eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions
blumeops/docs/changelog.d
History
Exact
Erich Blume 0b68d48eba Add Prowler mutelist and fix kube-state-metrics seccomp 
Add mutelist files to suppress expected/accepted Prowler findings:
- apiserver: minikube control plane flags (12 checks)
- control-plane: scheduler, controller-manager, kubelet (3 checks)
- core-pod-security: system pods, operator-managed, expected ops (7 checks)
- rbac: built-in K8s roles, ArgoCD, CNPG (3 checks)

Mutelist files are stored individually in mutelist/ for maintainability
and merged at runtime via an initContainer before the scan runs.
Muted findings appear as status=MUTED in reports (not hidden).

Also adds missing seccomp RuntimeDefault profile to kube-state-metrics.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-30 17:00:24 -07:00
..
+ansible-doc-review.doc.md Review Ansible reference doc: add missing roles, clarify IaC positioning 2026-03-30 16:10:24 -07:00
+borgmatic-photos-hardening.infra.md Harden borgmatic photos backup: restrict dirs, add keepalives + checkpoints 2026-03-30 10:30:28 -07:00
+forgejo-runner-12.7.3.infra.md Upgrade forgejo-runner 12.7.0 → 12.7.3, add service card 2026-03-30 16:31:06 -07:00
+kingfisher-docs.doc.md Document Kingfisher secret scanner service 2026-03-28 21:47:37 -07:00
+kingfisher-prek.feature.md Add Kingfisher secret scanner to prek hooks 2026-03-28 21:07:07 -07:00
+spork-strategy.feature.md Add spork strategy: tooling and documentation 2026-03-28 22:58:10 -07:00
.gitkeep Add towncrier changelog system (#86) 2026-02-03 11:48:13 -08:00
feature-kingfisher-container.feature.md Build custom Kingfisher container from sporked deploy branch (#318) 2026-03-30 06:34:49 -07:00
feature-kingfisher-cronjob.feature.md Add Kingfisher secret scanner CronJob (#317) 2026-03-28 21:39:55 -07:00
prowler-mutelist.infra.md Add Prowler mutelist and fix kube-state-metrics seccomp 2026-03-30 17:00:24 -07:00