diff --git a/.dockerignore b/.dockerignore
index da4cea2d..efe92de7 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -2,5 +2,16 @@
 README.md
 /execs
 *_test.go
-k8s
-*.yml
\ No newline at end of file
+*.yml
+/krew
+/notes
+/junit
+/dist
+/change_logs
+/assets
+/.github
+/.idea
+/.vscode
+/aa_dead
+/k8s
+/k8s1
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
index 117c0603..5860a1b0 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,25 +1,20 @@
 # -----------------------------------------------------------------------------
 # Build...
-FROM golang:1.13.5-alpine AS build
+FROM golang:1.14.4-alpine AS build
 
-ENV VERSION=v0.8.0 GO111MODULE=on PACKAGE=github.com/derailed/popeye
+WORKDIR /popeye
 
-WORKDIR /go/src/$PACKAGE
-
-COPY go.mod go.sum main.go ./
+COPY go.mod go.sum main.go Makefile ./
 COPY internal internal
+COPY cmd cmd
 COPY types types
 COPY pkg pkg
-COPY cmd cmd
-
-RUN apk update && apk upgrade ;\
-  apk --no-cache add git ca-certificates ;\
-  CGO_ENABLED=0 GOOS=linux go build -o /go/bin/popeye \
-  -trimpath -ldflags="-w -s -X $PACKAGE/cmd.version=$VERSION" *.go
+RUN apk --no-cache add make git gcc libc-dev curl ca-certificates && make build
 
 # -----------------------------------------------------------------------------
 # Image...
 FROM alpine:3.11.2
 COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
-COPY --from=build /go/bin/popeye /bin/popeye
+COPY --from=build /popeye/execs/popeye /bin/popeye
+
 ENTRYPOINT [ "/bin/popeye" ]
\ No newline at end of file
diff --git a/internal/issues/collector.go b/internal/issues/collector.go
index 15c92a55..fa8f3804 100644
--- a/internal/issues/collector.go
+++ b/internal/issues/collector.go
@@ -68,6 +68,7 @@ func (c *Collector) AddCode(ctx context.Context, code config.ID, args ...interfa
 		panic(fmt.Errorf("No code with ID %d", code))
 	}
 	if !c.ShouldExclude(run.SectionGVR.String(), run.FQN, code) {
+		fmt.Println("ADD Issue", run.FQN, code)
 		c.addIssue(run.FQN, New(run.SectionGVR, Root, co.Severity, co.Format(code, args...)))
 	}
 }
diff --git a/internal/sanitize/dp.go b/internal/sanitize/dp.go
index abade90f..c4e7efa7 100644
--- a/internal/sanitize/dp.go
+++ b/internal/sanitize/dp.go
@@ -60,7 +60,7 @@ func (d *Deployment) Sanitize(ctx context.Context) error {
 		podsMetrics(d, pmx)
 		d.checkUtilization(ctx, over, dp, pmx)
 
-		if d.Config.ExcludeFQN(internal.MustExtractSectionGVR(ctx), fqn) {
+		if d.NoConcerns(fqn) && d.Config.ExcludeFQN(internal.MustExtractSectionGVR(ctx), fqn) {
 			d.ClearOutcome(fqn)
 		}
 	}
diff --git a/internal/sanitize/ds.go b/internal/sanitize/ds.go
index 4b9af106..0351f523 100644
--- a/internal/sanitize/ds.go
+++ b/internal/sanitize/ds.go
@@ -56,7 +56,7 @@ func (d *DaemonSet) Sanitize(ctx context.Context) error {
 		podsMetrics(d, pmx)
 		d.checkUtilization(ctx, over, ds, pmx)
 
