From a52e923e1f76d88ff154d6b8fdd931ca2a93a6e4 Mon Sep 17 00:00:00 2001 From: David Wertenteil Date: Wed, 22 Feb 2023 18:53:00 +0200 Subject: [PATCH 1/2] fixed prioritizing "skipped" over "passed" Signed-off-by: David Wertenteil --- reporthandling/apis/statuses.go | 2 +- reporthandling/helpers/v1/listing.go | 13 +- .../reportsummary/frameworksummarymethods.go | 1 - .../v1/reportsummary/summarydetails.go | 8 +- .../v1/reportsummary/summarydetails_test.go | 205 + .../testdata/allResourcesResults.json | 10032 ++++++++++++++++ .../testdata/initSummaryDetails.json | 1012 ++ .../testdata/resourcesResult.json | 110 + .../testdata/summaryDetails.json | 1068 ++ 9 files changed, 12439 insertions(+), 12 deletions(-) create mode 100644 reporthandling/results/v1/reportsummary/testdata/allResourcesResults.json create mode 100644 reporthandling/results/v1/reportsummary/testdata/initSummaryDetails.json create mode 100644 reporthandling/results/v1/reportsummary/testdata/resourcesResult.json create mode 100644 reporthandling/results/v1/reportsummary/testdata/summaryDetails.json diff --git a/reporthandling/apis/statuses.go b/reporthandling/apis/statuses.go index 0941200b..5baa26ef 100644 --- a/reporthandling/apis/statuses.go +++ b/reporthandling/apis/statuses.go @@ -22,7 +22,7 @@ const ( StatusError ScanningStatus = "error" // Deprecated ) const ( - SubStatusConfigurationInfo StatusMsg = "Control missing configuration" + SubStatusConfigurationInfo StatusMsg = "Control configurations are empty" SubStatusRequiresReviewInfo StatusMsg = "Control type is requires-review" SubStatusManualReviewInfo StatusMsg = "Control type is manual-review" ) diff --git a/reporthandling/helpers/v1/listing.go b/reporthandling/helpers/v1/listing.go index 576870ba..6d6cd3a1 100644 --- a/reporthandling/helpers/v1/listing.go +++ b/reporthandling/helpers/v1/listing.go @@ -120,18 +120,19 @@ func (all *AllLists) ToUniqueResources() { all.failed = slices.UniqueStrings(all.failed) const heuristicCapacity = 100 // alloc 100 slots to the stack. The rest would go to the heap - see https://github.com/golang/go/issues/58215 + trimmed := append(make([]string, 0, heuristicCapacity), make([]string, 0, max(len(all.failed)+len(all.excluded)+len(all.passed)+len(all.skipped), heuristicCapacity)-heuristicCapacity)...) - // remove failed and excluded from passed list + // remove failed from excluded list trimmed = append(trimmed, all.failed...) - all.passed = slices.TrimStableUnique(all.passed, trimmed) - - // remove failed, excluded and passed from skipped list - trimmed = append(trimmed, all.passed...) all.skipped = slices.TrimStableUnique(all.skipped, trimmed) - // remove failed, excluded, passed and skipped from other list + // remove failed and skipped from passed list trimmed = append(trimmed, all.skipped...) + all.passed = slices.TrimStableUnique(all.passed, trimmed) + + // remove failed, skipped and skipped from "other" list + trimmed = append(trimmed, all.passed...) all.other = slices.TrimStableUnique(all.other, trimmed) } diff --git a/reporthandling/results/v1/reportsummary/frameworksummarymethods.go b/reporthandling/results/v1/reportsummary/frameworksummarymethods.go index c23c88cd..c0fe5c8b 100644 --- a/reporthandling/results/v1/reportsummary/frameworksummarymethods.go +++ b/reporthandling/results/v1/reportsummary/frameworksummarymethods.go @@ -51,7 +51,6 @@ func (frameworkSummary *FrameworkSummary) initResourcesSummary(controlInfoMap ma for k, control := range frameworkSummary.Controls { if statusInfo, ok := controlInfoMap[control.ControlID]; ok && statusInfo.InnerStatus != apis.StatusUnknown { control.SetStatus(&statusInfo) - control.SetSubStatus(apis.SubStatusIntegration) } else if control.GetStatus().Status() == apis.StatusUnknown { control.CalculateStatus() } diff --git a/reporthandling/results/v1/reportsummary/summarydetails.go b/reporthandling/results/v1/reportsummary/summarydetails.go index 8bfeb274..18ccbc4b 100644 --- a/reporthandling/results/v1/reportsummary/summarydetails.go +++ b/reporthandling/results/v1/reportsummary/summarydetails.go @@ -47,7 +47,6 @@ func (summaryDetails *SummaryDetails) InitResourcesSummary(controlInfoMap map[st for k, control := range summaryDetails.Controls { if statusInfo, ok := controlInfoMap[control.ControlID]; ok && statusInfo.InnerStatus != apis.StatusUnknown { control.SetStatus(&statusInfo) - control.SetSubStatus(apis.SubStatusIntegration) } else if control.GetStatus().Status() == apis.StatusUnknown { control.CalculateStatus() } @@ -161,9 +160,10 @@ func (summaryDetails *SummaryDetails) AppendResourceResult(resourceResult *resou } // update frameworks counters - for _, framework := range summaryDetails.Frameworks { - updateControlsSummaryCounters(resourceResult, framework.Controls, &helpersv1.Filters{FrameworkNames: []string{framework.Name}}) - framework.CalculateStatus() + for i := range summaryDetails.Frameworks { + updateControlsSummaryCounters(resourceResult, summaryDetails.Frameworks[i].Controls, &helpersv1.Filters{FrameworkNames: []string{summaryDetails.Frameworks[i].GetName()}}) + summaryDetails.Frameworks[i].StatusCounters.Set(summaryDetails.Frameworks[i].ListResourcesIDs()) + summaryDetails.Frameworks[i].CalculateStatus() } } diff --git a/reporthandling/results/v1/reportsummary/summarydetails_test.go b/reporthandling/results/v1/reportsummary/summarydetails_test.go index b0074077..033e32aa 100644 --- a/reporthandling/results/v1/reportsummary/summarydetails_test.go +++ b/reporthandling/results/v1/reportsummary/summarydetails_test.go @@ -1,6 +1,9 @@ package reportsummary import ( + _ "embed" + "encoding/json" + "fmt" "testing" "github.com/kubescape/opa-utils/reporthandling/apis" @@ -326,3 +329,205 @@ func TestSummaryDetails_GetControlsSeverityCounters(t *testing.T) { }) } } + +//go:embed testdata/summaryDetails.json +var summaryDetailsBytes []byte + +//go:embed testdata/allResourcesResults.json +var allResourcesResultsBytes []byte + +func setUpSummaryDetails() (*SummaryDetails, error) { + summaryDetails := &SummaryDetails{} + if err := json.Unmarshal(summaryDetailsBytes, summaryDetails); err != nil { + return nil, fmt.Errorf("failed to unmarshal summaryDetailsBytes: %v", err) + } + + allResourcesResults := map[string]resourcesresults.Result{} + if err := json.Unmarshal(allResourcesResultsBytes, &allResourcesResults); err != nil { + return nil, fmt.Errorf("failed to unmarshal allResourcesResults: %v", err) + } + + for i := range allResourcesResults { + t := allResourcesResults[i] + summaryDetails.AppendResourceResult(&t) + } + + summaryDetails.InitResourcesSummary(nil) + + return summaryDetails, nil +} +func TestSummaryDetails_Counters(t *testing.T) { + + summaryDetails, err := setUpSummaryDetails() + if err != nil { + t.Fatalf("failed to unmarshal allResourcesResults: %v", err) + } + + // testing counters + assert.Equal(t, 93, summaryDetails.StatusCounters.All()) + assert.Equal(t, 4, summaryDetails.StatusCounters.Passed()) + assert.Equal(t, 9, summaryDetails.StatusCounters.Failed()) + assert.Equal(t, 80, summaryDetails.StatusCounters.Skipped()) + + assert.Equal(t, 93, summaryDetails.NumberOfResources().All()) + assert.Equal(t, 4, summaryDetails.NumberOfResources().Passed()) + assert.Equal(t, 9, summaryDetails.NumberOfResources().Failed()) + assert.Equal(t, 80, summaryDetails.NumberOfResources().Skipped()) + + assert.Equal(t, 0, summaryDetails.GetControlsSeverityCounters().NumberOfCriticalSeverity()) + assert.Equal(t, 3, summaryDetails.GetControlsSeverityCounters().NumberOfHighSeverity()) + assert.Equal(t, 1, summaryDetails.GetControlsSeverityCounters().NumberOfMediumSeverity()) + assert.Equal(t, 0, summaryDetails.GetControlsSeverityCounters().NumberOfLowSeverity()) + + assert.Equal(t, 