From 586fc87b81f71bdf64248861efa015f42e418453 Mon Sep 17 00:00:00 2001
From: Philip Gough <philip.p.gough@gmail.com>
Date: Wed, 19 Jan 2022 15:06:45 +0000
Subject: [PATCH] make: Lower the threshold for the security scan to account
 for documented exceptions

---
 Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Makefile b/Makefile
index d3282939..f5310b3c 100644
--- a/Makefile
+++ b/Makefile
@@ -65,8 +65,8 @@ kubeconform: crdschemas manifests $(KUBECONFORM_BIN)
 	$(KUBECONFORM_BIN) -kubernetes-version $(KUBE_VERSION) -schema-location 'default' -schema-location 'crdschemas/{{ .ResourceKind }}.json' -skip CustomResourceDefinition manifests/
 
 .PHONY: kubescape
-kubescape: $(KUBESCAPE_BIN) ## Runs a security analysis on generated manifests - failing if risk score is above 40%
-	$(KUBESCAPE_BIN) scan -s framework -t 30 nsa manifests/*.yaml
+kubescape: $(KUBESCAPE_BIN) ## Runs a security analysis on generated manifests - failing if risk score is above threshold percentage 't'
+	$(KUBESCAPE_BIN) scan -s framework -t 25 nsa manifests/*.yaml --exceptions 'kubescape-exceptions.json'
 
 .PHONY: fmt
 fmt: $(JSONNETFMT_BIN)
-- 
GitLab