This repository has been archived by the owner on Sep 22, 2024. It is now read-only.
Tracking bug: Unable to skip checkov check CKV2_K8S_5 for specific recources #174
Labels
Milestone
Currently, checkov check CKV2_K8S_5, which flags service accounts that can access all secrets, is skipped globally when checkov is run on pull request creation. Ideally, the check should be skipped only for the specific cluster role binding ClusterRoleBinding.default.secretprovidersyncing-rolebinding, which needs to skip this check, since it requires access to all secrets. This is a known issue, common to several CKV2 checks and should be addressed when Checkov resolves it. The issue is documented in their repository here: bridgecrewio/checkov#4332
The text was updated successfully, but these errors were encountered: