-
-
# Action
I want author to provide some directions about interface design if he agreed. so I or others can have confident in creating PR.
# Rationale
`AsyncManagementEnforcer.add_function` accep…
-
Kubearmor connects to the container-runtime to get the mount-namespace and other details (for eg, container image details etc).
These details are used subsequently in the telemetry/log enrichment. Fo…
-
## Feature Request
**Short Description**
Support for VMware Tanzu needs to be validated. Validation has to be done for:
- [ ] enforcement supported? What is the LSM used?
- [ ] Audit/Observabi…
-
### Is your feature request related to a problem? Please describe.
Periodic scans against existing resources against policy. Should probably use Pepr's `watch`
**The primary risk** - if there ar…
-
**Is your feature request related to a problem? Please describe.**
Tagging today requires extensive updating, editing, and populating of each and every configuration file. Additionally there is no w…
-
### Describe the feature
The policy statements are evaluated in order.
Let's say you want to deny s3:PutObjectAcl for all roles outside of the company but an existing s3 bucket policy allows thi…
-
## Problem Description
When one or more rules are manually removed from a ruleset or when required status checks are modified, Safe Settings doesn't detect any changes. Interestingly, it does detect …
-
### Describe the bug
When using keycloak-authorization, the public endpoints (e.g. /q/health/live) are logging following exception when keycloak is not reachable (due to restart or something else).
…
-
When rolling out policies, it is common to have to exempt some namespaces for each policy you want to roll out. Once exempted, however, there isn't a good way to look back at what's been exempted and…