-
Notifications
You must be signed in to change notification settings - Fork 204
/
.trivyignore.yaml
51 lines (48 loc) · 2.31 KB
/
.trivyignore.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
misconfigurations:
- id: AVD-KSV-0121
statement: Some plugins require access to various host paths
paths:
- dlb_plugin/base/intel-dlb-plugin.yaml
- fpga_plugin/base/intel-fpga-plugin-daemonset.yaml
- qat_plugin/base/intel-qat-kernel-plugin.yaml
- qat_plugin/overlays/qat_initcontainer/qat_initcontainer.yaml
- id: AVD-KSV-0017
statement: initcontainers require privileged access
paths:
- dlb_plugin/overlays/dlb_initcontainer/dlb_initcontainer.yaml
- dsa_plugin/overlays/dsa_initcontainer/dsa_initcontainer.yaml
- iaa_plugin/overlays/iaa_initcontainer/iaa_initcontainer.yaml
- qat_plugin/base/intel-qat-kernel-plugin.yaml
- qat_plugin/overlays/qat_initcontainer/qat_initcontainer.yaml
- id: AVD-KSV-0047
statement: gpu plugin in kubelet mode requires "nodes/proxy" resource access
paths:
- gpu_plugin/overlays/fractional_resources/gpu-manager-role.yaml
- operator/rbac/gpu_manager_role.yaml
- operator/rbac/role.yaml
- id: AVD-KSV-0014
statement: These are false detections for not setting "readOnlyFilesystem"
paths:
- fpga_plugin/overlays/region/mode-region.yaml
- gpu_plugin/overlays/fractional_resources/add-mounts.yaml
- gpu_plugin/overlays/fractional_resources/add-args.yaml
- gpu_plugin/overlays/fractional_resources/gpu-manager-role.yaml
- gpu_plugin/overlays/monitoring_shared-dev_nfd/add-args.yaml
- gpu_plugin/overlays/nfd_labeled_nodes/add-args.yaml
- iaa_plugin/overlays/iaa_initcontainer/iaa_initcontainer.yaml
- fpga_admissionwebhook/base/manager_webhook_patch.yaml
- operator/device/dlb/dlb.yaml
- operator/device/dsa/dsa.yaml
- operator/device/fpga/fpga.yaml
- operator/device/gpu/gpu.yaml
- operator/device/qat/qat.yaml
- operator/device/sgx/sgx.yaml
- gpu_tensorflow_test/deployment.yaml
- sgx_enclave_apps/overlays/sgx_ecdsa_inproc_quote/add_sgx_default_qcnl_conf.yaml
- xpumanager_sidecar/kustom/kustom_xpumanager.yaml
- operator/default/manager_auth_proxy_patch.yaml
- operator/default/manager_webhook_patch.yaml
- qat_plugin/overlays/debug/add-args.yaml
- qat_plugin/overlays/e2e/add-args.yaml
- qat_plugin/overlays/debug/add-args.yaml
- sgx_admissionwebhook/base/manager_webhook_patch.yaml