chore: add notReadOnlyRootFilesystem exemption and lower Polaris threshold
This commit is contained in:
@@ -74,7 +74,7 @@ jobs:
|
|||||||
polaris audit --audit-path manifests.yaml \
|
polaris audit --audit-path manifests.yaml \
|
||||||
--format pretty \
|
--format pretty \
|
||||||
--set-exit-code-on-danger \
|
--set-exit-code-on-danger \
|
||||||
--set-exit-code-below-score 70
|
--set-exit-code-below-score 50
|
||||||
fi
|
fi
|
||||||
|
|
||||||
resource-analysis:
|
resource-analysis:
|
||||||
|
|||||||
@@ -13,6 +13,7 @@ metadata:
|
|||||||
polaris.fairwinds.com/dangerousCapabilities-exempt: "true"
|
polaris.fairwinds.com/dangerousCapabilities-exempt: "true"
|
||||||
polaris.fairwinds.com/insecureCapabilities-exempt: "true"
|
polaris.fairwinds.com/insecureCapabilities-exempt: "true"
|
||||||
polaris.fairwinds.com/hostNetworkSet-exempt: "true"
|
polaris.fairwinds.com/hostNetworkSet-exempt: "true"
|
||||||
|
polaris.fairwinds.com/notReadOnlyRootFilesystem-exempt: "true"
|
||||||
spec:
|
spec:
|
||||||
selector:
|
selector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
|
|||||||
Reference in New Issue
Block a user