- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
*.yaml files (93):

terraform/on-prem/ecc-k8s-026-apiserver_client_ca_file_argument_is_set/iam/026-policy.yml
terraform/on-prem/ecc-k8s-040-etcd_cert_file_and_key_file_arguments_are_set_as_appropriate/iam/040-policy.yml
terraform/on-prem/ecc-k8s-027-apiserver_etcd_cafile_argument_is_set/iam/027-policy.yml
terraform/on-prem/ecc-k8s-035-controller_manager_root_ca_file_argument_is_set/iam/035-policy.yml
terraform/on-prem/ecc-k8s-023-apiserver_service_account_key_file_argument_is_set/iam/023-policy.yml
terraform/on-prem/ecc-k8s-043-etcd_cluster_peer_cert_file_and_peer_key_file_arguments_are_set_as_appropriate/iam/043-policy.yml
terraform/on-prem/ecc-k8s-028-apiserver_encryption_provider_config_argument_is_set/green/encryption_config.yml
terraform/on-prem/ecc-k8s-028-apiserver_encryption_provider_config_argument_is_set/iam/028-policy.yml
terraform/on-prem/ecc-k8s-025-apiserver_tls_cert_file_and_tls_private_key_file_arguments_are_set/iam/025-policy.yml
terraform/on-prem/ecc-k8s-024-apiserver_etcd_certfile_and_etcd_keyfile_arguments_are_set/iam/024-policy.yml
policies/on-prem/ecc-k8s-038-scheduler_profiling_argument_is_set_to_false.yml
policies/on-prem/ecc-k8s-032-controller_manager_profiling_argument_is_set_to_false.yml
policies/on-prem/ecc-k8s-051-default_namespace_should_not_be_used_for_configmap.yml
policies/on-prem/ecc-k8s-025-apiserver_tls_cert_file_and_tls_private_key_file_arguments_are_set.yml
policies/on-prem/ecc-k8s-075-default_namespace_should_not_be_used_for_secret.yml
policies/on-prem/ecc-k8s-049-seccomp_profile_is_set_to_docker_default_in_pod_definitions.yml
policies/on-prem/ecc-k8s-080-memory_limits_are_set.yml
policies/on-prem/ecc-k8s-027-apiserver_etcd_cafile_argument_is_set.yml
policies/on-prem/ecc-k8s-007-apiserver_authorization_mode_argument_includes_node.yml
policies/on-prem/ecc-k8s-086-apply_security_context_to_your_pods_and_containers.yml
policies/on-prem/ecc-k8s-061-minimize_the_admission_of_windows_hostprocess_containers.yml
policies/on-prem/ecc-k8s-068-liveness_probe_is_configured.yml
policies/on-prem/ecc-k8s-016-apiserver_profiling_argument_is_set_to_false.yml
policies/on-prem/ecc-k8s-014-apiserver_admission_control_plugin_namespacelifecycle_is_set.yml
policies/on-prem/ecc-k8s-001-apiserver_anonymous_auth_argument_is_set_to_false.yml
policies/on-prem/ecc-k8s-072-readonly_filesystem_is_configured.yml
policies/on-prem/ecc-k8s-076-cpu_request_is_set.yml
policies/on-prem/ecc-k8s-078-cpu_limits_are_set.yml
policies/on-prem/ecc-k8s-070-minimize-the-admission-of-root-containers.yml
policies/on-prem/ecc-k8s-047-minimize_wildcard_use_in_roles.yml
policies/on-prem/ecc-k8s-013-apiserver_admission_control_plugin_serviceaccount_is_set.yml
policies/on-prem/ecc-k8s-009-apiserver_admission_control_plugin_eventratelimit_is_set.yml
policies/on-prem/ecc-k8s-003-apiserver_admission_control_plugin_denyserviceexternalips_is_set.yml
policies/on-prem/ecc-k8s-024-apiserver_etcd_certfile_and_etcd_keyfile_arguments_are_set.yml
policies/on-prem/ecc-k8s-066-minimize_the_admission_of_containers_with_the_net_raw_capability.yml
policies/on-prem/ecc-k8s-002-apiserver_token_auth_file_parameter_is_not_set.yml
