devsecops

Remove PodSecurityPolicy in the helm manifest

helm install trivy . --namespace trivy --create-namespace

W1018 19:47:44.637292   21571 warnings.go:70] policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+
W1018 19:47:44.745250   21571 warnings.go:70] policy/v1beta1 PodSecurityPolicy is de

Describe the solution you'd like
Replace with [a-z0-9_ .\-,] with [\w\-.=] in rules' regexes. Cleans up the rules a bit

Additional context
https://regex101.com/r/TJAZtE/1

Hello Team,
Here is the my current checkov_scan.yml file
name: Run Checkov action serverless
id: checkov1
uses: bridgecrewio/checkov-action@master
with:
#skip_check: CKV_AWS_23 # optional: skip a specific check_id
#quiet: true # optional: display only failed checks
#log_level: DEBUG # optional: set log level. Default WARNING

terrascan version: 1.9.0
terraform version: 1.0.1

Enhancement Request

Other security scanning tools (e.g. checkov and tfsec) have a --soft-fail flag or equivalent option that allows you to always exit with 0 status.

Extremely useful when running the tool without halting a pipeline for example.

I currently use a workaround, but something more concrete would be very desira

Slack us first!
Hello. I write about problem here:
https://owasp.slack.com/archives/C2P5BA8MN/p1624892081234100

Be informative
As additional into slack I find the same behaviour with Risk Accepted findings. Into Metrics I see 0 Risk Accepted findings, but I have 1 Risk Accepted finding

Bug description
No error. Metrics into product, or metrics dushboard has incorrect info

The current swagger definition is autogenerated. The automatically generated definitions rely on reflection and annotations to create the documentation. The reflection capabilities are poor at best and lead to missing API parameters. Annotations can help in some cases, but the only fix for Swagger is to create individual POJOs for every possible request. This will lead to unnecessary large number

Hi,

It would be interesting to have those new rules integrated in ChopChop, see : https://github.com/nnposter/nndefaccts/blob/master/http-default-accounts-fingerprints-nndefaccts.lua

As a user of the secureCodeBox
I want to access the docs for the auto-discovery on the docs page
to be able to use configure and use it properly

Include auto-discovery docs on the docs page
Add a link to the docs page to the menu

devsecops

Here are 360 public repositories matching this topic...

MobSF / Mobile-Security-Framework-MobSF

aquasecurity / trivy

zricethezav / gitleaks

toniblyx / prowler

aquasecurity / tfsec

bridgecrewio / checkov

infobyte / faraday

devsecops / awesome-devsecops

accurics / terrascan

Enhancement Request

bunkerity / bunkerized-nginx

baidu / openrasp

DefectDojo / django-DefectDojo

ajinabraham / nodejsscan

archerysec / archerysec

madhuakula / kubernetes-goat

gravitl / netmaker

hahwul / dalfox

DependencyTrack / dependency-track

ajinabraham / CMSScan

deepfence / ThreatMapper

GitGuardian / ggshield

guardrailsio / awesome-php-security

sottlmarek / DevSecOps

octarinesec / kube-scan

bridgecrewio / terragoat

HXSecurity / DongTai-agent-java

hysnsec / awesome-threat-modelling

OWASP / glue

michelin / ChopChop

secureCodeBox / secureCodeBox

Improve this page

Add this topic to your repo