ARMO rego library

ARMO rego library for detecting miss-configurations in Kubernetes manifests

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Impact
Using Cloud credentials	Exec into container	Backdoor container	Privileged container	Clear container logs	List k8s secrets	Access the K8S API server	Access cloud resources	Image from private registery	Data Destruction
Compromised Image in registery	bash/cmd inside container	Writable hostPath mount	Cluster-admin binding	Delete K8S events	Mount service principal	Access Kubelet API	Container service account		Resources Hijacking
kubeconfig file	New container	kubernetes CronJob	hostPath mount	Pod/Container name similarity	Access container service account	Network mapping	Cluster internal networking		Denial of service
Application vulnerability	Application Exploit (RCE)	Malicious admission controller	Access cloud resources	Connect from Proxy server	Application credentials in configuration files	Access kubernetes dashboard	Application credentials in configuration
Exposed Dashboard	SSH server running insider container				Access managed identity credentials	instance Metadata API	Writable volume mounts on the host
Exposed sensitive interface	Sidecar injection				Malicious admission controller		Access kubernetes dashboard
							access tiller endpoint
							CoreDNS poisoning
							ARP and IP spoofing

zou-weidong/regolibrary