From 02f1550261dbcc968620c13d154aeb797c4d1fa3 Mon Sep 17 00:00:00 2001
From: Philip Gough <philip.p.gough@gmail.com>
Date: Wed, 19 Jan 2022 15:04:31 +0000
Subject: [PATCH] ci: Add exceptions for node-exporter to kubescape config

---
 kubescape-exceptions.json | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 kubescape-exceptions.json

diff --git a/kubescape-exceptions.json b/kubescape-exceptions.json
new file mode 100644
index 00000000..11ae8186
--- /dev/null
+++ b/kubescape-exceptions.json
@@ -0,0 +1,29 @@
+[
+  {
+    "name": "exclude-node-exporter-host-access-checks",
+    "policyType": "postureExceptionPolicy",
+    "actions": [
+      "alertOnly"
+    ],
+    "resources": [
+      {
+        "designatorType": "Attributes",
+        "attributes": {
+          "kind": "DaemonSet",
+          "name": "node-exporter"
+        }
+      }
+    ],
+    "posturePolicies": [
+      {
+        "controlName": "Container hostPort"
+      },
+      {
+        "controlName": "Host PID/IPC privileges"
+      },
+      {
+        "controlName": "HostNetwork access"
+      }
+    ]
+  }
+]
\ No newline at end of file
-- 
GitLab