Skip to content
GitLab
Unverified Commit c7da9e5d authored by Alex Fedin's avatar Alex Fedin Committed by GitHub
Browse files

fix: fix default rules (#486)

parent 693f9ae0
main 620-disable-spinner-when-detecting-runs-in-ci-to-avoid-messing-up-logs-with-spinner-etc 702-datree-not-working-in-our-air-gapped-environment 746-offline-mode-does-not-work 762-unexpected-yaml-validation-error-did-not-find-expected-indicator DAT-3842-add-policy-config-flag DAT-3842-policy-config-flag DAT-3843-create-schema-in-cli-for-policies.yaml-validation DAT-3845_add_offline_flag_in_config_yaml DAT-3873-helm-kustomize-msg-color DAT-3877-skip-k8s-validation DAT-3878_add_--no-record_flag DAT-3879_implement_resource_quotas_custom_keys DAT-3938_bug-fixes DAT-3938_extract-skipping-annotations-policy-check-flow DAT-3958_support_no_intetnet_connection_offline_local DAT-4003-isCi-query-param DAT-4011_evluation-duration DAT-4019_datree-test-validate-yaml-command DAT-4019_datree-validate-yaml-command DAT-4060_validate-yaml-send-result-data DAT-4065-fix-offline-mode DAT-4075-yml-validation-array DAT-4105-remove-validate-yaml DAT-4132-junit-output-fix-crash-invalid-configurations DAT-4341-create-a-new-default-policy-all-rules DAT-4389-verbose-support-all-output-formats DAT-4405-remove-travis-cicd-impl DAT-4427-cli-add-save-rendered-flag DAT-add-architecture-image ISSUE#570_support_customResourceDefinition_kind ISSUE#573_support_JUnit_output_format ISSUE#638_support_schema_validation_in_offline_mode ISSUE#799_pre-commit_permission_denied_fix add-kustomize-cmd-description add-v-tag-rc add_cluster_integration_submodule add_offline_check_in_k8s_validator add_rego_support add_tests_to_fragile_areas_of_code adjust_error_message_for_k8s_schema_not_found argo-rules argoproj codeowners cverule debug_save_read_default_rules_files dima-wrong docs error-misspelling-metadataname fix-CONTAINERS_MISSING_MEMORY_REQUEST_KEY fix-homedir fix-properties-default-rules fix-version-message-print-empty fix_defaultRules_test_files hadar-co-patch-1 line-err logfile metadatarule minor_changes_to_policies_yaml_validation nsa-docs nsa-rules nsa-test-files offerings offline_mode_indenify_network_error_fix patch-1-resove-conflicts perf-files policy-config-description pre_commit_hook_with_datreeci prestoprule probe-rules refactor_datree_kustomize_test refactor_datree_kustomize_test_2 refactors_in_printers release/1.0.1 release/1.0.15 release/1.0.6 