Merge pull request #540 from kubescape/smartremediation

marking smartremediation controls
kubescape · Nov 20, 2023 · 02b7f6b · 02b7f6b
2 parents c228cff + 69ced2b
commit 02b7f6b
Show file tree

Hide file tree

Showing 10 changed files with 19 additions and 11 deletions.
diff --git a/controls/C-0016-allowprivilegeescalation.json b/controls/C-0016-allowprivilegeescalation.json
@@ -4,7 +4,8 @@
         "armoBuiltin": true,
         "controlTypeTags": [
             "security",
-            "compliance"
+            "compliance",
+            "smartRemediation"
         ]
     },
     "description": "Attackers may gain access to a container and uplift its privilege to enable excessive capabilities.",

diff --git a/controls/C-0017-immutablecontainerfilesystem.json b/controls/C-0017-immutablecontainerfilesystem.json
@@ -4,7 +4,8 @@
         "armoBuiltin": true,
         "controlTypeTags": [
             "security",
-            "compliance"
+            "compliance",
+            "smartRemediation"
         ],
         "attackTracks": [
             {

diff --git a/controls/C-0034-automaticmappingofserviceaccount.json b/controls/C-0034-automaticmappingofserviceaccount.json
@@ -4,7 +4,8 @@
         "armoBuiltin": true,
         "controlTypeTags": [
             "security",
-            "compliance"
+            "compliance",
+            "smartRemediation"
         ]
     },
     "description": "Potential attacker may gain access to a pod and steal its service account token. Therefore, it is recommended to disable automatic mapping of the service account tokens in service account configuration and enable it only for pods that need to use them.",

diff --git a/controls/C-0045-writablehostpathmount.json b/controls/C-0045-writablehostpathmount.json
@@ -10,7 +10,8 @@
             "security",
             "compliance",
             "devops",
-            "security-impact"
+            "security-impact",
+            "smartRemediation"
         ],
         "attackTracks": [
             {

diff --git a/controls/C-0046-insecurecapabilities.json b/controls/C-0046-insecurecapabilities.json
@@ -5,7 +5,8 @@
         "armoBuiltin": true,
         "controlTypeTags": [
             "security",
-            "compliance"
+            "compliance",
+            "smartRemediation"
         ],
         "attackTracks": [
             {

diff --git a/controls/C-0048-hostpathmount.json b/controls/C-0048-hostpathmount.json
@@ -7,7 +7,8 @@
         ],
         "controlTypeTags": [
             "security",
-            "compliance"
+            "compliance",
+            "smartRemediation"
         ],
         "attackTracks": [
             {

diff --git a/controls/C-0057-privilegedcontainer.json b/controls/C-0057-privilegedcontainer.json
@@ -6,7 +6,8 @@
             "Privilege escalation"
         ],
         "controlTypeTags": [
-            "security"
+            "security",
+            "smartRemediation"
         ]
     },
     "description": "Potential attackers may gain access to privileged containers and inherit access to the host resources. Therefore, it is not recommended to deploy privileged containers unless it is absolutely necessary. This control identifies all the privileged Pods.",

diff --git a/controls/C-0074-containersmountingdockersocket.json b/controls/C-0074-containersmountingdockersocket.json
@@ -3,7 +3,8 @@
     "attributes": {
         "armoBuiltin": true,
         "controlTypeTags": [
-            "devops"
+            "devops",
+            "smartRemediation"
         ]
     },
     "description": "Mounting Container runtime socket (Unix socket) enables container to access Container runtime, retrieve sensitive information and execute commands, if Container runtime is available. This control identifies pods that attempt to mount Container runtime socket for accessing Container runtime.",

diff --git a/go.mod b/go.mod
@@ -3,7 +3,7 @@ module github.com/kubescape/regolibrary
 go 1.19
 
 require (
-	github.com/armosec/armoapi-go v0.0.211
+	github.com/armosec/armoapi-go v0.0.256
 	github.com/go-gota/gota v0.12.0
 	github.com/kubescape/opa-utils v0.0.263
 	github.com/stretchr/testify v1.8.4

diff --git a/go.sum b/go.sum
@@ -74,8 +74,8 @@ github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYU
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig+0+Ap1h4unLjW6YQJpKZVmUzxsD4E/Q=
 github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE=
-github.com/armosec/armoapi-go v0.0.211 h1:OS4D56sfoaU7T6FOCyrufE2Ttdzv9tP7MZkFxh82ll0=
-github.com/armosec/armoapi-go v0.0.211/go.mod h1:4AEdwBrbS1YCAn/lZzV+cOOR9BPa0MTHYHiJDlR1uRQ=
+github.com/armosec/armoapi-go v0.0.256 h1:eV8WWQ1r+2D0KHhLA6ux6lx67+uqkYe/uVHrOUFqz5c=
+github.com/armosec/armoapi-go v0.0.256/go.mod h1:CJT5iH5VF30zjdQYXaQhsAm8IEHtM1T87HcFVXeLX54=
 github.com/armosec/gojay v1.2.15 h1:sSB2vnAvacUNkw9nzUYZKcPzhJOyk6/5LK2JCNdmoZY=
 github.com/armosec/gojay v1.2.15/go.mod h1:vzVAaay2TWJAngOpxu8aqLbye9jMgoKleuAOK+xsOts=
 github.com/armosec/utils-go v0.0.20 h1:bvr+TMumEYdMsGFGSsaQysST7K02nNROFvuajNuKPlw=