├── .github ├── actions │ ├── build │ │ └── action.yml │ ├── context │ │ └── action.yaml │ ├── grype │ │ └── action.yaml │ ├── k3s-cluster │ │ └── action.yaml │ ├── k8s-version-config │ │ └── action.yaml │ ├── trivy-config │ │ └── action.yaml │ └── trivy-image │ │ └── action.yaml ├── dependabot.yml └── workflows │ ├── .reusable-build.yml │ ├── .reusable-ci.yml │ ├── .reusable-cleanup-registry.yml │ ├── .reusable-compliance.yml │ ├── .reusable-docs.yml │ ├── .reusable-integration-test.yml │ ├── .reusable-sast.yml │ ├── .reusable-sca.yml │ ├── .reusable-unit-test.yml │ ├── nightly-build.yml │ ├── nightly.yaml │ ├── pr.yml │ ├── pr2main.yml │ ├── push.yml │ ├── semgrep.yml │ └── tag.yml ├── .gitignore ├── .kube-linter └── config.yaml ├── .python-version ├── LICENSE.md ├── Makefile ├── README.md ├── charts └── semgr8s │ ├── Chart.yaml │ ├── rules │ └── test-semgr8s-forbidden-label.yaml │ ├── templates │ ├── _helpers.tpl │ ├── deployment.yaml │ ├── env.yaml │ ├── role.yaml │ ├── rolebinding.yaml │ ├── rules.yaml │ ├── service.yaml │ ├── serviceaccount.yaml │ └── webhook.yaml │ └── values.yaml ├── docs ├── README.md ├── SECURITY.md ├── assets │ ├── semgr8s-architecture-dark.png │ ├── semgr8s-architecture.excalidraw │ ├── semgr8s-architecture.png │ ├── semgr8s-demo.gif │ ├── semgr8s-design-dark.png │ ├── semgr8s-design.excalidraw │ ├── semgr8s-design.png │ ├── semgr8s-logo-full-dark.png │ ├── semgr8s-logo-full-dark.svg │ ├── semgr8s-logo-full-light.png │ ├── semgr8s-logo-full-light.svg │ ├── semgr8s-logo-single.png │ ├── semgr8s-logo-single.svg │ ├── semgr8s-logo-vertical-light.png │ ├── semgr8s-logo-vertical-light.svg │ ├── semgr8s-logo.png │ ├── semgr8s-logo.svg │ ├── semgrep-logo-dark.svg │ ├── semgrep-logo-light.svg │ ├── sse-logo-dark.svg │ └── sse-logo-light.svg ├── concept.md ├── examples │ ├── deny-default-namespace.md │ ├── forbidden-namespaced-label.md │ ├── forbidden-pod-label.md │ ├── forbidden-workload-label.md │ ├── restrict-image-registry.md │ ├── template-autofix-rule.md │ └── template-rule.md ├── javascripts │ └── tablesort.js ├── overrides │ └── main.html └── usage.md ├── mkdocs.yml ├── poetry.lock ├── pyproject.toml ├── rules ├── deny-default-namespace.yaml ├── forbidden-namespaced-label.yaml ├── forbidden-pod-label.yaml ├── forbidden-workload-label.yaml ├── restrict-image-registry.yaml ├── template-autofix-rule.yaml ├── template-rule.yaml └── tests │ ├── deny-default-namespace.test.yaml │ ├── forbidden-namespaced-label.test.fixed.yaml │ ├── forbidden-namespaced-label.test.yaml │ ├── forbidden-pod-label.test.fixed.yaml │ ├── forbidden-pod-label.test.yaml │ ├── forbidden-workload-label.test.fixed.yaml │ ├── forbidden-workload-label.test.yaml │ ├── restrict-image-registry.test.yaml │ ├── template-autofix-rule.test.fixed.yaml │ ├── template-autofix-rule.test.yaml │ └── template-rule.test.yaml ├── semgr8s ├── __init__.py ├── __main__.py ├── app.py ├── files.py ├── k8s_api.py └── updater.py └── tests ├── README.md ├── __init__.py ├── conftest.py ├── data ├── sample_admission_requests │ ├── admission_request_deployments.json │ ├── admission_request_deployments_forbiddenlabel.json │ ├── admission_request_empty.json │ ├── admission_request_no_request.json │ ├── admission_request_no_request_uid.json │ ├── admission_request_pods.json │ └── admission_request_pods_forbiddenlabel.json ├── sample_k8s_resources │ ├── configmaps.json │ ├── configmaps_broken_nodata.json │ ├── configmaps_broken_nojson.json │ ├── configmaps_multiplerulesinmap.json │ ├── configmaps_semgr8ns.json │ ├── deployments.json │ ├── pods.json │ └── replicasets.json └── scanfile_nosc_pod.yaml ├── demo ├── 00_test-namespace.yaml ├── 20_passing-deployment.yaml └── 40_failing-deployment.yaml ├── integration ├── README.md ├── data │ ├── 00_test_namespaces.yaml │ ├── 01_semgr8ns_namespace.yaml │ ├── 20_compliant_pod.yaml │ ├── 30_testlabel_pod.yaml │ ├── 40_testlabel_pod.yaml │ ├── 41_nosc_pod.yaml │ ├── 42_privileged_pod.yaml │ ├── 43_hostnetwork_pod.yaml │ ├── 44_multifail_pod.yaml │ └── 45_other_testlabel_pod.yaml ├── main.sh ├── rules │ └── test-semgr8s-no-foobar-label.yaml ├── scripts │ ├── audit.sh │ ├── autofix.sh │ ├── basic.sh │ ├── common.sh │ ├── remote_rules.sh │ └── semgrep_login.sh └── test_cases │ ├── audit.yaml │ ├── autofix.yaml │ ├── basic.yaml │ ├── remote_rules.yaml │ └── semgrep_login.yaml ├── test_app.py ├── test_k8s_api.py └── test_updater.py /.github/actions/build/action.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/.github/actions/build/action.yml -------------------------------------------------------------------------------- /.github/actions/context/action.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/.github/actions/context/action.yaml -------------------------------------------------------------------------------- /.github/actions/grype/action.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/.github/actions/grype/action.yaml -------------------------------------------------------------------------------- /.github/actions/k3s-cluster/action.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/.github/actions/k3s-cluster/action.yaml -------------------------------------------------------------------------------- /.github/actions/k8s-version-config/action.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/.github/actions/k8s-version-config/action.yaml -------------------------------------------------------------------------------- /.github/actions/trivy-config/action.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/.github/actions/trivy-config/action.yaml -------------------------------------------------------------------------------- /.github/actions/trivy-image/action.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/.github/actions/trivy-image/action.yaml -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/.github/dependabot.yml -------------------------------------------------------------------------------- /.github/workflows/.reusable-build.