-		if d.Config.ExcludeFQN(internal.MustExtractSectionGVR(ctx), fqn) {
+		if d.NoConcerns(fqn) && d.Config.ExcludeFQN(internal.MustExtractSectionGVR(ctx), fqn) {
 			d.ClearOutcome(fqn)
 		}
 	}
diff --git a/internal/sanitize/hpa.go b/internal/sanitize/hpa.go
index 822c75f4..4f92191f 100644
--- a/internal/sanitize/hpa.go
+++ b/internal/sanitize/hpa.go
@@ -85,7 +85,7 @@ func (h *HorizontalPodAutoscaler) Sanitize(ctx context.Context) error {
 		tcpu.Add(*list.Cpu())
 		tmem.Add(*list.Memory())
 
-		if h.Config.ExcludeFQN(internal.MustExtractSectionGVR(ctx), fqn) {
+		if h.NoConcerns(fqn) && h.Config.ExcludeFQN(internal.MustExtractSectionGVR(ctx), fqn) {
 			h.ClearOutcome(fqn)
 		}
 	}
diff --git a/internal/sanitize/ing.go b/internal/sanitize/ing.go
index 3a8ab874..a7afb988 100644
--- a/internal/sanitize/ing.go
+++ b/internal/sanitize/ing.go
@@ -43,7 +43,7 @@ func (i *Ingress) Sanitize(ctx context.Context) error {
 
 		i.checkDeprecation(ctx, ing)
 
-		if i.Config.ExcludeFQN(internal.MustExtractSectionGVR(ctx), fqn) {
+		if i.NoConcerns(fqn) && i.Config.ExcludeFQN(internal.MustExtractSectionGVR(ctx), fqn) {
 			i.ClearOutcome(fqn)
 		}
 	}
diff --git a/internal/sanitize/node.go b/internal/sanitize/node.go
index 9c50f5d0..3a8063a4 100644
--- a/internal/sanitize/node.go
+++ b/internal/sanitize/node.go
@@ -61,7 +61,7 @@ func (n *Node) Sanitize(ctx context.Context) error {
 			n.checkUtilization(ctx, nmx[fqn])
 		}
 
-		if n.Config.ExcludeFQN(internal.MustExtractSectionGVR(ctx), fqn) {
+		if n.NoConcerns(fqn) && n.Config.ExcludeFQN(internal.MustExtractSectionGVR(ctx), fqn) {
 			n.ClearOutcome(fqn)
 		}
 	}
diff --git a/internal/sanitize/np.go b/internal/sanitize/np.go
index 8b4b73a8..275bbcd7 100644
--- a/internal/sanitize/np.go
+++ b/internal/sanitize/np.go
@@ -48,7 +48,7 @@ func (n *NetworkPolicy) Sanitize(ctx context.Context) error {
 		n.checkDeprecation(ctx, np)
 		n.checkRefs(ctx, np)
 
-		if n.Config.ExcludeFQN(internal.MustExtractSectionGVR(ctx), fqn) {
+		if n.NoConcerns(fqn) && n.Config.ExcludeFQN(internal.MustExtractSectionGVR(ctx), fqn) {
 			n.ClearOutcome(fqn)
 		}
 	}
diff --git a/internal/sanitize/pdb.go b/internal/sanitize/pdb.go
index 6596e05e..7ef97f02 100644
--- a/internal/sanitize/pdb.go
+++ b/internal/sanitize/pdb.go
@@ -40,7 +40,7 @@ func (p *PodDisruptionBudget) Sanitize(ctx context.Context) error {
 
 		p.checkInUse(ctx, pdb)
 
-		if p.Config.ExcludeFQN(internal.MustExtractSectionGVR(ctx), fqn) {
+		if p.NoConcerns(fqn) && p.Config.ExcludeFQN(internal.MustExtractSectionGVR(ctx), fqn) {
 			p.ClearOutcome(fqn)
 		}
 	}
diff --git a/internal/sanitize/pod.go b/internal/sanitize/pod.go
index 4b9c15ec..e3c0954e 100644
--- a/internal/sanitize/pod.go
+++ b/internal/sanitize/pod.go
@@ -83,7 +83,7 @@ func (p *Pod) Sanitize(ctx context.Context) error {
 		containerMetrics(pmx, cmx)
 		p.checkUtilization(ctx, po, cmx)
 
