-
## Overview
Currently it does not seem possible to easily supply an exceptions JSON file to Kubescape when using the helm chart.
## Problem
We would like to run Kubescape scans using the Operato…
-
### Background and proposal
**Context**
`kubescape` is an open-source tool to perform security scans on k8s resources. Repo: https://github.com/armosec/kubescape It generates security reports using …
-
A few while back PaloAltoNetwork published interesting work around overprivileged pods.
The coined trampoline pods as pods that had such powerful permissions that it allowed an adversary to escalate…
-
**Is your idea request related to a problem that you've solved? Please describe.**
A clear and concise description of the problem.
**Describe the best practice**
As part of the Security Best Prac…
-
# Description
synchronizer is failing with the following error:
```
{"level":"error","ts":"2024-06-05T13:18:14Z","msg":"giving up watch","error":"the server could not find the requested resource","…
-
Here is the function I implemented:
```
func loadMetadataFromPath(appFs afero.Fs, rootPath string) (*metav1.ObjectMeta, error) {
input, err := afero.ReadFile(appFs, rootPath)
if err != nil {
…
-
# Description
[Kubescape's documentation](https://hub.armosec.io/docs/c-0034) states, that auto-mounting a service account token should be disabled in the service account itself, or the pod-level. It…
-
## Overview
Kubescape supports some exceptions, but it is only possible at the level of pods. Since a pod can have more than one container, it would be useful to allow the exclusion of specific conta…
-
For people getting started with Kubescape, we should provide example `exceptions.json` files for popular platforms like kind, minikube and Docker Desktop.
That way, someone can see the state of a c…
-
The idea is to use Kubescape for automation. See: https://github.com/armosec/kubescape