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/.github/workflows/.reusable-build.yml -------------------------------------------------------------------------------- /.github/workflows/.reusable-ci.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/.github/workflows/.reusable-ci.yml -------------------------------------------------------------------------------- /.github/workflows/.reusable-cleanup-registry.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/.github/workflows/.reusable-cleanup-registry.yml -------------------------------------------------------------------------------- /.github/workflows/.reusable-compliance.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/.github/workflows/.reusable-compliance.yml -------------------------------------------------------------------------------- /.github/workflows/.reusable-docs.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/.github/workflows/.reusable-docs.yml -------------------------------------------------------------------------------- /.github/workflows/.reusable-integration-test.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/.github/workflows/.reusable-integration-test.yml -------------------------------------------------------------------------------- /.github/workflows/.reusable-sast.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/.github/workflows/.reusable-sast.yml -------------------------------------------------------------------------------- /.github/workflows/.reusable-sca.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/.github/workflows/.reusable-sca.yml -------------------------------------------------------------------------------- /.github/workflows/.reusable-unit-test.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/.github/workflows/.reusable-unit-test.yml -------------------------------------------------------------------------------- /.github/workflows/nightly-build.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/.github/workflows/nightly-build.yml -------------------------------------------------------------------------------- /.github/workflows/nightly.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/.github/workflows/nightly.yaml -------------------------------------------------------------------------------- /.github/workflows/pr.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/.github/workflows/pr.yml -------------------------------------------------------------------------------- /.github/workflows/pr2main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/.github/workflows/pr2main.yml -------------------------------------------------------------------------------- /.github/workflows/push.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/.github/workflows/push.yml -------------------------------------------------------------------------------- /.github/workflows/semgrep.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/.github/workflows/semgrep.yml -------------------------------------------------------------------------------- /.github/workflows/tag.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/.github/workflows/tag.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/.gitignore -------------------------------------------------------------------------------- /.kube-linter/config.yaml: -------------------------------------------------------------------------------- 1 | checks: 2 | doNotAutoAddDefaults: false 3 | -------------------------------------------------------------------------------- /.python-version: -------------------------------------------------------------------------------- 1 | 3.12 2 | -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/LICENSE.md -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/Makefile -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/README.md -------------------------------------------------------------------------------- /charts/semgr8s/Chart.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/charts/semgr8s/Chart.yaml -------------------------------------------------------------------------------- /charts/semgr8s/rules/test-semgr8s-forbidden-label.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/charts/semgr8s/rules/test-semgr8s-forbidden-label.yaml -------------------------------------------------------------------------------- /charts/semgr8s/templates/_helpers.tpl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/charts/semgr8s/templates/_helpers.tpl -------------------------------------------------------------------------------- /charts/semgr8s/templates/deployment.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/charts/semgr8s/templates/deployment.yaml -------------------------------------------------------------------------------- /charts/semgr8s/templates/env.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/charts/semgr8s/templates/env.yaml -------------------------------------------------------------------------------- /charts/semgr8s/templates/role.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/charts/semgr8s/templates/role.yaml -------------------------------------------------------------------------------- /charts/semgr8s/templates/rolebinding.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/charts/semgr8s/templates/rolebinding.yaml -------------------------------------------------------------------------------- /charts/semgr8s/templates/rules.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/charts/semgr8s/templates/rules.yaml -------------------------------------------------------------------------------- /charts/semgr8s/templates/service.