-		if p.Config.ExcludeFQN(internal.MustExtractSectionGVR(ctx), fqn) {
+		if p.NoConcerns(fqn) && p.Config.ExcludeFQN(internal.MustExtractSectionGVR(ctx), fqn) {
 			p.ClearOutcome(fqn)
 		}
 	}
diff --git a/internal/sanitize/psp.go b/internal/sanitize/psp.go
index 0380aef0..954135e1 100644
--- a/internal/sanitize/psp.go
+++ b/internal/sanitize/psp.go
@@ -38,7 +38,7 @@ func (p *PodSecurityPolicy) Sanitize(ctx context.Context) error {
 
 		p.checkDeprecation(ctx, psp)
 
-		if p.Config.ExcludeFQN(internal.MustExtractSectionGVR(ctx), fqn) {
+		if p.NoConcerns(fqn) && p.Config.ExcludeFQN(internal.MustExtractSectionGVR(ctx), fqn) {
 			p.ClearOutcome(fqn)
 		}
 	}
diff --git a/internal/sanitize/pv.go b/internal/sanitize/pv.go
index 172a3304..abc28e3f 100644
--- a/internal/sanitize/pv.go
+++ b/internal/sanitize/pv.go
@@ -37,7 +37,7 @@ func (p *PersistentVolume) Sanitize(ctx context.Context) error {
 
 		p.checkBound(ctx, pv.Status.Phase)
 
-		if p.Config.ExcludeFQN(internal.MustExtractSectionGVR(ctx), fqn) {
+		if p.NoConcerns(fqn) && p.Config.ExcludeFQN(internal.MustExtractSectionGVR(ctx), fqn) {
 			p.ClearOutcome(fqn)
 		}
 	}
diff --git a/internal/sanitize/pvc.go b/internal/sanitize/pvc.go
index 1591fb04..f3fb13aa 100644
--- a/internal/sanitize/pvc.go
+++ b/internal/sanitize/pvc.go
@@ -48,7 +48,7 @@ func (p *PersistentVolumeClaim) Sanitize(ctx context.Context) error {
 		p.InitOutcome(fqn)
 		ctx = internal.WithFQN(ctx, fqn)
 		defer func(fqn string, ctx context.Context) {
-			if p.Config.ExcludeFQN(internal.MustExtractSectionGVR(ctx), fqn) {
+			if p.NoConcerns(fqn) && p.Config.ExcludeFQN(internal.MustExtractSectionGVR(ctx), fqn) {
 				p.ClearOutcome(fqn)
 			}
 		}(fqn, ctx)
diff --git a/internal/sanitize/rb.go b/internal/sanitize/rb.go
index adf85458..f76b4a47 100644
--- a/internal/sanitize/rb.go
+++ b/internal/sanitize/rb.go
@@ -49,7 +49,7 @@ func (r *RoleBinding) Sanitize(ctx context.Context) error {
 			}
 		}
 
-		if r.Config.ExcludeFQN(internal.MustExtractSectionGVR(ctx), fqn) {
+		if r.NoConcerns(fqn) && r.Config.ExcludeFQN(internal.MustExtractSectionGVR(ctx), fqn) {
 			r.ClearOutcome(fqn)
 		}
 	}
diff --git a/internal/sanitize/ro.go b/internal/sanitize/ro.go
index 4e7fef4c..d1ffb381 100644
--- a/internal/sanitize/ro.go
+++ b/internal/sanitize/ro.go
@@ -52,7 +52,7 @@ func (r *Role) checkInUse(ctx context.Context, refs *sync.Map) {
 			r.AddCode(ctx, 400)
 		}
 
