blumeops

History

Erich Blume 0b68d48eba Add Prowler mutelist and fix kube-state-metrics seccomp Add mutelist files to suppress expected/accepted Prowler findings: - apiserver: minikube control plane flags (12 checks) - control-plane: scheduler, controller-manager, kubelet (3 checks) - core-pod-security: system pods, operator-managed, expected ops (7 checks) - rbac: built-in K8s roles, ArgoCD, CNPG (3 checks) Mutelist files are stored individually in mutelist/ for maintainability and merged at runtime via an initContainer before the scan runs. Muted findings appear as status=MUTED in reports (not hidden). Also adds missing seccomp RuntimeDefault profile to kube-state-metrics. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-30 17:00:24 -07:00
..
apps	Build custom Kingfisher container from sporked deploy branch (#318 )	2026-03-30 06:34:49 -07:00
manifests	Add Prowler mutelist and fix kube-state-metrics seccomp	2026-03-30 17:00:24 -07:00

Erich Blume 0b68d48eba Add Prowler mutelist and fix kube-state-metrics seccomp

Add mutelist files to suppress expected/accepted Prowler findings:
- apiserver: minikube control plane flags (12 checks)
- control-plane: scheduler, controller-manager, kubelet (3 checks)
- core-pod-security: system pods, operator-managed, expected ops (7 checks)
- rbac: built-in K8s roles, ArgoCD, CNPG (3 checks)

Mutelist files are stored individually in mutelist/ for maintainability
and merged at runtime via an initContainer before the scan runs.
Muted findings appear as status=MUTED in reports (not hidden).

Also adds missing seccomp RuntimeDefault profile to kube-state-metrics.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-30 17:00:24 -07:00

apps

Build custom Kingfisher container from sporked deploy branch (#318 )

2026-03-30 06:34:49 -07:00

manifests

Add Prowler mutelist and fix kube-state-metrics seccomp

2026-03-30 17:00:24 -07:00