Skip to content
This repository has been archived by the owner on Sep 22, 2024. It is now read-only.

Tracking bug: Unable to skip checkov check CKV2_K8S_5 for specific recources #174

Open
PurpleBriar opened this issue Jan 27, 2023 · 0 comments
Open

Tracking bug: Unable to skip checkov check CKV2_K8S_5 for specific recources #174

PurpleBriar opened this issue Jan 27, 2023 · 0 comments
Labels
Bug Something isn't working Enhancement New feature or request
Milestone
M6

Comments

@PurpleBriar
Copy link
Contributor

PurpleBriar commented Jan 27, 2023
edited
Loading

Currently, checkov check CKV2_K8S_5, which flags service accounts that can access all secrets, is skipped globally when checkov is run on pull request creation. Ideally, the check should be skipped only for the specific cluster role binding ClusterRoleBinding.default.secretprovidersyncing-rolebinding, which needs to skip this check, since it requires access to all secrets. This is a known issue, common to several CKV2 checks and should be addressed when Checkov resolves it. The issue is documented in their repository here: bridgecrewio/checkov#4332
@PurpleBriar PurpleBriar changed the title Tracking bug: Unable to skip checkov check CKV2_K8S_6 for specific recources Tracking bug: Unable to skip checkov check CKV2_K8S_5for specific recources Jan 27, 2023
@PurpleBriar PurpleBriar changed the title Tracking bug: Unable to skip checkov check CKV2_K8S_5for specific recources Tracking bug: Unable to skip checkov check CKV2_K8S_5 for specific recources Jan 27, 2023
@PurpleBriar PurpleBriar added Bug Something isn't working Enhancement New feature or request labels Jan 27, 2023
@PurpleBriar PurpleBriar added this to the M6 milestone Jan 27, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Bug Something isn't working Enhancement New feature or request
Projects
None yet
Milestone
M6
Development

No branches or pull requests
1 participant
@PurpleBriar