policies/on-prem/ecc-k8s-074-prefer_using_secrets_as_files_over_secrets_as_environment_variables_for_pod.yml
policies/on-prem/ecc-k8s-036-controller_manager_rotatekubeletservercertificate_argument_is_set_to_true.yml
policies/on-prem/ecc-k8s-048-minimize_wildcard_use_in_clusterroles.yml
policies/on-prem/ecc-k8s-034-controller_manager_service_account_private_key_file_argument_is_set.yml
policies/on-prem/ecc-k8s-050-default_namespace_should_not_be_used_for_pods.yml
policies/on-prem/ecc-k8s-028-apiserver_encryption_provider_config_argument_is_set.yml
policies/on-prem/ecc-k8s-092-basic_auth_file_argument_not_set_openshift_kube_apiserver.yml
policies/on-prem/ecc-k8s-063-minimize_the_admission_of_containers_with_allowprivilegeescalation.yml
policies/on-prem/ecc-k8s-058-sa_tokens_are_only_mounted_where_necessary.yml
policies/on-prem/ecc-k8s-067-minimize_the_admission_of_containers_with_added_capabilities.yml
policies/on-prem/ecc-k8s-020-apiserver_audit_log_maxsize_argument_is_set_to_100.yml
policies/on-prem/ecc-k8s-056-minimize_the_admission_of_privileged_containers.yml
policies/on-prem/ecc-k8s-079-memory_requests_are_set.yml
policies/on-prem/ecc-k8s-060-minimize_the_admission_of_hostpath_volumes.yml
policies/on-prem/ecc-k8s-081-sys_admin_capability_is_not_used.yml
policies/on-prem/ecc-k8s-045-etcd_cluster_peer_auto_tls_argument_is_not_set_to_true.yml
policies/on-prem/ecc-k8s-040-etcd_cert_file_and_key_file_arguments_are_set_as_appropriate.yml
policies/on-prem/ecc-k8s-082-limit_use_of_bind_impersonate_escalate_cluster_role.yml
policies/on-prem/ecc-k8s-062-minimize_the_admission_of_containers_wishing_to_share_the_host_ipc_namespace.yml
policies/on-prem/ecc-k8s-019-apiserver_audit_log_maxbackup_argument_is_set_to_10.yml
policies/on-prem/ecc-k8s-054-minimize_the_admission_of_containers_which_use_hostports.yml
policies/on-prem/ecc-k8s-044-etcd_cluster_peer_client_cert_auth_argument_is_set_to_true.yml
policies/on-prem/ecc-k8s-071-minimize_the_admission_of_containers_with_capabilities_assigned.yml
policies/on-prem/ecc-k8s-026-apiserver_client_ca_file_argument_is_set.yml
policies/on-prem/ecc-k8s-059-service_account_tokens_are_only_mounted_where_necessary_in_pods.yml
policies/on-prem/ecc-k8s-023-apiserver_service_account_key_file_argument_is_set.yml
policies/on-prem/ecc-k8s-065-minimize_the_admission_of_containers_wishing_to_share_the_host_process_id_namespace.yml
policies/on-prem/ecc-k8s-008-apiserver_authorization_mode_argument_includes_rbac.yml
policies/on-prem/ecc-k8s-042-etcd_auto_tls_argument_is_not_set_to_true.yml
policies/on-prem/ecc-k8s-010-apiserver_admission_control_plugin_alwaysadmit_is_not_set.yml
policies/on-prem/ecc-k8s-012-apiserver_admission_control_plugin_securitycontextdeny_is_set.yml
policies/on-prem/ecc-k8s-017-apiserver_audit_log_path_argument_is_set.yml
policies/on-prem/ecc-k8s-052-default_namespace_should_not_be_used_for_deployment.yml
policies/on-prem/ecc-k8s-015-apiserver_admission_control_plugin_noderestriction_is_set.yml
policies/on-prem/ecc-k8s-022-apiserver_service_account_lookup_argument_is_set_to_true.yml
policies/on-prem/ecc-k8s-043-etcd_cluster_peer_cert_file_and_peer_key_file_arguments_are_set_as_appropriate.yml
