-
Notifications
You must be signed in to change notification settings - Fork 2
/
.checkov.yml
23 lines (23 loc) · 1.05 KB
/
.checkov.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
skip-check:
- CKV_DOCKER_3
- CKV_DOCKER_2
# CKV_K8S_21: "The default namespace should not be used" - used for simple testing inside a KinD cluster
- CKV_K8S_21
# CKV_K8S_10: "CPU requests should be set" - ignored for iter8 job pod
- CKV_K8S_10
# CKV_K8S_11: "CPU limits should be set" - ignored for iter8 job pod
- CKV_K8S_11
# CKV_K8S_12: "Memory requests should be set"
- CKV_K8S_12
# CKV_K8S_13: "Memory limits should be set" - ignored for iter8 job pod
- CKV_K8S_13
# CKV_K8S_15: "Image Pull Policy should be Always" - ignored for digest-pinned iter8
- CKV_K8S_15
# CKV_K8S_12: "Memory requests should be set" - ignored for iter8
- CKV_K8S_12
# CKV_K8S_38: "Ensure that Service Account Tokens are only mounted where necessary" - necessary for iter8
- CKV_K8S_38
# CKV_ARGO_2: "Ensure Workflow pods are running as non-root user" - necessary, see inline comments in workflow and Dockerfile
- CKV_ARGO_2
# CKV_SECRET_6: "Base64 High Entropy String" - already covered by gitleaks & co. with more configuration options.
- CKV_SECRET_6