@monokle/validation
Advanced tools
@monokle/validation - npm Package Compare versions
Comparing version
@@ -26,3 +26,3 @@ import { ZodType } from 'zod'; | ||
| rules?: RuleMap; | ||
| settings?: any; | ||
| settings?: Record<string, any>; | ||
| }; | ||
@@ -29,0 +29,0 @@ export declare const configSchema: ZodType<Config>; |
@@ -7,2 +7,3 @@ import * as z from 'zod'; | ||
| rules: z.record(z.boolean().or(z.enum(['warn', 'err']))).optional(), | ||
| settings: z.record(z.any()).optional(), | ||
| }); | ||
@@ -9,0 +10,0 @@ /** |
@@ -26,4 +26,4 @@ // @ts-ignore | ||
| name: 'open-policy-agent', | ||
| displayName: 'Open Policy Agent', | ||
| description: 'Open Policy Agent Policy-based control. Flexible, fine-grained control for administrators across the stack.', | ||
| displayName: 'Security Policies (OPA)', | ||
| description: 'Security policies using Open Policy Agent (OPA). Flexible, fine-grained control for administrators across the stack.', | ||
| icon: 'open-policy-agent', | ||
@@ -30,0 +30,0 @@ learnMoreUrl: 'https://github.com/open-policy-agent/opa', |
@@ -7,3 +7,3 @@ import { NSA_RELATIONS, PSS_RELATIONS } from '../../../taxonomies/index.js'; | ||
| id: 106, | ||
| description: 'Restrict host ports', | ||
| description: 'Restrict host ports.', | ||
| fullDescription: `HostPorts should be disallowed entirely (recommended) or restricted to a known list.`, | ||
@@ -10,0 +10,0 @@ help: 'Do not use volumes.hostPort.', |
@@ -8,3 +8,3 @@ import { PSS_RELATIONS } from '../../../taxonomies/index.js'; | ||
| id: 108, | ||
| description: 'Restrict usage of SELinux .', | ||
| description: 'Restrict usage of SELinux.', | ||
| fullDescription: `Setting the SELinux type is restricted, and setting a custom SELinux user or role option is forbidden. Allowed SELinux types are ${ALLOWED_STRING}`, | ||
@@ -11,0 +11,0 @@ help: 'Use an allowed SELinux type and do not customize the user.', |
@@ -14,3 +14,3 @@ import { PSS_RELATIONS } from '../../../taxonomies/index.js'; | ||
| id: 111, | ||
| description: 'Restrict sysctls to a safe subset', | ||
| description: 'Restrict sysctls to a safe subset.', | ||
| fullDescription: `Sysctls can disable security mechanisms or affect all containers on a host, and should be disallowed except for an allowed "safe" subset. A sysctl is considered safe if it is namespaced in the container or the Pod, and it is isolated from other Pods or processes on the same Node. Allowed values are ${ALLOWED_STRING}.`, | ||
@@ -17,0 +17,0 @@ help: 'Set `securityContext.sysctls` to one of the allowed values.', |
@@ -17,3 +17,3 @@ import { defineRule } from '../../custom/config.js'; | ||
| id: 201, | ||
| description: 'Restrict use of volume types', | ||
| description: 'Restrict use of volume types.', | ||
| fullDescription: `The restricted policy only permits the following volume types. The allowed values are ${ALLOWED_STRING}`, | ||
@@ -20,0 +20,0 @@ help: "Set 'spec.volumes[*]' to an allowed volume type.", |
@@ -6,3 +6,3 @@ import { CIS_RELATIONS, NSA_RELATIONS, PSS_RELATIONS } from '../../../taxonomies/index.js'; | ||
| id: 202, | ||
| description: 'Disallow the process from elevating its privileges', | ||
| description: 'Disallow the process from elevating its privileges.', | ||
| fullDescription: 'Privilege escalation (such as via set-user-ID or set-group-ID file mode) should not be allowed. A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.', | ||
@@ -9,0 +9,0 @@ help: "Set 'securityContext.allowPrivilegeEscalation' to 'false'.", |
@@ -7,3 +7,3 @@ import { NSA_RELATIONS } from '../../../taxonomies/nsa.js'; | ||
| id: 203, | ||
| description: 'Requires the container to runs as non root user', | ||
| description: 'Requires the container to runs as non root user.', | ||
| fullDescription: 'Containers must be required to run as non-root users. It forces the running image to run as a non-root user to ensure least privileges.', | ||
@@ -10,0 +10,0 @@ help: "Set 'securityContext.runAsNonRoot' to true.", |
@@ -7,3 +7,3 @@ import { NSA_RELATIONS } from '../../../taxonomies/nsa.js'; | ||
| id: 204, | ||
| description: 'Restrict running with a root user ID', | ||
| description: 'Restrict running with a root user ID.', | ||
| fullDescription: 'Containers must not set runAsUser to 0. It prevents the running image to run as a root user to ensure least privileges.', | ||
@@ -10,0 +10,0 @@ help: "Set 'securityContext.runAsUser' to non-zero value or leave it undefined.", |
| { | ||
| "name": "@monokle/validation", | ||
| "version": "0.23.7", | ||
| "version": "0.23.8", | ||
| "description": "Kubernetes resource validation", | ||
@@ -5,0 +5,0 @@ "author": "Kubeshop", |
@@ -27,7 +27,13 @@ <p align="center"> | ||
| - YAML Syntax validates that your manifests have correct YAML syntax. | ||
| - Kubernetes Schema validates that your resources and CRDs are well-defined in the schema for their resource kind. | ||
| - Resource links validates that reference to other Kubernetes resources are valid. | ||
| - Open Policy agent validates security policies to reduce your attack surface. | ||
| The validation engine comes with a number of core plugins to provide you with comprehensive | ||
| validation possibilities for K8s configurations out of the box: | ||
| - **Pod Security Standards** validation for secure deployments | ||
| - **Kubernetes Schema** validation to ensure your resource are compliant with their schemas and a target K8s version | ||
| - **Resource links** validates that reference to other Kubernetes resources are valid. | ||
| - **Metadata** validation for standard and custom labels/annotations | ||
| - **Common practices** validation for basic configuration sanity | ||
| - **Security policies** based on OPA (Open Policy Agent) to reduce your attack surface. | ||
| - **YAML Syntax** validates that your manifests have correct YAML syntax. | ||
| Learn more about each Core Plugin in the [Core Plugins Documentation](docs/core-plugins.md) | ||
@@ -34,0 +40,0 @@ |
Improved metrics
- Total package byte prevSize
492510
0.09%- Lines of code
12201
0.01%- Number of lines in readme file
282
2.17%