search

falcosecurity / rules

Falco rule repository
https://falcosecurity.github.io/rules/
Apache License 2.0
93 stars 68 forks source link

cleanup(rules): adjust priority for Run shell untrusted #129

Closed incertum closed 1 year ago

incertum commented 1 year ago

What type of PR is this?

Uncomment one (or more) /kind <> lines:

/kind feature

/kind bug

/kind cleanup

/kind design

/kind documentation

/kind failing-test

Any specific area of the project related to this PR?

Uncomment one (or more) /area <> lines:

/area rules

/area registry

/area build

/area documentation

Proposed rule maturity level

Uncomment one (or more) /area <> lines (only for PRs that add or modify rules):

/area maturity-stable

/area maturity-incubating

/area maturity-sandbox

/area maturity-deprecated

What this PR does / why we need it:

@darryk10 adjusting priority for "Run shell untrusted". In addition, will propose an update to the https://falco.org/docs/rules/style-guide/ stating no upstream rule shall be of priority debug, so that no adopter needs to run Falco with priority set to debug unless they choose to based on their customizations ...

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

poiana commented 1 year ago

@incertum: The label(s) area/maturity-stable cannot be applied, because the repository doesn't have them.

In response to [this](https://github.com/falcosecurity/rules/pull/129): > > >**What type of PR is this?** > >> Uncomment one (or more) `/kind <>` lines: > >> /kind feature > >> /kind bug > >/kind cleanup > >> /kind design > >> /kind documentation > >> /kind failing-test > > > > >**Any specific area of the project related to this PR?** > >> Uncomment one (or more) `/area <>` lines: > >/area rules > >> /area registry > >> /area build > >> /area documentation > > > >**Proposed rule [maturity level](https://github.com/falcosecurity/rules/blob/main/CONTRIBUTING.md#maturity-levels)** > >> Uncomment one (or more) `/area <>` lines (only for PRs that add or modify rules): > >/area maturity-stable > >> /area maturity-incubating > >> /area maturity-sandbox > >> /area maturity-deprecated > > > >**What this PR does / why we need it**: > >@darryk10 adjusting priority for "Run shell untrusted". In addition, will propose an update to the https://falco.org/docs/rules/style-guide/ stating no upstream rule shall be of priority debug, so that no adopter needs to run Falco with priority set to debug unless they choose to based on their customizations ... > >**Which issue(s) this PR fixes**: > > > >Fixes # > >**Special notes for your reviewer**: > Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
github-actions[bot] commented 1 year ago

Rules files suggestions

falco_rules.yaml

Comparing f1bef220b4be70e4e50d64f8923737eebbd24477 with latest tag falco-rules-1.0.1

Major changes:

Patch changes:

poiana commented 1 year ago

LGTM label has been added.

Git tree hash: 707d2ba4856b2223e5bc52e62dbfa50735b703c8

poiana commented 1 year ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Andreagit97, darryk10, incertum

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/falcosecurity/rules/blob/main/OWNERS)~~ [Andreagit97,incertum] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment