Twistlock Defenders: Kyverno Policy exception for run as non-root

Package Merge Request

Changes

• Kyverno exceptions added for Twistlock defenders (run as user/group) - see justification

Package MR

https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/twistlock/-/merge_requests/56

For Issue

Closes https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/twistlock/-/issues/28

changed milestone to %1.34.0

added twistlock label

assigned to @micah.nagel

added 1 commit

• 8c602b41 - kyverno/gatekeeper cypress test policy exceptions

Compare with previous version

added 1 commit

• aec23406 - Add console exception

Compare with previous version

changed the description

added 1 commit

• 70470cfe - Update justification wording

Compare with previous version

added 1 commit

• 8bba452f - fix regex match

Compare with previous version

marked this merge request as ready

changed title from Update Twistlock: Kyverno Policy changes for run as non-root to Twistlock: Kyverno Policy exceptions for run as non-root

changed the description

added statusreview label

Might warrant further discussion: https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/twistlock/-/issues/28#note_630402

changed the description

added 1 commit

• 41c945bb - remove console exception

Compare with previous version

resolved all threads

Given the cross team coordination required for further progress/evaluation of the console...plan forward is:

• Merge this assuming the defender exception/justification looks good
• Tackle the console fix or exception in https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/twistlock/-/issues/37 - will need to work with Cyber to review stuff

changed title from Twistlock: Kyverno Policy exceptions for run as non-root to Twistlock Defenders: Kyverno Policy exception for run as non-root

LGTM

approved this merge request