diff --git a/pkg/policies/opa/rego/k8s/kubernetes_ingress/AC-K8-NS-IN-H-0020.json b/pkg/policies/opa/rego/k8s/kubernetes_ingress/AC-K8-NS-IN-H-0020.json index 66db95165..afc2630c1 100644 --- a/pkg/policies/opa/rego/k8s/kubernetes_ingress/AC-K8-NS-IN-H-0020.json +++ b/pkg/policies/opa/rego/k8s/kubernetes_ingress/AC-K8-NS-IN-H-0020.json @@ -8,9 +8,10 @@ "prefix": "", "suffix": "" }, - "severity": "HIGH", + "severity": "MEDIUM", "description": "TLS disabled can affect the confidentiality of the data in transit", "reference_id": "AC-K8-NS-IN-H-0020", "category": "Infrastructure Security", - "version": 1 + "version": 1, + "id": "AC_K8S_0002" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/k8s/kubernetes_namespace/AC-K8-OE-NS-L-0128.json b/pkg/policies/opa/rego/k8s/kubernetes_namespace/AC-K8-OE-NS-L-0128.json index 6b1402988..53d9f50f6 100644 --- a/pkg/policies/opa/rego/k8s/kubernetes_namespace/AC-K8-OE-NS-L-0128.json +++ b/pkg/policies/opa/rego/k8s/kubernetes_namespace/AC-K8-OE-NS-L-0128.json @@ -12,5 +12,6 @@ "description": "No owner for namespace affects the operations", "reference_id": "AC-K8-OE-NS-L-0128", "category": "Security Best Practices", - "version": 1 + "version": 1, + "id": "AC_K8S_0013" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-CA-PO-H-0165.json b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-CA-PO-H-0165.json index 379b0442c..ca4d65440 100644 --- a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-CA-PO-H-0165.json +++ b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-CA-PO-H-0165.json @@ -19,5 +19,6 @@ "description": "Containers Should Not Run with AllowPrivilegeEscalation", "reference_id": "AC-K8-CA-PO-H-0165", "category": "Compliance Validation", - "version": 1 + "version": 1, + "id": "AC_K8S_0085" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-DS-PO-M-0176.json b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-DS-PO-M-0176.json index c03a5cfb7..52ab922a5 100644 --- a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-DS-PO-M-0176.json +++ b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-DS-PO-M-0176.json @@ -12,5 +12,6 @@ "description": "Ensure Kubernetes Dashboard Is Not Deployed", "reference_id": "AC-K8-DS-PO-M-0176", "category": "Data Protection", - "version": 1 + "version": 1, + "id": "AC_K8S_0067" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-DS-PO-M-0177.json b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-DS-PO-M-0177.json index d2c7889d2..633e754e6 100644 --- a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-DS-PO-M-0177.json +++ b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-DS-PO-M-0177.json @@ -12,5 +12,6 @@ "description": "Ensure That Tiller (Helm V2) Is Not Deployed", "reference_id": "AC-K8-DS-PO-M-0177", "category": "Data Protection", - "version": 1 + "version": 1, + "id": "AC_K8S_0071" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-H-0106.json b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-H-0106.json index 18be0afe0..a0fc3413f 100755 --- a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-H-0106.json +++ b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-H-0106.json @@ -12,5 +12,6 @@ "description": "Minimize the admission of privileged containers", "reference_id": "AC-K8-IA-PO-H-0106", "category": "Identity and Access Management", - "version": 1 + "version": 1, + "id": "AC_K8S_0046" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-H-0137.json b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-H-0137.json index 5efe595f7..93bb7a1f5 100755 --- a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-H-0137.json +++ b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-H-0137.json @@ -8,9 +8,10 @@ "prefix": "", "suffix": "" }, - "severity": "HIGH", + "severity": "MEDIUM", "description": "Allowing the pod to make system level calls provide access to host/node sensitive information", "reference_id": "AC-K8-IA-PO-H-0137", "category": "Identity and Access Management", - "version": 1 + "version": 1, + "id": "AC_K8S_0074" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-H-0138.json b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-H-0138.json index c66079894..c71a1cb36 100755 --- a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-H-0138.json +++ b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-H-0138.json @@ -12,5 +12,6 @@ "description": "Allowing hostPaths to mount to Pod arise the probability of getting access to the node's filesystem", "reference_id": "AC-K8-IA-PO-H-0138", "category": "Identity and Access Management", - "version": 1 + "version": 1, + "id": "AC_K8S_0076" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-H-0168.json b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-H-0168.json index 44145993c..aaee536e1 100755 --- a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-H-0168.json +++ b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-H-0168.json @@ -19,5 +19,6 @@ "description": "Minimize Admission of Root Containers", "reference_id": "AC-K8-IA-PO-H-0168", "category": "Identity and Access Management", - "version": 1 + "version": 1, + "id": "AC_K8S_0087" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-M-0105.json b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-M-0105.json index 371436256..f03043efa 100755 --- a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-M-0105.json +++ b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-M-0105.json @@ -12,5 +12,6 @@ "description": "Ensure that Service Account Tokens are only mounted where necessary", "reference_id": "AC-K8-IA-PO-M-0105", "category": "Identity and Access Management", - "version": 1 + "version": 1, + "id": "AC_K8S_0045" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-M-0135.json b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-M-0135.json index 0bfa03597..a110b9ce0 100755 --- a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-M-0135.json +++ b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-M-0135.json @@ -12,5 +12,6 @@ "description": "AppArmor profile not set to default or custom profile will make the container vulnerable to kernel level threats", "reference_id": "AC-K8-IA-PO-M-0135", "category": "Identity and Access Management", - "version": 1 + "version": 1, + "id": "AC_K8S_0073" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-M-0139.json b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-M-0139.json index d937ada1d..8e44bcc9d 100755 --- a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-M-0139.json +++ b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-M-0139.json @@ -12,5 +12,6 @@ "description": "Unmasking the procMount will allow more information than is necessary to the program running in the containers spawned by k8s", "reference_id": "AC-K8-IA-PO-M-0139", "category": "Identity and Access Management", - "version": 1 + "version": 1, + "id": "AC_K8S_0077" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-M-0140.json b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-M-0140.json index 1d3a0704f..2381555ff 100755 --- a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-M-0140.json +++ b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-M-0140.json @@ -19,5 +19,6 @@ "description": "Container images with readOnlyRootFileSystem set as false mounts the container root file system with write permissions", "reference_id": "AC-K8-IA-PO-M-0140", "category": "Identity and Access Management", - "version": 1 + "version": 1, + "id": "AC_K8S_0078" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-M-0141.json b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-M-0141.json index de99ced06..eb8ea84b1 100755 --- a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-M-0141.json +++ b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-M-0141.json @@ -12,5 +12,6 @@ "description": "Default seccomp profile not enabled will make the container to make non-essential system calls", "reference_id": "AC-K8-IA-PO-M-0141", "category": "Identity and Access Management", - "version": 1 + "version": 1, + "id": "AC_K8S_0080" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-M-0143.json b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-M-0143.json index 7c7fef442..49bb185bf 100755 --- a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-M-0143.json +++ b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-M-0143.json @@ -20,5 +20,6 @@ "description": "Some volume types mount the host file system paths to the pod or container, thus increasing the chance of escaping the container to access the host", "reference_id": "AC-K8-IA-PO-M-0143", "category": "Identity and Access Management", - "version": 1 + "version": 1, + "id": "AC_K8S_0081" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-M-0162.json b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-M-0162.json index 5a4304628..129a5caeb 100755 --- a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-M-0162.json +++ b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PO-M-0162.json @@ -14,5 +14,6 @@ "description": "Containers Should Not Share Host Process ID Namespace", "reference_id": "AC-K8-IA-PO-M-0162", "category": "Identity and Access Management", - "version": 1 + "version": 1, + "id": "AC_K8S_0082" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PS-M-0112.json b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PS-M-0112.json index 1d7ac0318..20a305503 100755 --- a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PS-M-0112.json +++ b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-IA-PS-M-0112.json @@ -13,5 +13,6 @@ "description": "Minimize the admission of containers with the NET_RAW capability", "reference_id": "AC-K8-IA-PS-M-0112", "category": "Identity and Access Management", - "version": 1 + "version": 1, + "id": "AC_K8S_0048" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-NS-PO-H-0117.json b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-NS-PO-H-0117.json index e5cc31b31..662b16fa6 100644 --- a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-NS-PO-H-0117.json +++ b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-NS-PO-H-0117.json @@ -12,5 +12,6 @@ "description": "Prefer using secrets as files over secrets as environment variables", "reference_id": "AC-K8-NS-PO-H-0117", "category": "Infrastructure Security", - "version": 1 + "version": 1, + "id": "AC_K8S_0051" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-NS-PO-H-0170.json b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-NS-PO-H-0170.json index f7a24a39c..52ed447ac 100644 --- a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-NS-PO-H-0170.json +++ b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-NS-PO-H-0170.json @@ -8,9 +8,10 @@ "prefix": "", "suffix": "" }, - "severity": "HIGH", + "severity": "MEDIUM", "description": "Do Not Use CAP_SYS_ADMIN Linux Capability", "reference_id": "AC-K8-NS-PO-H-0170", "category": "Infrastructure Security", - "version": 1 + "version": 1, + "id": "AC_K8S_0075" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-NS-PO-M-0122.json b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-NS-PO-M-0122.json index 88cdc3932..13adaec72 100644 --- a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-NS-PO-M-0122.json +++ b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-NS-PO-M-0122.json @@ -12,5 +12,6 @@ "description": "Apply Security Context to Your Pods and Containers", "reference_id": "AC-K8-NS-PO-M-0122", "category": "Infrastructure Security", - "version": 1 + "version": 1, + "id": "AC_K8S_0064" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-NS-PO-M-0133.json b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-NS-PO-M-0133.json index dea7128e3..d38e60168 100644 --- a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-NS-PO-M-0133.json +++ b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-NS-PO-M-0133.json @@ -12,5 +12,6 @@ "description": "Image without digest affects the integrity principle of image security", "reference_id": "AC-K8-NS-PO-M-0133", "category": "Infrastructure Security", - "version": 1 + "version": 1, + "id": "AC_K8S_0069" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-NS-PO-M-0163.json b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-NS-PO-M-0163.json index 8bc30c223..52c54fb70 100644 --- a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-NS-PO-M-0163.json +++ b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-NS-PO-M-0163.json @@ -14,5 +14,6 @@ "description": "Containers Should Not Share Host IPC Namespace", "reference_id": "AC-K8-NS-PO-M-0163", "category": "Infrastructure Security", - "version": 1 + "version": 1, + "id": "AC_K8S_0083" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-NS-PO-M-0164.json b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-NS-PO-M-0164.json index b4ed4d041..ab68b646e 100644 --- a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-NS-PO-M-0164.json +++ b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-NS-PO-M-0164.json @@ -14,5 +14,6 @@ "description": "Containers Should Not Share the Host Network Namespace", "reference_id": "AC-K8-NS-PO-M-0164", "category": "Infrastructure Security", - "version": 1 + "version": 1, + "id": "AC_K8S_0084" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-NS-PO-M-0171.json b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-NS-PO-M-0171.json index 10e93d889..0c40f4df3 100644 --- a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-NS-PO-M-0171.json +++ b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-NS-PO-M-0171.json @@ -15,5 +15,6 @@ "description": "Restrict Mounting Docker Socket in a Container", "reference_id": "AC-K8-NS-PO-M-0171", "category": "Infrastructure Security", - "version": 1 + "version": 1, + "id": "AC_K8S_0088" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-NS-PO-M-0182.json b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-NS-PO-M-0182.json index 8909f739a..3e427c218 100644 --- a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-NS-PO-M-0182.json +++ b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-NS-PO-M-0182.json @@ -12,5 +12,6 @@ "description": "Containers Should Run as a High UID to Avoid Host Conflict", "reference_id": "AC-K8-NS-PO-M-0182", "category": "Infrastructure Security", - "version": 1 + "version": 1, + "id": "AC_K8S_0079" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-OE-PK-M-0034.json b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-OE-PK-M-0034.json index 0837ae478..672ded732 100644 --- a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-OE-PK-M-0034.json +++ b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-OE-PK-M-0034.json @@ -17,5 +17,6 @@ "description": "AlwaysPullImages plugin is not set", "reference_id": "AC-K8-OE-PK-M-0034", "category": "Compliance Validation", - "version": 1 + "version": 1, + "id": "AC_K8S_0021" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-OE-PK-M-0155.json b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-OE-PK-M-0155.json index ca2b9b8d2..5a96a0048 100644 --- a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-OE-PK-M-0155.json +++ b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-OE-PK-M-0155.json @@ -19,5 +19,6 @@ "description": "CPU Request Not Set in config file.", "reference_id": "AC-K8-OE-PK-M-0155", "category": "Security Best Practices", - "version": 1 + "version": 1, + "id": "AC_K8S_0097" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-OE-PK-M-0156.json b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-OE-PK-M-0156.json index 5aca478b1..8b47a5f15 100644 --- a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-OE-PK-M-0156.json +++ b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-OE-PK-M-0156.json @@ -19,5 +19,6 @@ "description": "CPU Limits Not Set in config file.", "reference_id": "AC-K8-OE-PK-M-0156", "category": "Security