UNCLASSIFIED - NO CUI

Snippets Groups Projects

Currently supported Big Bang Version is 2.49

Attention Iron Bank Customers: On March 27, 2025, we are moving SBOM artifacts from the Anchore Scan job to the Build job to streamline the container hardening pipeline. If you currently download SBOMs from the Anchore Scan job, you can still get them from the Build job and from other sources, including IBFE and image attestations.

Merged Dustin Hilgaertner requested to merge dustin-fix-kyverno-exemption-and-mutation-for-automount-service-token into main 1 year ago

General MR

Summary

This MR accomplishes two things:

Fixes a bug where setting serviceAccounts to be mutated and hardened as it pertains to automountServiceAccountToken settings, inadvertently exempted underlying pods from being scrutinized by this policy.
Adds a new mutator that can be used to harden automountServiceAccountToken (set to false) on Pods; to be used in situations where upstream sets the pods to be explicitly TRUE in this regard unnecessarily.

Relates to https://repo1.dso.mil/big-bang/bigbang/-/issues/1835

Edited 1 year ago by Dustin Hilgaertner

Activity

Dustin Hilgaertner added statusreview label 1 year ago

added statusreview label
Dustin Hilgaertner mentioned in merge request big-bang/bigbang!3487 (merged) 1 year ago

mentioned in merge request big-bang/bigbang!3487 (merged)
Dustin Hilgaertner added 1 commit 1 year ago
added 1 commit

3422c9b2 - readme/changelog/version

Compare with previous version
Dustin Hilgaertner removed statusreview label 1 year ago

removed statusreview label
Dustin Hilgaertner added statusdoing label 1 year ago

added statusdoing label
Dustin Hilgaertner assigned to @dhilgaertner2 1 year ago

assigned to @dhilgaertner2
Dustin Hilgaertner added kyverno kyvernoPolicies labels 1 year ago

added kyverno kyvernoPolicies labels
Dustin Hilgaertner removed kyverno label 1 year ago

removed kyverno label
Dustin Hilgaertner removed kyvernoPolicies label 1 year ago

removed kyvernoPolicies label
Dustin Hilgaertner changed the description 1 year ago

changed the description
Dustin Hilgaertner added 1 commit 1 year ago
added 1 commit

dab0e224 - adding test values

Compare with previous version
Dustin Hilgaertner removed statusdoing label 1 year ago

removed statusdoing label
Dustin Hilgaertner added statusreview label 1 year ago

added statusreview label
Dustin Hilgaertner requested review from @enochofori777, @snaq11092, @meganwolf, @bkhamitov, @nnewc, and @massey.robert 1 year ago

requested review from @enochofori777, @snaq11092, @meganwolf, @bkhamitov, @nnewc, and @massey.robert
Dustin Hilgaertner marked this merge request as ready 1 year ago

marked this merge request as ready
Dustin Hilgaertner added kindenhancement label 1 year ago

added kindenhancement label
Dustin Hilgaertner added kindbug label and removed kindenhancement label 1 year ago

added kindbug label and removed kindenhancement label
Dustin Hilgaertner marked this merge request as draft 1 year ago

marked this merge request as draft
Dustin Hilgaertner added statusdoing label and removed statusreview label 1 year ago

added statusdoing label and removed statusreview label
Dustin Hilgaertner @dhilgaertner2 · 1 year ago

Author Contributor

Pulling this out of review because I found another bug that needs to be addressed.
Dustin Hilgaertner added 1 commit 1 year ago
added 1 commit

3ea055f3 - conditionals to avoid null errors

Compare with previous version
Dustin Hilgaertner marked this merge request as ready 1 year ago

marked this merge request as ready
Dustin Hilgaertner added statusreview label and removed statusdoing label 1 year ago

added statusreview label and removed statusdoing label
Dustin Hilgaertner @dhilgaertner2 · 1 year ago

Author Contributor

Ok this is ready for review

Edited 1 year ago by Dustin Hilgaertner
Dustin Hilgaertner mentioned in merge request big-bang/bigbang!3600 (merged) 1 year ago

mentioned in merge request big-bang/bigbang!3600 (merged)
Bulat Khamitov approved this merge request 1 year ago

approved this merge request
Bulat Khamitov merged 1 year ago

merged
Bulat Khamitov mentioned in commit b4aa9228 1 year ago

mentioned in commit b4aa9228
Dustin Hilgaertner mentioned in merge request big-bang/bigbang!3633 (merged) 1 year ago

mentioned in merge request big-bang/bigbang!3633 (merged)

Please register or sign in to reply

UNCLASSIFIED - NO CUI