release/1.1.10 release/1.1.14 release/1.1.17 release/1.1.2 release/1.1.20 release/1.1.22 release/1.1.4 release/1.1.5 release/1.1.6 release/1.2.0 release/1.2.10 release/1.2.2 release/1.2.9 release/1.3.0 release/1.3.2 release/1.3.4 release/1.3.5 release/1.4.0 release/1.4.10 release/1.4.13 release/1.4.17 release/1.4.19 release/1.4.20 release/1.4.22 release/1.4.26 release/1.4.28 release/1.4.3 release/1.4.30 release/1.4.32 release/1.4.33 release/1.4.35 release/1.4.37 release/1.4.4 release/1.5.0 release/1.5.15 release/1.5.16 release/1.5.17 release/1.5.19 release/1.5.2 release/1.5.20 release/1.5.25 release/1.5.29 release/1.5.3 release/1.5.30 release/1.5.35 release/1.5.36 release/1.5.37 release/1.5.7 release/1.5.9 release/1.6.0 release/1.6.12 release/1.6.13 release/1.6.14 release/1.6.16 release/1.6.18 release/1.6.19 release/1.6.23 release/1.6.24 release/1.6.25 release/1.6.26 release/1.6.27 release/1.6.28 release/1.6.29 release/1.6.32 release/1.6.33 release/1.6.36 release/1.6.37 release/1.6.40 release/1.6.42 release/1.6.44 release/1.6.46 release/1.6.48 release/1.6.6 release/1.7.1 release/1.7.3 release/1.8.0 release/1.8.1 remove-debug-log report_execution_environment resty-client running_test_on_non_k8s_yaml_files_with_--only-k8s-files_raises_an_error_#430 sarif schemadir secretrules skip-schema-validation-flag sort_failed_rules_by_uniqe_names svg-logo test_pre_commit_hook update-architecture-img use_DI_to_get_config_home 1.8.2-rc 1.8.1 1.8.1-rc 1.8.0 1.8.0-rc 1.7.3 1.7.3-rc 1.7.2-rc 1.7.1 1.7.1-rc 1.7.0-rc 1.6.49-rc 1.6.48 1.6.48-rc 1.6.47-rc 1.6.46 1.6.46-rc 1.6.45-rc 1.6.44 1.6.44-rc 1.6.43-rc 1.6.42 1.6.42-rc 1.6.41-rc 1.6.40 1.6.40-rc 1.6.39-rc 1.6.38-rc 1.6.37 1.6.37-rc 1.6.36 1.6.36-rc 1.6.35-rc 1.6.34-rc 1.6.33 1.6.33-rc 1.6.32 1.6.32-rc 1.6.31-rc 1.6.30-rc 1.6.29 1.6.29-rc 1.6.28 1.6.28-rc 1.6.27 1.6.27-rc 1.6.26 1.6.26-rc 1.6.25 1.6.25-rc 1.6.24 1.6.24-rc 1.6.23 1.6.23-rc 1.6.22-rc 1.6.21-rc 1.6.20-rc 1.6.19 1.6.19-rc 1.6.18 1.6.18-rc 1.6.17-rc 1.6.16 1.6.16-rc 1.6.15-rc 1.6.14 1.6.14-rc 1.6.13 1.6.13-rc 1.6.12 1.6.12-rc 1.6.11-rc 1.6.10-rc 1.6.9-rc 1.6.8-rc 1.6.7-rc 1.6.6 1.6.6-rc 1.6.5-rc 1.6.4-rc 1.6.3-rc 1.6.2-rc 1.6.1-rc 1.6.0 1.6.0-rc 1.5.38-rc 1.5.37 1.5.37-rc 1.5.36 1.5.36-rc 1.5.35 1.5.35-rc 1.5.34-rc 1.5.33-rc 1.5.32-rc 1.5.31-rc 1.5.30 1.5.30-rc 1.5.29 1.5.29-rc 1.5.28-rc 1.5.27-rc 1.5.26-rc 1.5.25 1.5.25-rc 1.5.24-rc 1.5.23-rc 1.5.22-rc 1.5.21-rc 1.5.20 1.5.20-rc 