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/charts/semgr8s/templates/service.yaml -------------------------------------------------------------------------------- /charts/semgr8s/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/charts/semgr8s/templates/serviceaccount.yaml -------------------------------------------------------------------------------- /charts/semgr8s/templates/webhook.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/charts/semgr8s/templates/webhook.yaml -------------------------------------------------------------------------------- /charts/semgr8s/values.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/charts/semgr8s/values.yaml -------------------------------------------------------------------------------- /docs/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/docs/README.md -------------------------------------------------------------------------------- /docs/SECURITY.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/docs/SECURITY.md -------------------------------------------------------------------------------- /docs/assets/semgr8s-architecture-dark.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/docs/assets/semgr8s-architecture-dark.png -------------------------------------------------------------------------------- /docs/assets/semgr8s-architecture.excalidraw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/docs/assets/semgr8s-architecture.excalidraw -------------------------------------------------------------------------------- /docs/assets/semgr8s-architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/docs/assets/semgr8s-architecture.png -------------------------------------------------------------------------------- /docs/assets/semgr8s-demo.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/docs/assets/semgr8s-demo.gif -------------------------------------------------------------------------------- /docs/assets/semgr8s-design-dark.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/docs/assets/semgr8s-design-dark.png -------------------------------------------------------------------------------- /docs/assets/semgr8s-design.excalidraw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/docs/assets/semgr8s-design.excalidraw -------------------------------------------------------------------------------- /docs/assets/semgr8s-design.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/docs/assets/semgr8s-design.png -------------------------------------------------------------------------------- /docs/assets/semgr8s-logo-full-dark.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/docs/assets/semgr8s-logo-full-dark.png -------------------------------------------------------------------------------- /docs/assets/semgr8s-logo-full-dark.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/docs/assets/semgr8s-logo-full-dark.svg -------------------------------------------------------------------------------- /docs/assets/semgr8s-logo-full-light.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/docs/assets/semgr8s-logo-full-light.png -------------------------------------------------------------------------------- /docs/assets/semgr8s-logo-full-light.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/docs/assets/semgr8s-logo-full-light.svg -------------------------------------------------------------------------------- /docs/assets/semgr8s-logo-single.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/docs/assets/semgr8s-logo-single.png -------------------------------------------------------------------------------- /docs/assets/semgr8s-logo-single.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/docs/assets/semgr8s-logo-single.svg -------------------------------------------------------------------------------- /docs/assets/semgr8s-logo-vertical-light.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/docs/assets/semgr8s-logo-vertical-light.png -------------------------------------------------------------------------------- /docs/assets/semgr8s-logo-vertical-light.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/docs/assets/semgr8s-logo-vertical-light.svg -------------------------------------------------------------------------------- /docs/assets/semgr8s-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/docs/assets/semgr8s-logo.png -------------------------------------------------------------------------------- /docs/assets/semgr8s-logo.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/docs/assets/semgr8s-logo.svg -------------------------------------------------------------------------------- /docs/assets/semgrep-logo-dark.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/docs/assets/semgrep-logo-dark.svg -------------------------------------------------------------------------------- /docs/assets/semgrep-logo-light.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/docs/assets/semgrep-logo-light.svg -------------------------------------------------------------------------------- /docs/assets/sse-logo-dark.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/docs/assets/sse-logo-dark.svg -------------------------------------------------------------------------------- /docs/assets/sse-logo-light.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/docs/assets/sse-logo-light.svg -------------------------------------------------------------------------------- /docs/concept.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/docs/concept.md -------------------------------------------------------------------------------- /docs/examples/deny-default-namespace.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/docs/examples/deny-default-namespace.md -------------------------------------------------------------------------------- /docs/examples/forbidden-namespaced-label.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/docs/examples/forbidden-namespaced-label.md -------------------------------------------------------------------------------- /docs/examples/forbidden-pod-label.