generated from giantswarm/template-operator
-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add use of the runtime/default seccomp profile. (#270)
* Add use of the runtime/default seccomp profile. * Made deployment use new seccomp profile. * Update .nancy-ignore Co-authored-by: Laszlo Uveges <laszlo@giantswarm.io> Thanks for reviewing, before releasing, please confirm this doesn't break anything. (It shouldn't)
- Loading branch information
Showing
6 changed files
with
149 additions
and
23 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,31 +1,18 @@ | ||
| # pkg:golang/github.com/hashicorp/consul/sdk@v0.9.0 | ||
| CVE-2022-29153 until=2022-12-31 | ||
| CVE-2022-24687 until=2022-12-31 | ||
| # pkg:golang/github.com/hashicorp/consul/api@v1.15.3 | ||
| CVE-2022-29153 until=2023-06-30 | ||
|
|
||
| # pkg:golang/github.com/hashicorp/consul/api@v1.12.0 | ||
| CVE-2021-41803 until=2022-12-31 | ||
| # pkg:golang/github.com/hashicorp/consul/sdk@v0.3.0 | ||
| CVE-2022-29153 until=2023-06-30 | ||
|
|
||
| # pkg:golang/github.com/kataras/iris/v12@v12.1.8 | ||
| CVE-2021-23772 until=2022-12-31 | ||
| CVE-2021-23772 until=2023-06-30 | ||
|
|
||
| # pkg:golang/k8s.io/apiserver@v0.24.3 | ||
| # This is present in the current latest v0.26.0 as well | ||
| sonatype-2022-6522 until=2023-02-01 | ||
| # pkg:golang/github.com/nats-io/nats-server/v2@v2.9.0 | ||
| CVE-2022-42709 until=2023-06-30 | ||
| CVE-2022-42708 until=2023-06-30 | ||
|
|
||
| # pkg:golang/github.com/urfave/negroni@v1.0.0 | ||
| sonatype-2021-1485 until=2022-12-31 | ||
|
|
||
| # pkg:golang/github.com/nats-io/nats-server/v2@v2.5.0 | ||
| CVE-2022-42709 until=2022-12-31 | ||
| CVE-2022-42708 until=2022-12-31 | ||
| sonatype-2021-1485 until=2023-06-30 | ||
|
|
||
| # pkg:golang/k8s.io/apiserver@v0.24.3 | ||
| # The current latest v0.26.0 has the same issue | ||
| sonatype-2022-6522 until=2023-02-01 | ||
|
|
||
| # pkg:golang/golang.org/x/text@v0.3.7 | ||
| CVE-2022-32149 until=2022-12-31 | ||
|
|
||
| # pkg:golang/github.com/hashicorp/vault/sdk@v0.5.3 | ||
| # pkg:golang/github.com/hashicorp/vault/api@v1.7.2 | ||
| CVE-2022-36129 until=2022-12-31 | ||
| sonatype-2022-6522 until=2023-06-30 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,118 @@ | ||
| { | ||
| "$schema": "http://json-schema.org/schema#", | ||
| "type": "object", | ||
| "properties": { | ||
| "github": { | ||
| "type": "object", | ||
| "properties": { | ||
| "token": { | ||
| "type": "string" | ||
| } | ||
| } | ||
| }, | ||
| "image": { | ||
| "type": "object", | ||
| "properties": { | ||
| "name": { | ||
| "type": "string" | ||
| }, | ||
| "tag": { | ||
| "type": "string" | ||
| } | ||
| } | ||
| }, | ||
| "k8sJwtToVaultTokenImage": { | ||
| "type": "object", | ||
| "properties": { | ||
| "name": { | ||
| "type": "string" | ||
| }, | ||
| "tag": { | ||
| "type": "string" | ||
| } | ||
| } | ||
| }, | ||
| "managementCluster": { | ||
| "type": "object", | ||
| "properties": { | ||
| "name": { | ||
| "type": "string" | ||
| } | ||
| } | ||
| }, | ||
| "pod": { | ||
| "type": "object", | ||
| "properties": { | ||
| "group": { | ||
| "type": "object", | ||
| "properties": { | ||
| "id": { | ||
| "type": "integer" | ||
| } | ||
| } | ||
| }, | ||
| "user": { | ||
| "type": "object", | ||
| "properties": { | ||
| "id": { | ||
| "type": "integer" | ||
| } | ||
| } | ||
| } | ||
| } | ||
| }, | ||
| "podSecurityContext": { | ||
| "type": "object", | ||
| "properties": { | ||
| "seccompProfile": { | ||
| "type": "object", | ||
| "properties": { | ||
| "type": { | ||
| "type": "string" | ||
| } | ||
| } | ||
| } | ||
| } | ||
| }, | ||
| "project": { | ||
| "type": "object", | ||
| "properties": { | ||
| "branch": { | ||
| "type": "string" | ||
| }, | ||
| "commit": { | ||
| "type": "string" | ||
| } | ||
| } | ||
| }, | ||
| "registry": { | ||
| "type": "object", | ||
| "properties": { | ||
| "domain": { | ||
| "type": "string" | ||
| } | ||
| } | ||
| }, | ||
| "securityContext": { | ||
| "type": "object", | ||
| "properties": { | ||
| "seccompProfile": { | ||
| "type": "object", | ||
| "properties": { | ||
| "type": { | ||
| "type": "string" | ||
| } | ||
| } | ||
| } | ||
| } | ||
| }, | ||
| "vault": { | ||
| "type": "object", | ||
| "properties": { | ||
| "address": { | ||
| "type": "string" | ||
| } | ||
| } | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters