Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

whorf v2 #6

Merged
merged 16 commits into from
Jan 4, 2023
Merged

whorf v2 #6

merged 16 commits into from
Jan 4, 2023

Conversation

gruebel
Copy link
Contributor

@gruebel gruebel commented Dec 31, 2022
edited
Loading

  • refactored most of the code
  • updated all dependencies
  • added unit tests and a unit-tests job to GHA
  • added docs for local development, with and without a Kubernetes cluster
  • changed k8s.properties to whorf.yaml for easier configuration (you can still use the k8s.properties config if needed)
  • extended list of ignore-namespaces
  • added a scheduler, which can be configured and scans/sends the results to the platform
  • added a local mode to the setup.sh, explained in the docs
  • added pre-commit + ruff for linting

rotemavni
rotemavni reviewed Jan 1, 2023
View reviewed changes
Copy link

@rotemavni rotemavni left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very cool! so much fresh new code, love it

Pipfile Outdated Show resolved Hide resolved
app/models.py Outdated Show resolved Hide resolved
app/validate.py Outdated Show resolved Hide resolved
nimrodkor
nimrodkor reviewed Jan 3, 2023
View reviewed changes
app/models.py Outdated Show resolved Hide resolved
nimrodkor
nimrodkor reviewed Jan 3, 2023
View reviewed changes
app/utils.py Outdated Show resolved Hide resolved
nimrodkor
nimrodkor reviewed Jan 3, 2023
View reviewed changes
app/utils.py Outdated Show resolved Hide resolved
nimrodkor
nimrodkor reviewed Jan 3, 2023
View reviewed changes
app/validate.py
message.extend(sca_message)

webhook.logger.error(f"Object {obj_kind_name} failed security checks. Request rejected!")
return admission_response(allowed=False, uid=uid, message="\n".join(message))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@gruebel If soft-fail is configured, shouldn't the allowed be True?

Copy link
Contributor Author

@gruebel gruebel Jan 3, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the hard and soft fail should be handled more like in checkov leveraging the exit code threshold mechanic. I just used what @eurogig initially implemented. Any thoughts on it @eurogig ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

separate issue created #8

@gruebel gruebel merged commit d00e92f into main Jan 4, 2023
@gruebel gruebel deleted the refactor branch January 4, 2023 21:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nimrodkor nimrodkor nimrodkor left review comments

@rotemavni rotemavni rotemavni approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@gruebel @nimrodkor @rotemavni