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/docs/examples/forbidden-pod-label.md -------------------------------------------------------------------------------- /docs/examples/forbidden-workload-label.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/docs/examples/forbidden-workload-label.md -------------------------------------------------------------------------------- /docs/examples/restrict-image-registry.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/docs/examples/restrict-image-registry.md -------------------------------------------------------------------------------- /docs/examples/template-autofix-rule.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/docs/examples/template-autofix-rule.md -------------------------------------------------------------------------------- /docs/examples/template-rule.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/docs/examples/template-rule.md -------------------------------------------------------------------------------- /docs/javascripts/tablesort.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/docs/javascripts/tablesort.js -------------------------------------------------------------------------------- /docs/overrides/main.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/docs/overrides/main.html -------------------------------------------------------------------------------- /docs/usage.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/docs/usage.md -------------------------------------------------------------------------------- /mkdocs.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/mkdocs.yml -------------------------------------------------------------------------------- /poetry.lock: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/poetry.lock -------------------------------------------------------------------------------- /pyproject.toml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/pyproject.toml -------------------------------------------------------------------------------- /rules/deny-default-namespace.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/rules/deny-default-namespace.yaml -------------------------------------------------------------------------------- /rules/forbidden-namespaced-label.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/rules/forbidden-namespaced-label.yaml -------------------------------------------------------------------------------- /rules/forbidden-pod-label.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/rules/forbidden-pod-label.yaml -------------------------------------------------------------------------------- /rules/forbidden-workload-label.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/rules/forbidden-workload-label.yaml -------------------------------------------------------------------------------- /rules/restrict-image-registry.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/rules/restrict-image-registry.yaml -------------------------------------------------------------------------------- /rules/template-autofix-rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/rules/template-autofix-rule.yaml -------------------------------------------------------------------------------- /rules/template-rule.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/rules/template-rule.yaml -------------------------------------------------------------------------------- /rules/tests/deny-default-namespace.test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/rules/tests/deny-default-namespace.test.yaml -------------------------------------------------------------------------------- /rules/tests/forbidden-namespaced-label.test.fixed.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/rules/tests/forbidden-namespaced-label.test.fixed.yaml -------------------------------------------------------------------------------- /rules/tests/forbidden-namespaced-label.test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/rules/tests/forbidden-namespaced-label.test.yaml -------------------------------------------------------------------------------- /rules/tests/forbidden-pod-label.test.fixed.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/rules/tests/forbidden-pod-label.test.fixed.yaml -------------------------------------------------------------------------------- /rules/tests/forbidden-pod-label.test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/rules/tests/forbidden-pod-label.test.yaml -------------------------------------------------------------------------------- /rules/tests/forbidden-workload-label.test.fixed.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/rules/tests/forbidden-workload-label.test.fixed.yaml -------------------------------------------------------------------------------- /rules/tests/forbidden-workload-label.test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/rules/tests/forbidden-workload-label.test.yaml -------------------------------------------------------------------------------- /rules/tests/restrict-image-registry.test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/rules/tests/restrict-image-registry.test.yaml -------------------------------------------------------------------------------- /rules/tests/template-autofix-rule.test.fixed.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/rules/tests/template-autofix-rule.test.fixed.yaml -------------------------------------------------------------------------------- /rules/tests/template-autofix-rule.test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/rules/tests/template-autofix-rule.test.yaml -------------------------------------------------------------------------------- /rules/tests/template-rule.test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/rules/tests/template-rule.test.yaml -------------------------------------------------------------------------------- /semgr8s/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /semgr8s/__main__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/semgr8s/__main__.py -------------------------------------------------------------------------------- /semgr8s/app.