0, summaryDetails.GetResourcesSeverityCounters().NumberOfCriticalSeverity()) + assert.Equal(t, 20, summaryDetails.GetResourcesSeverityCounters().NumberOfHighSeverity()) + assert.Equal(t, 8, summaryDetails.GetResourcesSeverityCounters().NumberOfMediumSeverity()) + assert.Equal(t, 0, summaryDetails.GetResourcesSeverityCounters().NumberOfLowSeverity()) + + assert.Equal(t, 27, summaryDetails.NumberOfControls().All()) + assert.Equal(t, 22, summaryDetails.NumberOfControls().Passed()) + assert.Equal(t, 4, summaryDetails.NumberOfControls().Failed()) + assert.Equal(t, 1, summaryDetails.NumberOfControls().Skipped()) +} + +func TestSummaryDetails_UniqueControls(t *testing.T) { + + summaryDetails, err := setUpSummaryDetails() + if err != nil { + t.Fatalf("failed to unmarshal allResourcesResults: %v", err) + } + m := map[string]interface{}{} + for _, c := range summaryDetails.ListControls() { + m[c.GetID()] = nil + } + + assert.Equal(t, len(summaryDetails.ListControls()), len(m)) + +} + +func TestSummaryDetails_UniqueFrameworks(t *testing.T) { + + summaryDetails, err := setUpSummaryDetails() + if err != nil { + t.Fatalf("failed to unmarshal allResourcesResults: %v", err) + } + m := map[string]interface{}{} + for _, c := range summaryDetails.ListFrameworks() { + m[c.GetName()] = nil + } + + assert.Equal(t, len(summaryDetails.ListFrameworks()), len(m)) + +} + +func TestSummaryDetails_UniqueResources(t *testing.T) { + + summaryDetails, err := setUpSummaryDetails() + if err != nil { + t.Fatalf("failed to unmarshal allResourcesResults: %v", err) + } + + m := map[string]interface{}{} + r := summaryDetails.ListResourcesIDs().All() + for r.HasNext() { + m[r.Next()] = nil + } + + assert.Equal(t, summaryDetails.ListResourcesIDs().All().Len(), len(m)) + +} + +//go:embed testdata/initSummaryDetails.json +var initSummaryDetailsBytes []byte + +//go:embed testdata/resourcesResult.json +var resourcesResultBytes []byte + +func TestSummaryDetails_AppendResourceResult(t *testing.T) { + + summaryDetails := &SummaryDetails{} + if err := json.Unmarshal(initSummaryDetailsBytes, summaryDetails); err != nil { + t.Fatalf("failed to unmarshal initSummaryDetailsBytes: %v", err) + } + + resourcesResult := &resourcesresults.Result{} + if err := json.Unmarshal(resourcesResultBytes, resourcesResult); err != nil { + t.Fatalf("failed to unmarshal resourcesResultBytes: %v", err) + } + summaryDetails.AppendResourceResult(resourcesResult) + + // Test framework status + fw := summaryDetails.Frameworks[0] + + assert.Equal(t, 1, fw.StatusCounters.All()) + assert.Equal(t, 0, fw.StatusCounters.Passed()) + assert.Equal(t, 0, fw.StatusCounters.Failed()) + assert.Equal(t, 1, fw.StatusCounters.Skipped()) + + assert.Truef(t, fw.GetStatus().IsSkipped(), "framework status is \"%s\"", fw.GetStatus().Status()) +} + +func TestUpdateControlsSummaryCounters(t *testing.T) { + + tests := []struct { + want apis.IStatus + controlID string + name string + }{ + { + name: "Skipped control", + controlID: "C-0012", + want: &apis.StatusInfo{ + InnerStatus: apis.StatusSkipped, + SubStatus: apis.SubStatusConfiguration, + InnerInfo: "Control configurations are empty", + }, + }, + { + name: "Passed control", + controlID: "C-0057", + want: &apis.StatusInfo{ + InnerStatus: apis.StatusPassed, + SubStatus: "", + InnerInfo: "", + }, + }, + } + + summaryDetails := &SummaryDetails{} + if err := json.Unmarshal(initSummaryDetailsBytes, summaryDetails); err != nil { + t.Fatalf("failed to unmarshal initSummaryDetailsBytes: %v", err) + } + + resourcesResult := &resourcesresults.Result{} + if err := json.Unmarshal(resourcesResultBytes, resourcesResult); err != nil { + t.Fatalf("failed to unmarshal resourcesResultBytes: %v", err) + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + summaryDetails := &SummaryDetails{} + if err := json.Unmarshal(initSummaryDetailsBytes, summaryDetails); err != nil { + t.Fatalf("failed to unmarshal initSummaryDetailsBytes: %v", err) + } + + resourcesResult := &resourcesresults.Result{} + if err := json.Unmarshal(resourcesResultBytes, resourcesResult); err != nil { + t.Fatalf("failed to unmarshal resourcesResultBytes: %v", err) + } + + updateControlsSummaryCounters(resourcesResult, summaryDetails.Controls, nil) + + if summaryDetails.Controls.GetControl(EControlCriteriaID, tt.controlID).GetStatus().Status() != tt.want.Status() { + t.Errorf("Status() = %v, want %v", summaryDetails.Controls.GetControl(EControlCriteriaID, tt.controlID).GetStatus().Status(), tt.want.Status()) + } + if summaryDetails.Controls.GetControl(EControlCriteriaID, tt.controlID).GetStatus().GetSubStatus() != tt.want.GetSubStatus() { + t.Errorf("GetSubStatus() = %v, want %v", summaryDetails.Controls.GetControl(EControlCriteriaID, tt.controlID).GetStatus().GetSubStatus(), tt.want.GetSubStatus()) + } + if summaryDetails.Controls.GetControl(EControlCriteriaID, tt.controlID).GetStatus().Info() != tt.want.Info() { + t.Errorf("Info() = %v, want %v", summaryDetails.Controls.GetControl(EControlCriteriaID, tt.controlID).GetStatus().Info(), tt.want.Info()) + } + }) + } + +} diff --git a/reporthandling/results/v1/reportsummary/testdata/allResourcesResults.json b/reporthandling/results/v1/reportsummary/testdata/allResourcesResults.json new file mode 100644 index 00000000..f0b51f9c --- /dev/null +++ b/reporthandling/results/v1/reportsummary/testdata/allResourcesResults.json @@ -0,0 +1,10032 @@ +{ + "/default/ServiceAccount/elasticsearch/path=4015877034/api=rbac.authorization.k8s.io/v1//Role/elasticsearch/path=4032654653/api=rbac.authorization.k8s.io/v1//RoleBinding/elasticsearch": { + "resourceID": "/default/ServiceAccount/elasticsearch/path=4015877034/api=rbac.authorization.k8s.io/v1//Role/elasticsearch/path=4032654653/api=rbac.authorization.k8s.io/v1//RoleBinding/elasticsearch", + "controls": [ + { + "controlID": "C-0007", + "name": "Data Destruction", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-excessive-delete-rights-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0015", + "name": "List Kubernetes secrets", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-can-list-get-secrets-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-subject-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0031", + "name": "Delete Kubernetes events", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-can-delete-k8s-events-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0002", + "name": "Exec into container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "exec-into-container-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0037", + "name": "CoreDNS poisoning", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-can-update-configmap-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0035", + "name": "Cluster-admin binding", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-list-all-cluster-admins-v1", + "status": "passed", + "subStatus": "" + } + ] + } + ] + }, + "path=104434024/api=apps/v1//Deployment/frontend": { + "resourceID": "path=104434024/api=apps/v1//Deployment/frontend", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=1173959838/api=/v1//Pod/exclusive-4": { + "resourceID": "path=1173959838/api=/v1//Pod/exclusive-4", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=1209918558/api=/v1//Namespace/development": { + "resourceID": "path=1209918558/api=/v1//Namespace/development", + "controls": [ + { + "controlID": "C-0054", + "name": "Cluster internal networking", + "status": { + "status": "failed" + }, + "rules": [ + { + "name": "internal-networking", + "status": "failed", + "subStatus": "" + } + ] + } + ] + }, + "path=1254930932/api=apps/v1//Deployment/redis-replica": { + "resourceID": "path=1254930932/api=apps/v1//Deployment/redis-replica", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=1296630063/api=apps/v1//StatefulSet/cockroachdb": { + "resourceID": "path=1296630063/api=apps/v1//StatefulSet/cockroachdb", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=1349397064/api=/v1/default/Pod/nginx": { + "resourceID": "path=1349397064/api=/v1/default/Pod/nginx", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=1424254096/api=/v1//Pod/nginx": { + "resourceID": "path=1424254096/api=/v1//Pod/nginx", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "failed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "failed", + "subStatus": "", + "paths": [ + { + "failedPath": "spec.containers[0].securityContext.privileged", + "fixPath": { + "path": "", + "value": "" + } + } + ] + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=143380799/api=/v1//Pod/pvpod": { + "resourceID": "path=143380799/api=/v1//Pod/pvpod", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=1517965060/api=apps/v1//StatefulSet/minio": { + "resourceID": "path=1517965060/api=apps/v1//StatefulSet/minio", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "", + "paths": [ + { + "failedPath": "spec.template.spec.containers[0].env[0].name", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "spec.template.spec.containers[0].env[1].name", + "fixPath": { + "path": "", + "value": "" + } + } + ] + } + ] + } + ] + }, + "path=1539953075/api=/v1//Pod/iscsipd": { + "resourceID": "path=1539953075/api=/v1//Pod/iscsipd", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=1593208595/api=/v1//Pod/explorer": { + "resourceID": "path=1593208595/api=/v1//Pod/explorer", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=1626279671/api=apps/v1//Deployment/deployment": { + "resourceID": "path=1626279671/api=apps/v1//Deployment/deployment", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=1673565193/api=/v1//Pod/pvpod": { + "resourceID": "path=1673565193/api=/v1//Pod/pvpod", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=1791634763/api=/v1//Pod/rethinkdb-admin": { + "resourceID": "path=1791634763/api=/v1//Pod/rethinkdb-admin", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=179652257/api=/v1//Pod/mysql-pod": { + "resourceID": "path=179652257/api=/v1//Pod/mysql-pod", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "", + "paths": [ + { + "failedPath": "spec.containers[0].env[1].name", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "spec.containers[0].env[3].name", + "fixPath": { + "path": "", + "value": "" + } + } + ] + } + ] + } + ] + }, + "path=1800358569/api=/v1//Pod/cephfs2": { + "resourceID": "path=1800358569/api=/v1//Pod/cephfs2", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=182378309/api=/v1//Pod/glusterfs": { + "resourceID": "path=182378309/api=/v1//Pod/glusterfs", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=1887581968/api=apps/v1//Deployment/redis-master": { + "resourceID": "path=1887581968/api=apps/v1//Deployment/redis-master", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=1944986788/api=/v1/default/Pod/nginx": { + "resourceID": "path=1944986788/api=/v1/default/Pod/nginx", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=1981345546/api=/v1//Pod/shared": { + "resourceID": "path=1981345546/api=/v1//Pod/shared", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=1989236486/api=apps/v1//Deployment/redis-replica": { + "resourceID": "path=1989236486/api=apps/v1//Deployment/redis-replica", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=2000649386/api=/v1//Pod/be": { + "resourceID": "path=2000649386/api=/v1//Pod/be", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=2010067049/api=/v1//Pod/pvpod": { + "resourceID": "path=2010067049/api=/v1//Pod/pvpod", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=2039255473/api=apps/v1//Deployment/nfs-server": { + "resourceID": "path=2039255473/api=apps/v1//Deployment/nfs-server", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "failed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "failed", + "subStatus": "", + "paths": [ + { + "failedPath": "spec.template.spec.containers[0].securityContext.privileged", + "fixPath": { + "path": "", + "value": "" + } + } + ] + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=2177079373/api=apps/v1//Deployment/selenium-hub": { + "resourceID": "path=2177079373/api=apps/v1//Deployment/selenium-hub", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=2214858207/api=/v1//Namespace/openshift-origin": { + "resourceID": "path=2214858207/api=/v1//Namespace/openshift-origin", + "controls": [ + { + "controlID": "C-0054", + "name": "Cluster internal networking", + "status": { + "status": "failed" + }, + "rules": [ + { + "name": "internal-networking", + "status": "failed", + "subStatus": "" + } + ] + } + ] + }, + "path=2253666230/api=/v1//Pod/flocker-web": { + "resourceID": "path=2253666230/api=/v1//Pod/flocker-web", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=2319808771/api=apps/v1//Deployment/minio-deployment": { + "resourceID": "path=2319808771/api=apps/v1//Deployment/minio-deployment", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "", + "paths": [ + { + "failedPath": "spec.template.spec.containers[0].env[0].name", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "spec.template.spec.containers[0].env[1].name", + "fixPath": { + "path": "", + "value": "" + } + } + ] + } + ] + } + ] + }, + "path=2391210925/api=/v1//Pod/dns-frontend": { + "resourceID": "path=2391210925/api=/v1//Pod/dns-frontend", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=2416237752/api=/v1//Pod/fibre-channel-example-pod": { + "resourceID": "path=2416237752/api=/v1//Pod/fibre-channel-example-pod", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=2425485436/api=/v1//Pod/javaweb": { + "resourceID": "path=2425485436/api=/v1//Pod/javaweb", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=2526663364/api=/v1//Pod/mysql": { + "resourceID": "path=2526663364/api=/v1//Pod/mysql", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "", + "paths": [ + { + "failedPath": "spec.containers[0].env[0].name", + "fixPath": { + "path": "", + "value": "" + } + } + ] + } + ] + } + ] + }, + "path=2535761913/api=/v1//Pod/pod-uses-shared-ssd-5g": { + "resourceID": "path=2535761913/api=/v1//Pod/pod-uses-shared-ssd-5g", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=2535815796/api=/v1//Pod/exclusive-2": { + "resourceID": "path=2535815796/api=/v1//Pod/exclusive-2", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=2563543035/api=apps/v1//Deployment/selenium-node-chrome": { + "resourceID": "path=2563543035/api=apps/v1//Deployment/selenium-node-chrome", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=2645261036/api=/v1//Pod/azure": { + "resourceID": "path=2645261036/api=/v1//Pod/azure", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=2656168177/api=/v1//Pod/javaweb-2": { + "resourceID": "path=2656168177/api=/v1//Pod/javaweb-2", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=2665744129/api=/v1//Pod/azure-2": { + "resourceID": "path=2665744129/api=/v1//Pod/azure-2", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=2758769717/api=/v1//Pod/pod-uses-dedicated-hdd-5g": { + "resourceID": "path=2758769717/api=/v1//Pod/pod-uses-dedicated-hdd-5g", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=2868267070/api=/v1//Pod/vttablet-{{uid}}": { + "resourceID": "path=2868267070/api=/v1//Pod/vttablet-{{uid}}", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "failed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "failed", + "subStatus": "", + "paths": [ + { + "failedPath": "spec.volumes[2].hostPath.path", + "fixPath": { + "path": "", + "value": "" + } + } + ] + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "failed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "failed", + "subStatus": "", + "paths": [ + { + "fixPath": { + "path": "spec.containers[0].volumeMounts[0].readOnly", + "value": "true" + } + }, + { + "fixPath": { + "path": "spec.containers[1].volumeMounts[0].readOnly", + "value": "true" + } + } + ] + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=2918083568/api=/v1//Pod/redis-master": { + "resourceID": "path=2918083568/api=/v1//Pod/redis-master", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=2944275652/api=apps/v1//Deployment/frontend": { + "resourceID": "path=2944275652/api=apps/v1//Deployment/frontend", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=2983127189/api=/v1//Pod/exclusive-3": { + "resourceID": "path=2983127189/api=/v1//Pod/exclusive-3", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=3046621177/api=/v1//Pod/test-storageos-redis": { + "resourceID": "path=3046621177/api=/v1//Pod/test-storageos-redis", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=3057936796/api=apps/v1//StatefulSet/cassandra": { + "resourceID": "path=3057936796/api=apps/v1//StatefulSet/cassandra", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=3087277173/api=/v1/default/Pod/nginx-dummy-attachable": { + "resourceID": "path=3087277173/api=/v1/default/Pod/nginx-dummy-attachable", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=3125034585/api=/v1//Pod/zookeeper": { + "resourceID": "path=3125034585/api=/v1//Pod/zookeeper", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=3185032151/api=/v1//Pod/quobyte": { + "resourceID": "path=3185032151/api=/v1//Pod/quobyte", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=320967079/api=apps/v1//Deployment/wordpress": { + "resourceID": "path=320967079/api=apps/v1//Deployment/wordpress", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=3220865869/api=apps/v1//Deployment/storm-worker-controller": { + "resourceID": "path=3220865869/api=apps/v1//Deployment/storm-worker-controller", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=3234154612/api=rbac.authorization.k8s.io/v1//ClusterRole/restricted-psp-user/path=919516146/api=rbac.authorization.k8s.io/v1//ClusterRoleBinding/restricted-psp-users/rbac.authorization.k8s.io//Group/privileged-psp-users": { + "resourceID": "path=3234154612/api=rbac.authorization.k8s.io/v1//ClusterRole/restricted-psp-user/path=919516146/api=rbac.authorization.k8s.io/v1//ClusterRoleBinding/restricted-psp-users/rbac.authorization.k8s.io//Group/privileged-psp-users", + "controls": [ + { + "controlID": "C-0007", + "name": "Data Destruction", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-excessive-delete-rights-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0015", + "name": "List Kubernetes secrets", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-can-list-get-secrets-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-subject-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0031", + "name": "Delete Kubernetes events", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-can-delete-k8s-events-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0002", + "name": "Exec into container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "exec-into-container-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0037", + "name": "CoreDNS poisoning", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-can-update-configmap-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0035", + "name": "Cluster-admin binding", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-list-all-cluster-admins-v1", + "status": "passed", + "subStatus": "" + } + ] + } + ] + }, + "path=3234154612/api=rbac.authorization.k8s.io/v1//ClusterRole/restricted-psp-user/path=919516146/api=rbac.authorization.k8s.io/v1//ClusterRoleBinding/restricted-psp-users/rbac.authorization.k8s.io//Group/restricted-psp-users": { + "resourceID": "path=3234154612/api=rbac.authorization.k8s.io/v1//ClusterRole/restricted-psp-user/path=919516146/api=rbac.authorization.k8s.io/v1//ClusterRoleBinding/restricted-psp-users/rbac.authorization.k8s.io//Group/restricted-psp-users", + "controls": [ + { + "controlID": "C-0007", + "name": "Data Destruction", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-excessive-delete-rights-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0015", + "name": "List Kubernetes secrets", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-can-list-get-secrets-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-subject-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0031", + "name": "Delete Kubernetes events", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-can-delete-k8s-events-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0002", + "name": "Exec into container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "exec-into-container-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0037", + "name": "CoreDNS poisoning", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-can-update-configmap-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0035", + "name": "Cluster-admin binding", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-list-all-cluster-admins-v1", + "status": "passed", + "subStatus": "" + } + ] + } + ] + }, + "path=3250932231/api=rbac.authorization.k8s.io/v1//ClusterRole/privileged-psp-user/path=936293765/api=rbac.authorization.k8s.io/v1//ClusterRoleBinding/privileged-psp-users/rbac.authorization.k8s.io//Group/privileged-psp-users": { + "resourceID": "path=3250932231/api=rbac.authorization.k8s.io/v1//ClusterRole/privileged-psp-user/path=936293765/api=rbac.authorization.k8s.io/v1//ClusterRoleBinding/privileged-psp-users/rbac.authorization.k8s.io//Group/privileged-psp-users", + "controls": [ + { + "controlID": "C-0007", + "name": "Data Destruction", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-excessive-delete-rights-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0015", + "name": "List Kubernetes secrets", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-can-list-get-secrets-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-subject-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0031", + "name": "Delete Kubernetes events", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-can-delete-k8s-events-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0002", + "name": "Exec into container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "exec-into-container-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0037", + "name": "CoreDNS poisoning", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-can-update-configmap-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0035", + "name": "Cluster-admin binding", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-list-all-cluster-admins-v1", + "status": "passed", + "subStatus": "" + } + ] + } + ] + }, + "path=3320416280/api=/v1//Pod/test-storageos-redis-pvc": { + "resourceID": "path=3320416280/api=/v1//Pod/test-storageos-redis-pvc", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=3410538888/api=/v1//Pod/iscsipd": { + "resourceID": "path=3410538888/api=/v1//Pod/iscsipd", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=3477583934/api=apps/v1//DaemonSet/newrelic-agent": { + "resourceID": "path=3477583934/api=apps/v1//DaemonSet/newrelic-agent", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "failed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "failed", + "subStatus": "", + "paths": [ + { + "failedPath": "spec.template.spec.volumes[4].hostPath.path", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "spec.template.spec.volumes[2].hostPath.path", + "fixPath": { + "path": "", + "value": "" + } + } + ] + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "failed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "failed", + "subStatus": "", + "paths": [ + { + "failedPath": "spec.template.spec.containers[0].securityContext.privileged", + "fixPath": { + "path": "", + "value": "" + } + } + ] + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "failed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "failed", + "subStatus": "", + "paths": [ + { + "fixPath": { + "path": "spec.template.spec.containers[0].volumeMounts[1].readOnly", + "value": "true" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].volumeMounts[4].readOnly", + "value": "true" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].volumeMounts[2].readOnly", + "value": "true" + } + }, + { + "fixPath": { + "path": "spec.template.spec.containers[0].volumeMounts[3].readOnly", + "value": "true" + } + } + ] + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=3500983908/api=/v1//Pod/test-vmdk": { + "resourceID": "path=3500983908/api=/v1//Pod/test-vmdk", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=3509025531/api=/v1//Pod/exclusive-1": { + "resourceID": "path=3509025531/api=/v1//Pod/exclusive-1", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=3558141930/api=apps/v1//DaemonSet/sysdig-agent": { + "resourceID": "path=3558141930/api=apps/v1//DaemonSet/sysdig-agent", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "failed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "failed", + "subStatus": "", + "paths": [ + { + "failedPath": "spec.template.spec.volumes[0].hostPath.path", + "fixPath": { + "path": "", + "value": "" + } + } + ] + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "failed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "failed", + "subStatus": "", + "paths": [ + { + "failedPath": "spec.template.spec.containers[0].securityContext.privileged", + "fixPath": { + "path": "", + "value": "" + } + } + ] + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "failed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "failed", + "subStatus": "", + "paths": [ + { + "failedPath": "spec.template.spec.containers[0].volumeMounts[1].readOnly", + "fixPath": { + "path": "", + "value": "" + } + }, + { + "failedPath": "spec.template.spec.containers[0].volumeMounts[0].readOnly", + "fixPath": { + "path": "", + "value": "" + } + } + ] + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "", + "paths": [ + { + "failedPath": "spec.template.spec.containers[0].env[0].name", + "fixPath": { + "path": "", + "value": "" + } + } + ] + } + ] + } + ] + }, + "path=3571225109/api=/v1//Pod/rbd2": { + "resourceID": "path=3571225109/api=/v1//Pod/rbd2", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=3590015798/api=apps/v1//Deployment/wordpress-mysql": { + "resourceID": "path=3590015798/api=apps/v1//Deployment/wordpress-mysql", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=3597332639/api=/v1//Pod/pvpod": { + "resourceID": "path=3597332639/api=/v1//Pod/pvpod", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=360486720/api=apps/v1//Deployment/selenium-node-firefox": { + "resourceID": "path=360486720/api=apps/v1//Deployment/selenium-node-firefox", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=3640850942/api=/v1//Pod/aws-web": { + "resourceID": "path=3640850942/api=/v1//Pod/aws-web", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=3704629386/api=/v1//Namespace/spark-cluster": { + "resourceID": "path=3704629386/api=/v1//Namespace/spark-cluster", + "controls": [ + { + "controlID": "C-0054", + "name": "Cluster internal networking", + "status": { + "status": "failed" + }, + "rules": [ + { + "name": "internal-networking", + "status": "failed", + "subStatus": "" + } + ] + } + ] + }, + "path=3723380040/api=/v1//Pod/mongo": { + "resourceID": "path=3723380040/api=/v1//Pod/mongo", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=3752391393/api=/v1//Pod/pod-uses-managed-ssd-5g": { + "resourceID": "path=3752391393/api=/v1//Pod/pod-uses-managed-ssd-5g", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=3786668685/api=/v1//Pod/pod-uses-shared-hdd-5g": { + "resourceID": "path=3786668685/api=/v1//Pod/pod-uses-shared-hdd-5g", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=3816001728/api=/v1//Namespace/production": { + "resourceID": "path=3816001728/api=/v1//Namespace/production", + "controls": [ + { + "controlID": "C-0054", + "name": "Cluster internal networking", + "status": { + "status": "failed" + }, + "rules": [ + { + "name": "internal-networking", + "status": "failed", + "subStatus": "" + } + ] + } + ] + }, + "path=3956515230/api=apps/v1//Deployment/nfs-busybox": { + "resourceID": "path=3956515230/api=apps/v1//Deployment/nfs-busybox", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=4043445812/api=/v1//Pod/cinder-web": { + "resourceID": "path=4043445812/api=/v1//Pod/cinder-web", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=408697109/api=/v1//Pod/azure": { + "resourceID": "path=408697109/api=/v1//Pod/azure", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=4127094879/api=/v1//Pod/cephfs": { + "resourceID": "path=4127094879/api=/v1//Pod/cephfs", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=412878698/api=/v1//Pod/pod-0": { + "resourceID": "path=412878698/api=/v1//Pod/pod-0", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=4220232153/api=/v1//Pod/pod-uses-managed-ssd-5g": { + "resourceID": "path=4220232153/api=/v1//Pod/pod-uses-managed-ssd-5g", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=4225410628/api=/v1/default/Pod/nginx-nfs": { + "resourceID": "path=4225410628/api=/v1/default/Pod/nginx-nfs", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=4243859702/api=apps/v1//Deployment/nfs-web": { + "resourceID": "path=4243859702/api=apps/v1//Deployment/nfs-web", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=4254843773/api=/v1//Pod/pod-sio-small": { + "resourceID": "path=4254843773/api=/v1//Pod/pod-sio-small", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=4269563566/api=/v1//Pod/pod-uses-account-hdd-5g": { + "resourceID": "path=4269563566/api=/v1//Pod/pod-uses-account-hdd-5g", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=429729459/api=/v1//Pod/rbd": { + "resourceID": "path=429729459/api=/v1//Pod/rbd", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=514195027/api=/v1//Pod/nimbus": { + "resourceID": "path=514195027/api=/v1//Pod/nimbus", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=521797316/api=/v1//Pod/test-portworx-volume-pod": { + "resourceID": "path=521797316/api=/v1//Pod/test-portworx-volume-pod", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=523279561/api=/v1//Pod/pvpod": { + "resourceID": "path=523279561/api=/v1//Pod/pvpod", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=53107229/api=/v1//Pod/test-storageos-redis-sc-pvc": { + "resourceID": "path=53107229/api=/v1//Pod/test-storageos-redis-sc-pvc", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=538584284/api=apps/v1//StatefulSet/web": { + "resourceID": "path=538584284/api=apps/v1//StatefulSet/web", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=572476074/api=/v1//Pod/nginx": { + "resourceID": "path=572476074/api=/v1//Pod/nginx", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=591008312/api=apps/v1//Deployment/frontend": { + "resourceID": "path=591008312/api=apps/v1//Deployment/frontend", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=658118788/api=apps/v1//Deployment/redis-master": { + "resourceID": "path=658118788/api=apps/v1//Deployment/redis-master", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=691674026/api=apps/v1//Deployment/redis-replica": { + "resourceID": "path=691674026/api=apps/v1//Deployment/redis-replica", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=772802103/api=apps/v1//Deployment/hazelcast": { + "resourceID": "path=772802103/api=apps/v1//Deployment/hazelcast", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=878229809/api=/v1//Pod/pod-uses-managed-hdd-5g": { + "resourceID": "path=878229809/api=/v1//Pod/pod-uses-managed-hdd-5g", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + }, + "path=969073979/api=/v1/default/Pod/nginx-dummy": { + "resourceID": "path=969073979/api=/v1/default/Pod/nginx-dummy", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + } + ] + } +} \ No newline at end of file diff --git a/reporthandling/results/v1/reportsummary/testdata/initSummaryDetails.json b/reporthandling/results/v1/reportsummary/testdata/initSummaryDetails.json new file mode 100644 index 00000000..a16ff42a --- /dev/null +++ b/reporthandling/results/v1/reportsummary/testdata/initSummaryDetails.json @@ -0,0 +1,1012 @@ +{ + "controls": { + "C-0002": { + "statusInfo": {}, + "controlID": "C-0002", + "name": "Exec into container", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 5 + }, + "C-0007": { + "statusInfo": {}, + "controlID": "C-0007", + "name": "Data Destruction", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 5 + }, + "C-0012": { + "statusInfo": {}, + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "C-0014": { + "statusInfo": {}, + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 2 + }, + "C-0015": { + "statusInfo": {}, + "controlID": "C-0015", + "name": "List Kubernetes secrets", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "C-0020": { + "statusInfo": {}, + "controlID": "C-0020", + "name": "Mount service principal", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "C-0021": { + "statusInfo": {}, + "controlID": "C-0021", + "name": "Exposed sensitive interfaces", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "C-0026": { + "statusInfo": {}, + "controlID": "C-0026", + "name": "Kubernetes CronJob", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 1 + }, + "C-0031": { + "statusInfo": {}, + "controlID": "C-0031", + "name": "Delete Kubernetes events", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "C-0035": { + "statusInfo": {}, + "controlID": "C-0035", + "name": "Cluster-admin binding", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "C-0036": { + "statusInfo": {}, + "controlID": "C-0036", + "name": "Malicious admission controller (validating)", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 3 + }, + "C-0037": { + "statusInfo": {}, + "controlID": "C-0037", + "name": "CoreDNS poisoning", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "C-0039": { + "statusInfo": {}, + "controlID": "C-0039", + "name": "Malicious admission controller (mutating)", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "C-0042": { + "statusInfo": {}, + "controlID": "C-0042", + "name": "SSH server running inside container", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 3 + }, + "C-0045": { + "statusInfo": {}, + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "C-0048": { + "statusInfo": {}, + "controlID": "C-0048", + "name": "HostPath mount", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "C-0052": { + "statusInfo": {}, + "controlID": "C-0052", + "name": "Instance Metadata API", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "C-0053": { + "statusInfo": {}, + "controlID": "C-0053", + "name": "Access container service account", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "C-0054": { + "statusInfo": {}, + "controlID": "C-0054", + "name": "Cluster internal networking", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "C-0057": { + "statusInfo": {}, + "controlID": "C-0057", + "name": "Privileged container", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "C-0058": { + "statusInfo": {}, + "controlID": "C-0058", + "name": "CVE-2021-25741 - Using symlink for arbitrary host file system access.", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "C-0059": { + "statusInfo": {}, + "controlID": "C-0059", + "name": "CVE-2021-25742-nginx-ingress-snippet-annotation-vulnerability", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "C-0066": { + "statusInfo": {}, + "controlID": "C-0066", + "name": "Secret/ETCD encryption enabled", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "C-0067": { + "statusInfo": {}, + "controlID": "C-0067", + "name": "Audit logs enabled", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 5 + }, + "C-0068": { + "statusInfo": {}, + "controlID": "C-0068", + "name": "PSP enabled", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 1 + }, + "C-0069": { + "statusInfo": {}, + "controlID": "C-0069", + "name": "Disable anonymous access to Kubelet service", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 10 + }, + "C-0070": { + "statusInfo": {}, + "controlID": "C-0070", + "name": "Enforce Kubelet client TLS authentication", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 9 + } + }, + "status": "", + "frameworks": [ + { + "controls": { + "C-0002": { + "statusInfo": {}, + "controlID": "C-0002", + "name": "Exec into container", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 5 + }, + "C-0007": { + "statusInfo": {}, + "controlID": "C-0007", + "name": "Data Destruction", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 5 + }, + "C-0012": { + "statusInfo": {}, + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "C-0014": { + "statusInfo": {}, + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 2 + }, + "C-0015": { + "statusInfo": {}, + "controlID": "C-0015", + "name": "List Kubernetes secrets", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "C-0020": { + "statusInfo": {}, + "controlID": "C-0020", + "name": "Mount service principal", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "C-0021": { + "statusInfo": {}, + "controlID": "C-0021", + "name": "Exposed sensitive interfaces", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "C-0026": { + "statusInfo": {}, + "controlID": "C-0026", + "name": "Kubernetes CronJob", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 1 + }, + "C-0031": { + "statusInfo": {}, + "controlID": "C-0031", + "name": "Delete Kubernetes events", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "C-0035": { + "statusInfo": {}, + "controlID": "C-0035", + "name": "Cluster-admin binding", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "C-0036": { + "statusInfo": {}, + "controlID": "C-0036", + "name": "Malicious admission controller (validating)", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 3 + }, + "C-0037": { + "statusInfo": {}, + "controlID": "C-0037", + "name": "CoreDNS poisoning", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "C-0039": { + "statusInfo": {}, + "controlID": "C-0039", + "name": "Malicious admission controller (mutating)", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "C-0042": { + "statusInfo": {}, + "controlID": "C-0042", + "name": "SSH server running inside container", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 3 + }, + "C-0045": { + "statusInfo": {}, + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "C-0048": { + "statusInfo": {}, + "controlID": "C-0048", + "name": "HostPath mount", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "C-0052": { + "statusInfo": {}, + "controlID": "C-0052", + "name": "Instance Metadata API", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "C-0053": { + "statusInfo": {}, + "controlID": "C-0053", + "name": "Access container service account", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "C-0054": { + "statusInfo": {}, + "controlID": "C-0054", + "name": "Cluster internal networking", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "C-0057": { + "statusInfo": {}, + "controlID": "C-0057", + "name": "Privileged container", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "C-0058": { + "statusInfo": {}, + "controlID": "C-0058", + "name": "CVE-2021-25741 - Using symlink for arbitrary host file