1.5.19 1.5.19-rc 1.5.18-rc 1.5.17 1.5.17-rc 1.5.16 1.5.16-rc 1.5.15 1.5.15-rc 1.5.14-rc 1.5.13-rc 1.5.12-rc 1.5.11-rc 1.5.10-rc 1.5.9 1.5.9-rc 1.5.8-rc 1.5.7 1.5.7-rc 1.5.6-rc 1.5.5-rc 1.5.4-rc 1.5.3 1.5.3-rc 1.5.2 1.5.2-rc 1.5.1-rc 1.5.0 1.5.0-rc 1.4.40-rc-dima-test 1.4.39-rc 1.4.38-rc 1.4.37 1.4.37-rc 1.4.36-rc 1.4.35 1.4.35-rc 1.4.34-rc 1.4.33 1.4.33-rc 1.4.32 1.4.32-rc 1.4.31-rc 1.4.30 1.4.30-rc 1.4.29-rc 1.4.28 1.4.28-rc 1.4.27-rc 1.4.26 1.4.26-rc 1.4.25-rc 1.4.24-rc 1.4.23-rc 1.4.22 1.4.22-rc 1.4.21-rc 1.4.20 1.4.20-rc 1.4.19 1.4.19-rc 1.4.18-rc 1.4.17 1.4.17-rc 1.4.16-rc 1.4.15-rc 1.4.14-rc 1.4.13 1.4.13-rc 1.4.12-rc 1.4.11-rc 1.4.10 1.4.10-rc 1.4.9-rc 1.4.8-rc 1.4.7-rc 1.4.6-rc 1.4.5-rc 1.4.4 1.4.4-rc 1.4.3 1.4.3-rc 1.4.2-rc 1.4.1-rc 1.4.0 1.4.0-rc 1.3.11-rc 1.3.10-rc 1.3.9-rc 1.3.8-rc 1.3.7-rc 1.3.6-rc 1.3.5 1.3.5-rc 1.3.4 1.3.4-rc 1.3.3-rc 1.3.2 1.3.2-rc 1.3.1-rc 1.3.0 1.3.0-rc 1.2.11-rc 1.2.10 1.2.10-rc 1.2.9 1.2.9-rc 1.2.8-rc 1.2.7-rc 1.2.6-rc 1.2.5-rc 1.2.4-rc 1.2.3-rc 1.2.2 1.2.2-rc 1.2.1-rc 1.2.0 1.2.0-rc 1.1.25-rc 1.1.24-rc 1.1.23-rc 1.1.22 1.1.22-rc 1.1.21-rc 1.1.20 1.1.20-rc 1.1.19-rc 1.1.18-rc 1.1.17 1.1.17-rc 1.1.16-rc 1.1.15-rc 1.1.14 1.1.14-rc 1.1.13-rc 1.1.12-rc 1.1.11-rc 1.1.10 1.1.10-rc 1.1.9-rc 1.1.8-rc 1.1.7-rc 1.1.6 1.1.6-rc 1.1.5 1.1.5-rc 1.1.4-rc 1.1.3-rc 1.1.2 1.1.2-rc 1.1.1-rc 1.1.0-rc 1.0.17-rc 1.0.16-rc 1.0.15 1.0.15-rc 1.0.14-rc 1.0.13-rc 1.0.12-rc 1.0.11-rc 1.0.10-yishay-rc 1.0.10-rc 1.0.9-rc 1.0.8-rc 1.0.7-rc 1.0.6 1.0.6-rc 1.0.5-rc 1.0.4-rc 1.0.3-rc 1.0.2-rc 1.0.1 1.0.1-rc 1.0.0-rc 0.16.19-rc 0.16.18-rc 0.16.17-rc 0.16.16-rc 0.16.15-rc 0.16.14-rc 0.16.13-rc 0.16.12-rc 0.16.11-rc 0.16.10-rc 0.16.9-rc vv1.4.41-rc v1.8.2-rc v1.8.1 v1.8.1-rc v1.8.0 v1.8.0-rc v1.7.3 v1.7.3-rc v1.7.2-rc v1.7.1 v1.7.1-rc v1.7.0-rc v1.6.49-rc v1.6.48 v1.6.48-rc v1.6.47-rc v1.6.46 v1.6.46-rc v1.6.45-rc v1.6.44 v1.6.44-rc v1.6.43-rc v1.6.42 v1.6.42-rc v1.6.41-rc v1.6.40 v1.6.40-rc v1.6.39-rc v1.6.38-rc v1.6.37 v1.6.37-rc v1.6.36 v1.6.36-rc v1.6.35-rc v1.6.34-rc v1.6.33 v1.6.33-rc v1.6.32 v1.6.32-rc v1.6.31-rc v1.6.30-rc v1.6.29 v1.6.29-rc v1.6.28 v1.6.28-rc v1.6.27 v1.6.27-rc v1.6.26 v1.6.26-rc v1.6.25 v1.6.25-rc v1.6.24 v1.6.24-rc v1.6.23 v1.6.23-rc v1.6.22-rc v1.6.21-rc v1.6.20-rc v1.6.19 v1.6.19-rc v1.6.18 v1.6.18-rc v1.6.17-rc v1.6.16 v1.6.16-rc v1.6.15-rc v1.6.14 v1.6.14-rc v1.6.13 v1.6.13-rc v1.6.12 v1.6.12-rc v1.6.11-rc v1.6.10-rc v1.6.9-rc v1.6.8-rc v1.6.7-rc