kube-prometheus/security.md at dad37c968d475a4d28c7378afe83b76d83c46c1a

mirror of https://github.com/prometheus-operator/kube-prometheus.git synced 2025-09-01 03:41:39 +02:00

Philip Gough b924650344 docs: Add details about security scanning of manifests and exceptions

2022-01-24 10:58:08 +00:00

779 B

Raw Blame History

Security

The manifests generated in this repository are subject to a security audit in CI via kubescape. The scan can be run locally via make kubescape.

While we aim for best practices in terms of security by default, due to the nature of the project, we are required to make the exceptions in the following components:

node-exporter

Host Port is set. https://hub.armo.cloud/docs/c-0044 is not relevant since node-exporter is considered as a core platform component running as a DaemonSet.
Host PID is set to true, since node-exporter requires direct access to the host namespace to gather statistics.
Host Network is set to true, since node-exporter requires direct access to the host network to gather statistics.

779 B Raw Blame History

Security

node-exporter

779 B

Raw Blame History