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/semgr8s/app.py -------------------------------------------------------------------------------- /semgr8s/files.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/semgr8s/files.py -------------------------------------------------------------------------------- /semgr8s/k8s_api.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/semgr8s/k8s_api.py -------------------------------------------------------------------------------- /semgr8s/updater.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/semgr8s/updater.py -------------------------------------------------------------------------------- /tests/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/tests/README.md -------------------------------------------------------------------------------- /tests/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/conftest.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/tests/conftest.py -------------------------------------------------------------------------------- /tests/data/sample_admission_requests/admission_request_deployments.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/tests/data/sample_admission_requests/admission_request_deployments.json -------------------------------------------------------------------------------- /tests/data/sample_admission_requests/admission_request_deployments_forbiddenlabel.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/tests/data/sample_admission_requests/admission_request_deployments_forbiddenlabel.json -------------------------------------------------------------------------------- /tests/data/sample_admission_requests/admission_request_empty.json: -------------------------------------------------------------------------------- 1 | {} 2 | -------------------------------------------------------------------------------- /tests/data/sample_admission_requests/admission_request_no_request.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/tests/data/sample_admission_requests/admission_request_no_request.json -------------------------------------------------------------------------------- /tests/data/sample_admission_requests/admission_request_no_request_uid.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/tests/data/sample_admission_requests/admission_request_no_request_uid.json -------------------------------------------------------------------------------- /tests/data/sample_admission_requests/admission_request_pods.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/tests/data/sample_admission_requests/admission_request_pods.json -------------------------------------------------------------------------------- /tests/data/sample_admission_requests/admission_request_pods_forbiddenlabel.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/tests/data/sample_admission_requests/admission_request_pods_forbiddenlabel.json -------------------------------------------------------------------------------- /tests/data/sample_k8s_resources/configmaps.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/tests/data/sample_k8s_resources/configmaps.json -------------------------------------------------------------------------------- /tests/data/sample_k8s_resources/configmaps_broken_nodata.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/tests/data/sample_k8s_resources/configmaps_broken_nodata.json -------------------------------------------------------------------------------- /tests/data/sample_k8s_resources/configmaps_broken_nojson.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/tests/data/sample_k8s_resources/configmaps_broken_nojson.json -------------------------------------------------------------------------------- /tests/data/sample_k8s_resources/configmaps_multiplerulesinmap.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/tests/data/sample_k8s_resources/configmaps_multiplerulesinmap.json -------------------------------------------------------------------------------- /tests/data/sample_k8s_resources/configmaps_semgr8ns.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/tests/data/sample_k8s_resources/configmaps_semgr8ns.json -------------------------------------------------------------------------------- /tests/data/sample_k8s_resources/deployments.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/tests/data/sample_k8s_resources/deployments.json -------------------------------------------------------------------------------- /tests/data/sample_k8s_resources/pods.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/tests/data/sample_k8s_resources/pods.json -------------------------------------------------------------------------------- /tests/data/sample_k8s_resources/replicasets.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/tests/data/sample_k8s_resources/replicasets.json -------------------------------------------------------------------------------- /tests/data/scanfile_nosc_pod.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/tests/data/scanfile_nosc_pod.yaml -------------------------------------------------------------------------------- /tests/demo/00_test-namespace.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/tests/demo/00_test-namespace.yaml -------------------------------------------------------------------------------- /tests/demo/20_passing-deployment.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/tests/demo/20_passing-deployment.yaml -------------------------------------------------------------------------------- /tests/demo/40_failing-deployment.