Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: address api_server_authorized_ip_ranges false positives #4624

Closed
simar7 opened this issue Jun 13, 2023 Discussed in #4331 · 6 comments
Closed

fix: address api_server_authorized_ip_ranges false positives #4624

simar7 opened this issue Jun 13, 2023 Discussed in #4331 · 6 comments
Assignees
@simar7 @nikpivkin
Labels
kind/bug Categorizes issue or PR as related to a bug. scan/misconfiguration Issues relating to misconfiguration scanning

Comments

@simar7
Copy link
Member

simar7 commented Jun 13, 2023

Discussed in #4331

Originally posted by huornlmj March 15, 2023

Description

Trivy will ignore "authorized_ip_ranges" and will complain if it doesn't find the now deprecated term "api_server_authorized_ip_ranges"

CRITICAL: Cluster does not limit API access to specific IP addresses.

What did you expect to happen?

Not get a false positive, and for Trivy to observe the newer construct as a pass

What happened instead?

A failed scan
@simar7 simar7 added kind/bug Categorizes issue or PR as related to a bug. scan/misconfiguration Issues relating to misconfiguration scanning labels Jun 13, 2023
@nikpivkin
Copy link
Contributor

@simar7 Isn't this problem solved? However, there is a link to api_server_authorized_ip_ranges in several places.

@simar7
Copy link
Member Author

simar7 commented Jul 8, 2023

@simar7 Isn't this problem solved? However, there is a link to api_server_authorized_ip_ranges in several places.

Oh you might be right - what do you mean by link in several places?

@nikpivkin
Copy link
Contributor

nikpivkin commented Jul 8, 2023
edited
Loading

@simar7 Here and here. There should be links to authorized_ip_ranges here.

@simar7
Copy link
Member Author

simar7 commented Jul 8, 2023

I see. Should those rules be deprecated as well? (And their documentation removed)

@nikpivkin
Copy link
Contributor

@simar7 we just need to fix the links

@nikpivkin nikpivkin mentioned this issue Jul 10, 2023
Merged
@simar7
Copy link
Member Author

simar7 commented Jul 10, 2023

Closed with aquasecurity/defsec#1381

@simar7 simar7 closed this as completed Jul 10, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@simar7 simar7

@nikpivkin nikpivkin

Labels
kind/bug Categorizes issue or PR as related to a bug. scan/misconfiguration Issues relating to misconfiguration scanning
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@simar7 @nikpivkin