add .semgrep.yml

TheTeaCat · TheTeaCat · commit 393702ccb6b9 · 2025-05-09T14:32:13.000+01:00
diff --git a/.semgrep.yml b/.semgrep.yml
@@ -0,0 +1,9 @@
+rules:
+  - id: yaml.kubernetes.security.privileged-container.privileged-container
+    severity: WARNING
+    languages: [yaml]
+    patterns:
+      - pattern: privileged: true
+    message: "Privileged containers should be avoided."
+    metadata:
+      ignore: true
diff --git a/kube_templates/daemonset.yaml b/kube_templates/daemonset.yaml
@@ -19,7 +19,7 @@ spec:
         image: ghcr.io/firetail-io/kubernetes-sensor:v0.1.5
         imagePullPolicy: IfNotPresent
         securityContext:
-          privileged: true # nosemgrep: yaml.kubernetes.security.privileged-container.privileged-container
+          privileged: true
         env:
         - name: FIRETAIL_API_URL
           value: "https://api.logging.eu-west-1.sandbox.firetail.app/logs/bulk"