system access.", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "C-0059": { + "statusInfo": {}, + "controlID": "C-0059", + "name": "CVE-2021-25742-nginx-ingress-snippet-annotation-vulnerability", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "C-0066": { + "statusInfo": {}, + "controlID": "C-0066", + "name": "Secret/ETCD encryption enabled", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "C-0067": { + "statusInfo": {}, + "controlID": "C-0067", + "name": "Audit logs enabled", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 5 + }, + "C-0068": { + "statusInfo": {}, + "controlID": "C-0068", + "name": "PSP enabled", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 1 + }, + "C-0069": { + "statusInfo": {}, + "controlID": "C-0069", + "name": "Disable anonymous access to Kubelet service", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 10 + }, + "C-0070": { + "statusInfo": {}, + "controlID": "C-0070", + "name": "Enforce Kubelet client TLS authentication", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 9 + } + }, + "name": "MITRE", + "status": "", + "version": "", + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "score": 0 + } + ], + "resourcesSeverityCounters": { + "criticalSeverity": 0, + "highSeverity": 0, + "mediumSeverity": 0, + "lowSeverity": 0 + }, + "controlsSeverityCounters": { + "criticalSeverity": 0, + "highSeverity": 0, + "mediumSeverity": 0, + "lowSeverity": 0 + }, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "score": 0 +} \ No newline at end of file diff --git a/reporthandling/results/v1/reportsummary/testdata/resourcesResult.json b/reporthandling/results/v1/reportsummary/testdata/resourcesResult.json new file mode 100644 index 00000000..199bb238 --- /dev/null +++ b/reporthandling/results/v1/reportsummary/testdata/resourcesResult.json @@ -0,0 +1,110 @@ +{ + "resourceID": "path=3590015798/api=apps/v1//Deployment/wordpress-mysql", + "controls": [ + { + "controlID": "C-0048", + "name": "HostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-any-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-rw-hostpath", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0020", + "name": "Mount service principal", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "alert-mount-potential-credentials-paths", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0057", + "name": "Privileged container", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-privilege-escalation", + "status": "passed", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "rules": [ + { + "controlConfigurations": { + "sensitiveKeyNames": [ + "aws_access_key_id", + "aws_secret_access_key", + "azure_batchai_storage_account", + "azure_batchai_storage_key", + "azure_batch_account", + "azure_batch_key", + "secret", + "key", + "password", + "pwd", + "token", + "jwt", + "bearer", + "credential" + ], + "sensitiveValuesAllowed": [] + }, + "name": "rule-credentials-in-env-var", + "status": "skipped", + "subStatus": "" + } + ] + }, + { + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": { + "status": "passed" + }, + "rules": [ + { + "name": "rule-access-dashboard-wl-v1", + "status": "passed", + "subStatus": "" + } + ] + } + ] +} \ No newline at end of file diff --git a/reporthandling/results/v1/reportsummary/testdata/summaryDetails.json b/reporthandling/results/v1/reportsummary/testdata/summaryDetails.json new file mode 100644 index 00000000..801eb481 --- /dev/null +++ b/reporthandling/results/v1/reportsummary/testdata/summaryDetails.json @@ -0,0 +1,1068 @@ +{ + "controls": { + "C-0002": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0002", + "name": "Exec into container", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 4, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 5 + }, + "C-0007": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0007", + "name": "Data Destruction", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 4, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 5 + }, + "C-0012": { + "statusInfo": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": "skipped", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 85, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "C-0014": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 89, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 2 + }, + "C-0015": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0015", + "name": "List Kubernetes secrets", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 4, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "C-0020": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0020", + "name": "Mount service principal", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 85, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "C-0021": { + "statusInfo": {}, + "controlID": "C-0021", + "name": "Exposed sensitive interfaces", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "C-0026": { + "statusInfo": {}, + "controlID": "C-0026", + "name": "Kubernetes CronJob", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 1 + }, + "C-0031": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0031", + "name": "Delete Kubernetes events", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 4, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "C-0035": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0035", + "name": "Cluster-admin binding", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 4, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "C-0036": { + "statusInfo": {}, + "controlID": "C-0036", + "name": "Malicious admission controller (validating)", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 3 + }, + "C-0037": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0037", + "name": "CoreDNS poisoning", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 4, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "C-0039": { + "statusInfo": {}, + "controlID": "C-0039", + "name": "Malicious admission controller (mutating)", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "C-0042": { + "statusInfo": {}, + "controlID": "C-0042", + "name": "SSH server running inside container", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 3 + }, + "C-0045": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 82, + "failedResources": 3, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "C-0048": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0048", + "name": "HostPath mount", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 82, + "failedResources": 3, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "C-0052": { + "statusInfo": {}, + "controlID": "C-0052", + "name": "Instance Metadata API", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "C-0053": { + "statusInfo": {}, + "controlID": "C-0053", + "name": "Access container service account", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "C-0054": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0054", + "name": "Cluster internal networking", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 4, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "C-0057": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0057", + "name": "Privileged container", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 81, + "failedResources": 4, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "C-0058": { + "statusInfo": {}, + "controlID": "C-0058", + "name": "CVE-2021-25741 - Using symlink for arbitrary host file system access.", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "C-0059": { + "statusInfo": {}, + "controlID": "C-0059", + "name": "CVE-2021-25742-nginx-ingress-snippet-annotation-vulnerability", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "C-0066": { + "statusInfo": {}, + "controlID": "C-0066", + "name": "Secret/ETCD