // k8s
    // TODO(simar): This logic probably needs to be revisited
    if services == st.Group ||
    services == st.Version ||
    services == st.Kind {
    return true
    }
    }

@simar7 I assume this need to be done after merging the PR and updating trivy-iac dep.

@simar7
Copy link
Member

simar7 commented Dec 1, 2023

Couple of points on this:

  1. We have a test for this here if you can update that test and use the latest defsec within trivy-iac to try it out, it'll be great.
  2. We might also need to revisit this

    defsec/pkg/rego/scanner.go

    Lines 299 to 306 in d640376

    case string: // k8s
    // TODO(simar): This logic probably needs to be revisited
    if services == st.Group ||
    services == st.Version ||
    services == st.Kind {
    return true
    }
    }

@simar7 I assume this need to be done after merging the PR and updating trivy-iac dep.

Sure just wanted to remind. You can add it later or you can use this SHA as a commit hash to test this while adding the testcase. But I assume you've tested it locally.

@simar7 simar7 merged commit 455085f into aquasecurity:master Dec 1, 2023
5 checks passed
@chen-keinan chen-keinan mentioned this pull request Dec 3, 2023
Merged
@simar7 simar7 mentioned this pull request Jan 10, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@simar7 simar7 simar7 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@chen-keinan @simar7