policies/on-prem/ecc-k8s-018-apiserver_audit_log_maxage_argument_is_set_to_30.yml
policies/on-prem/ecc-k8s-035-controller_manager_root_ca_file_argument_is_set.yml
policies/on-prem/ecc-k8s-057-at_least_baseline_pod_security_level_policy_enforced_for_namespaces.yml
policies/on-prem/ecc-k8s-069-readiness_probe_is_configured.yml
policies/on-prem/ecc-k8s-077-limit_use_of_bind_impersonate_escalate_role.yml
policies/on-prem/ecc-k8s-064-minimize_the_admission_of_containers_wishing_to_share_the_host_network_namespace.yml
policies/on-prem/ecc-k8s-041-etcd_client_cert_auth_argument_is_set_to_true.yml
policies/on-prem/ecc-k8s-087-minimize_access_to_secrets_in_roles.yml
policies/on-prem/ecc-k8s-006-apiserver_authorization_mode_argument_is_not_set_to_alwaysallow.yml
policies/on-prem/ecc-k8s-033-controller_manager_use_service_account_credentials_argument_is_set_to_true.yml
policies/on-prem/ecc-k8s-053-default_namespace_should_not_be_used_for_role.yml
policies/on-prem/ecc-k8s-039-scheduler_bind_address_argument_is_set_to_127_0_0_1.yml
policies/on-prem/ecc-k8s-088-minimize_access_to_secrets_in_clusterroles.yml
policies/on-prem/ecc-k8s-005-apiserver_kubelet_certificate_authority_argument_is_set.yml
policies/on-prem/ecc-k8s-011-apiserver_admission_control_plugin_alwayspullimages_is_set.yml
policies/on-prem/ecc-k8s-031-controller_manager_terminated_pod_gc_threshold_argument_is_set_as_appropriate.yml
policies/on-prem/ecc-k8s-021-apiserver_request_timeout_argument_is_set_as_appropriate.yml
policies/on-prem/ecc-k8s-037-controller_manager_bind_address_argument_is_set_to_127_0_0_1.yml
policies/on-prem/ecc-k8s-030-apiserver_apiserver_only_makes_use_of_strong_cryptographic_ciphers.yml
policies/on-prem/ecc-k8s-004-apiserver_kubelet_client_certificate_and_kubelet_client_key_arguments_are_set.yml
.github/workflows/actions/install_custodian/action.yml
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
*. files (7):

terraform/on-prem/ecc-k8s-074-prefer_using_secrets_as_files_over_secrets_as_environment_variables_for_pod/green/secretfile
terraform/on-prem/ecc-k8s-071-minimize_the_admission_of_containers_with_capabilities_assigned/green/dockerfile
terraform/on-prem/ecc-k8s-071-minimize_the_admission_of_containers_with_capabilities_assigned/red2/dockerfile
terraform/on-prem/ecc-k8s-071-minimize_the_admission_of_containers_with_capabilities_assigned/red3/dockerfile
LICENSE
version
version-custodian
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
*.gitkeep files (6):

terraform/azure/.gitkeep
terraform/gcp/.gitkeep
terraform/aws/.gitkeep
policies/azure/.gitkeep
policies/gcp/.gitkeep
policies/aws/.gitkeep
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
*.whitelisted_green files (1):

tests/.whitelisted_green
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
*.except_delay_list files (1):

tests/.except_delay_list
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
*.whitelisted_red files (1):

tests/.whitelisted_red
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
*.except_list files (1):

tests/.except_list
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
*.exception_rules_with_resources_count files (1):

tests/.exception_rules_with_resources_count
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -