From 24ebe0bc72d9141ba8930bfb7ee21c01dc33c974 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Guilherme=20Vanz?= Date: Thu, 6 Jul 2023 14:21:30 -0300 Subject: [PATCH] feat: background audit config, severity and category annotations. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Updates policy metadata.yml file adding the new configuration to enabled background audit checks and adds two new annotations used by the audit scanner in its reports. Signed-off-by: José Guilherme Vanz --- metadata.yml | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/metadata.yml b/metadata.yml index 7055eef..da1741e 100644 --- a/metadata.yml +++ b/metadata.yml @@ -1,8 +1,13 @@ rules: -- apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] - operations: ["CREATE", "UPDATE"] + - apiGroups: + - '' + apiVersions: + - v1 + resources: + - pods + operations: + - CREATE + - UPDATE mutating: true contextAware: false executionMode: kubewarden-wapc @@ -11,11 +16,14 @@ annotations: io.artifacthub.displayName: Selinux PSP io.artifacthub.resources: Pod io.artifacthub.keywords: psp, container, runtime, selinux + # kubewarden specific io.kubewarden.policy.ociUrl: ghcr.io/kubewarden/policies/selinux-psp - # rest io.kubewarden.policy.title: selinux-psp - io.kubewarden.policy.description: Replacement for the Kubernetes Pod Security Policy that controls the usage of SELinux - io.kubewarden.policy.author: "Kubewarden developers " + io.kubewarden.policy.description: Replacement for the Kubernetes Pod Security Policy + that controls the usage of SELinux + io.kubewarden.policy.author: Kubewarden developers io.kubewarden.policy.url: https://github.com/kubewarden/selinux-psp-policy io.kubewarden.policy.source: https://github.com/kubewarden/selinux-psp-policy io.kubewarden.policy.license: Apache-2.0 + io.kubewarden.policy.category: PSP + io.kubewarden.policy.severity: medium