v1.6.6 v1.6.6-rc v1.6.5-rc v1.6.4-rc v1.6.3-rc v1.6.2-rc v1.6.1-rc v1.6.0 v1.6.0-rc v1.5.38-rc v1.5.37 v1.5.37-rc v1.5.36 v1.5.36-rc v1.5.35 v1.5.35-rc v1.5.34-rc v1.5.33-rc v1.5.32-rc v1.5.31-rc v1.5.30 v1.5.30-rc v1.5.29 v1.5.29-rc v1.5.28-rc v1.5.27-rc v1.5.26-rc v1.5.25 v1.5.25-rc v1.5.24-rc v1.5.23-rc v1.5.22-rc v1.5.21-rc v1.5.20 v1.5.20-rc v1.5.19 v1.5.19-rc v1.5.18-rc v1.5.17 v1.5.17-rc v1.5.16 v1.5.16-rc v1.5.15 v1.5.15-rc v1.5.14 v1.5.13 v1.5.12 v1.5.11 v1.5.10 v1.5.9 v1.5.7 v1.5.4-rc v1.5.3 v1.5.3-rc v1.5.2 v1.5.0 v1.4.43-rc v1.4.42-rc v1.4.41-rc v1.4.40-rc v1.4.40-rc-dima-test v0.0.189798_tzlil_debug v0.0.3 v0.0.2-extract_evaluation v0.0.1 v0.0.1-extract_evaluation v-extract_evaluation
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 27 additions and 15 deletions
+27 -15
pkg/policy/defaultRules.yaml
+ 27
- 15
View file @ c7da9e5d
......@@ -9,20 +9,20 @@ rules:
category: Containers
schema:
definitions:
imageValuePattern:
properties:
spec:
properties:
containers:
type: array
items:
properties:
image:
# catch all strings with image tag version
pattern: "\\@sha.*|:(\\w|\\.|\\-)+$"
not:
# ignore `latest` as image tag version
pattern: ".*:(latest|LATEST)$"
imageValuePattern:
properties:
spec:
properties:
containers:
type: array
items:
properties:
image:
# catch all strings with image tag version
pattern: "\\@sha.*|:(\\w|\\.|\\-)+$"
not:
# ignore `latest` as image tag version
pattern: ".*:(latest|LATEST)$"
allOf:
- $ref: "#/definitions/imageValuePattern"
additionalProperties:
......@@ -79,6 +79,10 @@ rules:
requests:
required:
- cpu
required:
- requests
required:
- resources
allOf:
- $ref: "#/definitions/cpuRequestPattern"
additionalProperties:
......@@ -107,6 +111,10 @@ rules:
limits:
required:
- memory
required:
- limits
required:
- resources
allOf:
- $ref: "#/definitions/memoryLimitPattern"
additionalProperties:
......@@ -114,7 +122,7 @@ rules:
items:
$ref: "#"
- id: 5
name: Ensure each container has a configured memory limit
name: Ensure each container has a configured CPU limit
uniqueName: CONTAINERS_MISSING_CPU_LIMIT_KEY
enabledByDefault: true
documentationUrl: 'https://hub.datree.io/ensure-cpu-limit'
......@@ -135,6 +143,10 @@ rules:
limits:
required:
- cpu
required:
- limits
required:
- resources
allOf:
- $ref: "#/definitions/cpuLimitPattern"
additionalProperties:
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

免费DevSecOps平台,让您的项目体验完整的DevSecOps流程,让项目更安全