-		if r.Config.ExcludeFQN(internal.MustExtractSectionGVR(ctx), fqn) {
+		if r.NoConcerns(fqn) && r.Config.ExcludeFQN(internal.MustExtractSectionGVR(ctx), fqn) {
 			r.ClearOutcome(fqn)
 		}
 	}
diff --git a/internal/sanitize/rs.go b/internal/sanitize/rs.go
index e3342631..2d166c0d 100644
--- a/internal/sanitize/rs.go
+++ b/internal/sanitize/rs.go
@@ -44,7 +44,7 @@ func (r *ReplicaSet) Sanitize(ctx context.Context) error {
 		r.checkHealth(ctx, rs)
 		r.checkDeprecation(ctx, rs)
 
-		if r.Config.ExcludeFQN(internal.MustExtractSectionGVR(ctx), fqn) {
+		if r.NoConcerns(fqn) && r.Config.ExcludeFQN(internal.MustExtractSectionGVR(ctx), fqn) {
 			r.ClearOutcome(fqn)
 		}
 	}
diff --git a/internal/sanitize/sa.go b/internal/sanitize/sa.go
index 44726cc2..3ac6dbb6 100644
--- a/internal/sanitize/sa.go
+++ b/internal/sanitize/sa.go
@@ -89,7 +89,7 @@ func (s *ServiceAccount) Sanitize(ctx context.Context) error {
 			s.AddCode(ctx, 400)
 		}
 
-		if s.Config.ExcludeFQN(internal.MustExtractSectionGVR(ctx), fqn) {
+		if s.NoConcerns(fqn) && s.Config.ExcludeFQN(internal.MustExtractSectionGVR(ctx), fqn) {
 			s.ClearOutcome(fqn)
 		}
 	}
diff --git a/internal/sanitize/sts.go b/internal/sanitize/sts.go
index 983e8478..e470dddf 100644
--- a/internal/sanitize/sts.go
+++ b/internal/sanitize/sts.go
@@ -62,7 +62,7 @@ func (s *StatefulSet) Sanitize(ctx context.Context) error {
 		s.checkContainers(ctx, st)
 		s.checkUtilization(ctx, over, st, pmx)
 
-		if s.Config.ExcludeFQN(internal.MustExtractSectionGVR(ctx), fqn) {
+		if s.NoConcerns(fqn) && s.Config.ExcludeFQN(internal.MustExtractSectionGVR(ctx), fqn) {
 			s.ClearOutcome(fqn)
 		}
 	}
diff --git a/internal/sanitize/svc.go b/internal/sanitize/svc.go
index e01c1ff8..74b349e5 100644
--- a/internal/sanitize/svc.go
+++ b/internal/sanitize/svc.go
@@ -54,7 +54,7 @@ func (s *Service) Sanitize(ctx context.Context) error {
 		s.checkEndpoints(ctx, svc.Spec.Selector, svc.Spec.Type)
 		s.checkType(ctx, svc.Spec.Type)
 
-		if s.Config.ExcludeFQN(internal.MustExtractSectionGVR(ctx), fqn) {
+		if s.NoConcerns(fqn) && s.Config.ExcludeFQN(internal.MustExtractSectionGVR(ctx), fqn) {
 			s.ClearOutcome(fqn)
 		}
 	}
diff --git a/pkg/config/excludes.go b/pkg/config/excludes.go
index b70bc0c4..0a376266 100644
--- a/pkg/config/excludes.go
+++ b/pkg/config/excludes.go
@@ -1,6 +1,7 @@
 package config
 
 import (
+	"fmt"
 	"regexp"
 	"strings"
 
@@ -64,8 +65,10 @@ func (e Excludes) ShouldExclude(section, fqn string, code ID) bool {
 
 // Match checks if a given named should be excluded.
 func (e Exclusions) Match(resource string, code ID) bool {
+	fmt.Printf("Match %q -- %v\n", resource, code)
 	for _, exclude := range e {
 		if exclude.Match(resource) && hasCode(exclude.Codes, code) {
+			fmt.Println("  MATCHED!!")
 			return true
 		}
 	}