-
Notifications
You must be signed in to change notification settings - Fork 2
/
.checkov.yml
39 lines (38 loc) · 1.26 KB
/
.checkov.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
skip-check:
- CKV_SECRET_6
- CKV_K8S_21
- CKV_DOCKER_2
- CKV_ARGO_2
# "Ensure Workflow pods are not using the default ServiceAccount."
# - Doesn't matter when just running integration tests
- CKV_ARGO_1
# Prefer using secrets as files over secrets as environment variables
- CKV_K8S_35
# "Image should use digest"
- CKV_K8S_43
# "Image Pull Policy should be Always"
- CKV_K8S_15
# "Ensure that Service Account Tokens are only mounted where necessary"
- CKV_K8S_38
# "CPU limits should be set"
- CKV_K8S_11
# "CPU requests should be set"
- CKV_K8S_10
# "Memory requests should be set"
- CKV_K8S_12
# "Memory limits should be set"
- CKV_K8S_13
# "Ensure that the seccomp profile is set to docker/default or runtime/default"
# all container-level securityContexts are already set to this
- CKV_K8S_31
# "Containers should run as a high UID to avoid host conflict"
# only happens because the postgresql container is ran as uid 1001
- CKV_K8S_40
# "Use read-only filesystem for containers where possible"
# true everywhere except for the postgres image
- CKV_K8S_22
# "Apply security context to your pods and containers"
# security contexts are applied to containers
- CKV_K8S_29
skip-path:
- src/list/frontend/deploy/data/