kics.config

exclude-queries:
  - e84eaf4d-2f45-47b2-abe8-e581b06deb66 # Ensure Administrative Boundaries Between Resources
  - b03a748a-542d-44f4-bb86-9199ab4fd2d5 # Healthcheck Instruction Missing
  - 8b36775e-183d-4d46-b0f7-96a6f34a723f # Missing AppArmor Profile
  - 48a5beba-e4c0-4584-a2aa-e6894e4cf424 # Pod or Container Without ResourceQuota
  - 4a20ebac-1060-4c81-95d1-1f7f620e983b # Pod or Container Without LimitRange
  # The following queries are related to helm values that are configurable and shouldn't be too opinionated
  # beyond what is required by the Secrets Store CSI Provider spec
  - f377b83e-bd07-4f48-a591-60c82b14a78b # Seccomp Profile Is Not Configured
  - 268ca686-7fb7-4ae9-b129-955a2a89064e # No Drop Capabilities for Containers
  # The following queries are related to privileges which are required for the Secrets Store CSI Provider functionality
  - 02323c00-cdc3-4fdc-a310-4f2b3e7a1660 # Container Running With Low UID
  - cf34805e-3872-4c08-bf92-6ff7bb0cfadb # Container Running As Root
  - 48471392-d4d0-47c0-b135-cdec95eb3eef # Service Account Token Automount Not Disabled
  - b7652612-de4e-4466-a0bf-1cd81f0c6063 # Volume Mount With OS Directory Write Permissions
  - 5308a7a8-06f8-45ac-bf10-791fe21de46e # Workload Mounting With Sensitive OS Directory
  - aa8f7a35-9923-4cad-bd61-a19b7f6aac91 # Non Kube System Pod With Host Mount
  - dbbc6705-d541-43b0-b166-dd4be8208b54 # NET_RAW Capabilities Not Being Dropped
  - a9c2f49d-0671-4fc9-9ece-f4e261e128d0 # Root Container Not Mounted Read-only
  # The following queries relate to unpinned versions, which we've decided to allow
  - 9efb0b2d-89c9-41a3-91ca-dcc0aec911fd # Image Version Not Explicit
  - 583053b7-e632-46f0-b989-f81ff8045385 # Invalid Image Tag
  - 7c81d34c-8e5a-402b-9798-9f442630e678 # Image Without Digest