encryption enabled", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "C-0067": { + "statusInfo": {}, + "controlID": "C-0067", + "name": "Audit logs enabled", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 5 + }, + "C-0068": { + "statusInfo": {}, + "controlID": "C-0068", + "name": "PSP enabled", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 1 + }, + "C-0069": { + "statusInfo": {}, + "controlID": "C-0069", + "name": "Disable anonymous access to Kubelet service", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 10 + }, + "C-0070": { + "statusInfo": {}, + "controlID": "C-0070", + "name": "Enforce Kubelet client TLS authentication", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 9 + } + }, + "status": "", + "frameworks": [ + { + "controls": { + "C-0002": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0002", + "name": "Exec into container", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 4, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 5 + }, + "C-0007": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0007", + "name": "Data Destruction", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 4, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 5 + }, + "C-0012": { + "statusInfo": { + "status": "skipped", + "subStatus": "configuration", + "info": "Control missing configuration" + }, + "controlID": "C-0012", + "name": "Applications credentials in configuration files", + "status": "skipped", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 85, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "C-0014": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0014", + "name": "Access Kubernetes dashboard", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 89, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 2 + }, + "C-0015": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0015", + "name": "List Kubernetes secrets", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 4, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "C-0020": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0020", + "name": "Mount service principal", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 85, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "C-0021": { + "statusInfo": {}, + "controlID": "C-0021", + "name": "Exposed sensitive interfaces", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "C-0026": { + "statusInfo": {}, + "controlID": "C-0026", + "name": "Kubernetes CronJob", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 1 + }, + "C-0031": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0031", + "name": "Delete Kubernetes events", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 4, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "C-0035": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0035", + "name": "Cluster-admin binding", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 4, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "C-0036": { + "statusInfo": {}, + "controlID": "C-0036", + "name": "Malicious admission controller (validating)", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 3 + }, + "C-0037": { + "statusInfo": { + "status": "passed" + }, + "controlID": "C-0037", + "name": "CoreDNS poisoning", + "status": "passed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 4, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "C-0039": { + "statusInfo": {}, + "controlID": "C-0039", + "name": "Malicious admission controller (mutating)", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "C-0042": { + "statusInfo": {}, + "controlID": "C-0042", + "name": "SSH server running inside container", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 3 + }, + "C-0045": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0045", + "name": "Writable hostPath mount", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 82, + "failedResources": 3, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "C-0048": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0048", + "name": "HostPath mount", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 82, + "failedResources": 3, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "C-0052": { + "statusInfo": {}, + "controlID": "C-0052", + "name": "Instance Metadata API", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 7 + }, + "C-0053": { + "statusInfo": {}, + "controlID": "C-0053", + "name": "Access container service account", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "C-0054": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0054", + "name": "Cluster internal networking", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 4, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 4 + }, + "C-0057": { + "statusInfo": { + "status": "failed" + }, + "controlID": "C-0057", + "name": "Privileged container", + "status": "failed", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 81, + "failedResources": 4, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "C-0058": { + "statusInfo": {}, + "controlID": "C-0058", + "name": "CVE-2021-25741 - Using symlink for arbitrary host file system access.", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "C-0059": { + "statusInfo": {}, + "controlID": "C-0059", + "name": "CVE-2021-25742-nginx-ingress-snippet-annotation-vulnerability", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 8 + }, + "C-0066": { + "statusInfo": {}, + "controlID": "C-0066", + "name": "Secret/ETCD encryption enabled", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 6 + }, + "C-0067": { + "statusInfo": {}, + "controlID": "C-0067", + "name": "Audit logs enabled", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 5 + }, + "C-0068": { + "statusInfo": {}, + "controlID": "C-0068", + "name": "PSP enabled", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 1 + }, + "C-0069": { + "statusInfo": {}, + "controlID": "C-0069", + "name": "Disable anonymous access to Kubelet service", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 10 + }, + "C-0070": { + "statusInfo": {}, + "controlID": "C-0070", + "name": "Enforce Kubelet client TLS authentication", + "status": "", + "resourceIDs": {}, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "subStatusCounters": { + "ignoredResources": 0 + }, + "score": 0, + "scoreFactor": 9 + } + }, + "name": "MITRE", + "status": "", + "version": "", + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "score": 0 + } + ], + "resourcesSeverityCounters": { + "criticalSeverity": 0, + "highSeverity": 10, + "mediumSeverity": 4, + "lowSeverity": 0 + }, + "controlsSeverityCounters": { + "criticalSeverity": 0, + "highSeverity": 0, + "mediumSeverity": 0, + "lowSeverity": 0 + }, + "ResourceCounters": { + "passedResources": 0, + "failedResources": 0, + "skippedResources": 0, + "excludedResources": 0 + }, + "score": 0 +} \ No newline at end of file From 705e5b647a0221925d38480fa009c2b2b8eda622 Mon Sep 17 00:00:00 2001 From: David Wertenteil Date: Wed, 22 Feb 2023 22:30:11 +0200 Subject: [PATCH 2/2] Update reporthandling/helpers/v1/listing.go Co-authored-by: Vlad Klokun --- reporthandling/helpers/v1/listing.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/reporthandling/helpers/v1/listing.go b/reporthandling/helpers/v1/listing.go index 6d6cd3a1..308f39d2 100644 --- a/reporthandling/helpers/v1/listing.go +++ b/reporthandling/helpers/v1/listing.go @@ -131,7 +131,7 @@ func (all *AllLists) ToUniqueResources() { trimmed = append(trimmed, all.skipped...) all.passed = slices.TrimStableUnique(all.passed, trimmed) - // remove failed, skipped and skipped from "other" list + // remove failed, skipped and passed from "other" list trimmed = append(trimmed, all.passed...) all.other = slices.TrimStableUnique(all.other, trimmed) }