Improvement: CIS-5.7.4 The default namespace should not be used #644
Assignees
Comments
ad-zsolt-imre
changed the title
ad-zsolt-imre
changed the title
|
Hey Zsolt! Interesting catch, thank you! From the user's perspective, I think you're entirely correct. Let me check what CIS says about this; depending on that, we will fix it. Cheers |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Overview
I've go a report: CIS-5.7.4 The default namespace should not be used. It is highlighting that the
kubernetesEndpoint is in thedefaultnamespace. There are no other Endpoints in thedefaultnamespace. If I'm not mistaken the related rule impl is inrules/endpoints-in-default-namespace/raw.rego.Problem
I did some research and found that the
kubernetesEndpoint is acceptable to be in thedefaultnamespace. See screenshot of the CIS benchmark below.Solution
I'm probably not familiar with all the frameworks you are supporting, but, it the above mentioned rule is simply based on CIS (as indicated by the title) it would be great to have it updated to ignore the
kubernetesendpoint in thedefaultnamespace.Alternatives
N/A
Additional context
N/A
The text was updated successfully, but these errors were encountered: