-
Notifications
You must be signed in to change notification settings - Fork 69
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cleanup(rules): re-balance rules, bump several rules to maturity_incubating #140
Conversation
Rules files suggestionsfalco_rules.yamlComparing Major changes:
Patch changes:
|
Hi @incertum just a quick question/comment: Looking at the maturity level, the |
…bating Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
6d0e159
to
000705e
Compare
We need to update the document as with the intention of splitting the rules, disabled now means we don't ship them by default. Taking a note of that in the tracking issue.
Thank you and agreed, I have removed them from the upgrade for now. |
Rules files suggestionsfalco_rules.yamlComparing Major changes:
Patch changes:
|
👍 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
thanks
LGTM label has been added. Git tree hash: b322c83e6fb512fb030aca7dfdaffdc8d48f31e2
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: darryk10, incertum, leogr The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
What type of PR is this?
/kind cleanup
Any specific area of the project related to this PR?
/area rules
Proposed rule maturity level
/area maturity-incubating
What this PR does / why we need it:
Proposing to re-balance the following rules and assign maturity_incubating.
-> Complementing "Detect release_agent File Container Escapes"
-> Complementing "Netcat Remote Code Execution in Container" or "Redirect STDOUT/STDIN to Network Connection in Container"
-> Complementing rules around reading sensitive files from the /etc directory
-> Complementing "Contact K8S API Server From Container", "Launch Excessively Capable Container", ...
-> Of general interest, complementing "Run shell untrusted" and the like from the existing stable and incubating rules
Which issue(s) this PR fixes:
#126
Fixes #
Special notes for your reviewer: