for configmap kubesec is not working

Question

for configmap kubesec is not working

jainpratik163 opened this issue 2 years ago · 5 comments

Describe the bug
i am running kubesec for helm chart and in that chart we have configmap and for this kubesec is not working
and getting below message

{
"object": "ConfigMap/rt-generic-element-couchbase-configmap.default",
"valid": true,
"fileName": "STDIN",
"message": "This resource kind is not supported by kubesec",
"score": 0,
"scoring": {}
},

Expected behaviour
kubesec should work

06kellyjac commented 2 years ago

#287

Answer 1 · 2022-09-07T11:26:54.000Z

does configmap is supportable or not?

Answer 2 · 2022-09-07T12:09:46.000Z

kubesec does not review configmaps for security since there isn't really anything to do there, you can just filter it out of the results or not feed it to kubesec in the first place

Answer 3 · 2022-09-07T13:49:33.000Z

our helm chart contains all so is there any way we can provide filters in this command helm template <helmchartname>.tgz | kubesec scan -

Answer 4 · 2022-09-07T15:56:08.000Z

easiest would be to filter the output of kubesec with jq or process with opa/conftest

but if you want to do the filter ahead you can do:

helm template XYZ | yq 'select(.kind == "Deployment" or .kind == "DaemonSet" or .kind == "Pod")' -y | kubesec scan -

change the kind's as you'd like

that filters relevant resources using yq (-y converts it back to yaml)

https://kislyuk.github.io/yq/