Best Practices", - "version": 1 + "version": 1, + "id": "AC_K8S_0098" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-OE-PK-M-0157.json b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-OE-PK-M-0157.json index 989007c5c..68bfdcfaa 100644 --- a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-OE-PK-M-0157.json +++ b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-OE-PK-M-0157.json @@ -19,5 +19,6 @@ "description": "Memory Request Not Set in config file.", "reference_id": "AC-K8-OE-PK-M-0157", "category": "Security Best Practices", - "version": 1 + "version": 1, + "id": "AC_K8S_0099" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-OE-PK-M-0158.json b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-OE-PK-M-0158.json index 3ffd244d3..73fe8bf26 100644 --- a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-OE-PK-M-0158.json +++ b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-OE-PK-M-0158.json @@ -19,5 +19,6 @@ "description": "Memory Limits Not Set in config file.", "reference_id": "AC-K8-OE-PK-M-0158", "category": "Security Best Practices", - "version": 1 + "version": 1, + "id": "AC_K8S_0100" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-OE-PO-L-0129.json b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-OE-PO-L-0129.json index 3dcea22b7..1885819f6 100644 --- a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-OE-PO-L-0129.json +++ b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-OE-PO-L-0129.json @@ -14,5 +14,6 @@ "description": "No liveness probe will ensure there is no recovery in case of unexpected errors", "reference_id": "AC-K8-OE-PO-L-0129", "category": "Security Best Practices", - "version": 1 + "version": 1, + "id": "AC_K8S_0070" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-OE-PO-L-0130.json b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-OE-PO-L-0130.json index 021a3c784..94481c3a5 100644 --- a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-OE-PO-L-0130.json +++ b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-OE-PO-L-0130.json @@ -14,5 +14,6 @@ "description": "No readiness probe will affect automatic recovery in case of unexpected errors", "reference_id": "AC-K8-OE-PO-L-0130", "category": "Security Best Practices", - "version": 1 + "version": 1, + "id": "AC_K8S_0072" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-OE-PO-L-0134.json b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-OE-PO-L-0134.json index 42a2b336b..11b535ee7 100644 --- a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-OE-PO-L-0134.json +++ b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-OE-PO-L-0134.json @@ -12,5 +12,6 @@ "description": "No tag or container image with :Latest tag makes difficult to rollback and track", "reference_id": "AC-K8-OE-PO-L-0134", "category": "Security Best Practices", - "version": 1 + "version": 1, + "id": "AC_K8S_0068" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-OE-PO-M-0166.json b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-OE-PO-M-0166.json index c39f6fcd5..8451a7920 100644 --- a/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-OE-PO-M-0166.json +++ b/pkg/policies/opa/rego/k8s/kubernetes_pod/AC-K8-OE-PO-M-0166.json @@ -8,9 +8,10 @@ "prefix": "", "suffix": "" }, - "severity": "MEDIUM", + "severity": "HIGH", "description": "Default Namespace Should Not be Used", "reference_id": "AC-K8-OE-PO-M-0166", "category": "Security Best Practices", - "version": 1 + "version": 1, + "id": "AC_K8S_0086" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/k8s/kubernetes_service/AC-K8-NS-SE-M-0185.json b/pkg/policies/opa/rego/k8s/kubernetes_service/AC-K8-NS-SE-M-0185.json index c98f65ac6..5febff1b3 100644 --- a/pkg/policies/opa/rego/k8s/kubernetes_service/AC-K8-NS-SE-M-0185.json +++ b/pkg/policies/opa/rego/k8s/kubernetes_service/AC-K8-NS-SE-M-0185.json @@ -12,5 +12,6 @@ "description": "Ensure that the Tiller Service (Helm v2) is deleted", "reference_id": "AC-K8-NS-SE-M-0185", "category": "Infrastructure Security", - "version": 1 + "version": 1, + "id": "AC_K8S_0110" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/k8s/kubernetes_service/AC-K8-NS-SE-M-0188.json b/pkg/policies/opa/rego/k8s/kubernetes_service/AC-K8-NS-SE-M-0188.json index e4dbf26b9..a9b1e394d 100644 --- a/pkg/policies/opa/rego/k8s/kubernetes_service/AC-K8-NS-SE-M-0188.json +++ b/pkg/policies/opa/rego/k8s/kubernetes_service/AC-K8-NS-SE-M-0188.json @@ -12,5 +12,6 @@ "description": "Restrict the use of externalIPs", "reference_id": "AC-K8-NS-SE-M-0188", "category": "Infrastructure Security", - "version": 1 + "version": 1, + "id": "AC_K8S_0112" } \ No newline at end of file diff --git a/pkg/policies/opa/rego/k8s/kubernetes_service/AC-K8-NS-SV-L-0132.json b/pkg/policies/opa/rego/k8s/kubernetes_service/AC-K8-NS-SV-L-0132.json index 2632de1e2..7fb09f487 100644 --- a/pkg/policies/opa/rego/k8s/kubernetes_service/AC-K8-NS-SV-L-0132.json +++ b/pkg/policies/opa/rego/k8s/kubernetes_service/AC-K8-NS-SV-L-0132.json @@ -12,5 +12,6 @@ "description": "Nodeport service can expose the worker nodes as they have public interface", "reference_id": "AC-K8-NS-SV-L-0132", "category": "Infrastructure Security", - "version": 1 + "version": 1, + "id": "AC_K8S_0111" } \ No newline at end of file