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/tests/demo/40_failing-deployment.yaml -------------------------------------------------------------------------------- /tests/integration/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/tests/integration/README.md -------------------------------------------------------------------------------- /tests/integration/data/00_test_namespaces.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/tests/integration/data/00_test_namespaces.yaml -------------------------------------------------------------------------------- /tests/integration/data/01_semgr8ns_namespace.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/tests/integration/data/01_semgr8ns_namespace.yaml -------------------------------------------------------------------------------- /tests/integration/data/20_compliant_pod.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/tests/integration/data/20_compliant_pod.yaml -------------------------------------------------------------------------------- /tests/integration/data/30_testlabel_pod.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/tests/integration/data/30_testlabel_pod.yaml -------------------------------------------------------------------------------- /tests/integration/data/40_testlabel_pod.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/tests/integration/data/40_testlabel_pod.yaml -------------------------------------------------------------------------------- /tests/integration/data/41_nosc_pod.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/tests/integration/data/41_nosc_pod.yaml -------------------------------------------------------------------------------- /tests/integration/data/42_privileged_pod.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/tests/integration/data/42_privileged_pod.yaml -------------------------------------------------------------------------------- /tests/integration/data/43_hostnetwork_pod.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/tests/integration/data/43_hostnetwork_pod.yaml -------------------------------------------------------------------------------- /tests/integration/data/44_multifail_pod.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/tests/integration/data/44_multifail_pod.yaml -------------------------------------------------------------------------------- /tests/integration/data/45_other_testlabel_pod.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/tests/integration/data/45_other_testlabel_pod.yaml -------------------------------------------------------------------------------- /tests/integration/main.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/tests/integration/main.sh -------------------------------------------------------------------------------- /tests/integration/rules/test-semgr8s-no-foobar-label.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/tests/integration/rules/test-semgr8s-no-foobar-label.yaml -------------------------------------------------------------------------------- /tests/integration/scripts/audit.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/tests/integration/scripts/audit.sh -------------------------------------------------------------------------------- /tests/integration/scripts/autofix.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/tests/integration/scripts/autofix.sh -------------------------------------------------------------------------------- /tests/integration/scripts/basic.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/tests/integration/scripts/basic.sh -------------------------------------------------------------------------------- /tests/integration/scripts/common.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/tests/integration/scripts/common.sh -------------------------------------------------------------------------------- /tests/integration/scripts/remote_rules.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/tests/integration/scripts/remote_rules.sh -------------------------------------------------------------------------------- /tests/integration/scripts/semgrep_login.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/tests/integration/scripts/semgrep_login.sh -------------------------------------------------------------------------------- /tests/integration/test_cases/audit.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/tests/integration/test_cases/audit.yaml -------------------------------------------------------------------------------- /tests/integration/test_cases/autofix.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/tests/integration/test_cases/autofix.yaml -------------------------------------------------------------------------------- /tests/integration/test_cases/basic.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/tests/integration/test_cases/basic.yaml -------------------------------------------------------------------------------- /tests/integration/test_cases/remote_rules.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/tests/integration/test_cases/remote_rules.yaml -------------------------------------------------------------------------------- /tests/integration/test_cases/semgrep_login.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/tests/integration/test_cases/semgrep_login.yaml -------------------------------------------------------------------------------- /tests/test_app.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/tests/test_app.py -------------------------------------------------------------------------------- /tests/test_k8s_api.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/tests/test_k8s_api.py -------------------------------------------------------------------------------- /tests/test_updater.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/semgr8ns/semgr8s/HEAD/tests/test_updater.py --------------------------------------------------------------------------------