├── .github └── workflows │ ├── add-issue-to-triage.yml │ └── add-new-pr-to-oss-triaging.yml ├── .gitignore ├── Readme.md ├── acs-export-example ├── .gitignore ├── cmd │ └── root.go ├── demo.tape ├── go.mod ├── go.sum ├── main.go ├── pkg │ ├── config │ │ └── config.go │ ├── csv │ │ └── csv.go │ ├── export │ │ └── export.go │ ├── filter │ │ └── filter.go │ └── table │ │ └── table.go └── readme.md ├── api-examples ├── README.md ├── authprovider-minrole.md ├── delete_group.md ├── groupsbatch_newgroups.md ├── groupservice_creategroup.md └── simple-alerts.md ├── backups ├── api-key-secret.yaml ├── cron-backup.yaml ├── cron-clean-backup.yaml ├── readme.md └── retrieve-backups-pod.yaml ├── ci ├── Azure DevOps │ └── Pipelines │ │ ├── README.md │ │ └── azure-pipelines.yml ├── CircleCI │ ├── .circleci │ │ └── config.yml │ ├── README.md │ └── deploy.yml ├── GitHub │ ├── kube-linter │ │ ├── .github │ │ │ ├── actions │ │ │ │ └── kube-lint │ │ │ │ │ └── action.yml │ │ │ └── workflows │ │ │ │ └── kube-linter.yml │ │ ├── .kube-linter │ │ │ └── config.yaml │ │ ├── README.md │ │ └── yamls │ │ │ └── deploy.yaml │ └── stackrox-action │ │ ├── .github │ │ ├── actions │ │ │ ├── stackrox-check │ │ │ │ └── action.yml │ │ │ └── stackrox-scan │ │ │ │ └── action.yml │ │ └── workflows │ │ │ └── main.yml │ │ └── README.md ├── GitLab │ ├── .gitlab-ci.yml │ └── README.md ├── Tekton │ ├── README.md │ ├── Sample │ │ ├── rox-pipeline.yml │ │ └── rox-secrets.yml │ └── Tasks │ │ ├── rox-deployment-check-task.yml │ │ ├── rox-image-check-task.yml │ │ └── rox-image-scan-task.yml ├── argo │ ├── README.md │ └── argo.yml └── function │ └── Google Function │ ├── CI integration sample │ └── .circleci │ │ └── config.yml │ ├── README.md │ └── roxctl_image_check │ ├── main.py │ └── requirements.txt ├── completions └── fish │ └── roxctl.fish ├── compliance └── scan-compliance.sh ├── guides └── cloud-provider-integrations │ └── azure-service-principal-m2m-auth.md ├── ingress ├── contour │ └── central-ingress.yaml ├── haproxy │ ├── Readme.md │ ├── central-hap-ingress.yaml │ └── haproxy-controller.yaml ├── istio-gw │ ├── Readme.md │ └── central-istio-gw-passthrough.yaml ├── nginx │ ├── Readme.md │ ├── central-nginx-encrypt-ingress.yaml │ └── central-nginx-passthrough-ingress.yaml └── traefik │ ├── Readme.md │ └── central-traefik-ingress.yaml ├── policy-examples ├── cis_policies_split │ ├── docker-4.1-no-root-user.yaml │ ├── docker-4.2-trusted-base-images.yaml │ ├── docker-4.3-no-unnecessary-packages.yaml │ ├── docker-4.4-image-scanning.yaml │ ├── docker-4.5-content-trust.yaml │ ├── docker-4.6-healthcheck.yaml │ ├── docker-4.7-no-sensitive-mounts.yaml │ ├── docker-5.1-apparmor-profile.yaml │ ├── docker-5.10-memory-limits.yaml │ ├── docker-5.11-cpu-priority.yaml │ ├── docker-5.12-readonly-rootfs.yaml │ ├── docker-5.2-selinux-options.yaml │ ├── docker-5.25-no-privilege-escalation.yaml │ ├── docker-5.7-no-privileged-ports.yaml │ ├── docker-5.8-no-shared-user-namespaces.yaml │ ├── docker-5.9-no-shared-network-namespaces.yaml │ ├── k8s-5.1.1-no-privileged-containers.yaml │ ├── k8s-5.1.2-no-host-network.yaml │ ├── k8s-5.1.3-no-host-pid-ipc.yaml │ ├── k8s-5.1.4-no-privilege-escalation.yaml │ ├── k8s-5.1.5-no-root-containers.yaml │ ├── k8s-5.1.6-minimize-capabilities.yaml │ ├── k8s-5.2.1-no-privilege-escalation-admission.yaml │ ├── k8s-5.2.3-no-host-paths-admission.yaml │ ├── k8s-5.2.4-no-net-raw-capability.yaml │ ├── k8s-5.3.1-cni-network-policies.yaml │ ├── k8s-5.7.1-no-secrets-in-env.yaml │ ├── k8s-5.7.2-no-default-service-accounts.yaml │ ├── k8s-resource-limits-cpu-memory.yaml │ ├── readme.md │ ├── runtime-4-package-manager-usage.yaml │ ├── runtime-5-suspicious-downloads.yaml │ ├── runtime-6-unauthorized-ports.yaml │ ├── runtime-docker-1-container-escape.yaml │ ├── runtime-docker-2-crypto-mining.yaml │ ├── runtime-docker-3-suspicious-network-tools.yaml │ ├── runtime-k8s-1-unauthorized-processes.yaml │ ├── runtime-k8s-2-privilege-escalation.yaml │ ├── runtime-k8s-3-unauthorized-network.yaml │ └── runtime-k8s-4-readonly-fs-modifications.yaml ├── default-policies-4.8 │ ├── 30-Day_Scan_Age.json │ ├── 90-Day_Image_Age.json │ ├── ADD_Command_used_instead_of_COPY.json │ ├── Alpine_Linux_Package_Manager_(apk)_in_Image.json │ ├── Alpine_Linux_Package_Manager_Execution.json │ ├── Apache_Struts:_CVE-2017-5638.json │ ├── CAP_SYS_ADMIN_capability_added.json │ ├── Compiler_Tool_Execution.json │ ├── Container_using_read-write_root_filesystem.json │ ├── Container_with_privilege_escalation_allowed.json │ ├── Cryptocurrency_Mining_Process_Execution.json │ ├── Curl_in_Image.json │ ├── Deployments_should_have_at_least_one_ingress_Network_Policy.json │ ├── Deployments_with_externally_exposed_endpoints.json │ ├── Docker_CIS_4.1:_Ensure_That_a_User_for_the_Container_Has_Been_Created.json │ ├── Docker_CIS_4.4:_Ensure_images_are_scanned_and_rebuilt_to_include_security_patches.json │ ├── Docker_CIS_4.7:_Alert_on_Update_Instruction.json │ ├── Docker_CIS_5.15:_Ensure_that_the_host's_process_namespace_is_not_shared.json │ ├── Docker_CIS_5.16:_Ensure_that_the_host's_IPC_namespace_is_not_shared.json │ ├── Docker_CIS_5.19:_Ensure_mount_propagation_mode_is_not_enabled.json │ ├── Docker_CIS_5.1_Ensure_that,_if_applicable,_an_AppArmor_Profile_is_enabled.json │ ├── Docker_CIS_5.21:_Ensure_the_default_seccomp_profile_is_not_disabled.json │ ├── Docker_CIS_5.7:_Ensure_privileged_ports_are_not_mapped_within_containers.json │ ├── Docker_CIS_5.9_and_5.20:_Ensure_that_the_host's_network_namespace_is_not_shared.json │ ├── Drop_All_Capabilities.json │ ├── Emergency_Deployment_Annotation.json │ ├── Environment_Variable_Contains_Secret.json │ ├── Fixable_CVSS_>=_6_and_Privileged.json │ ├── Fixable_CVSS_>=_7.json │ ├── Fixable_Severity_at_least_Important.json │ ├── Images_with_no_scans.json │ ├── Improper_Usage_of_Orchestrator_Secrets_Volume.json │ ├── Insecure_specified_in_CMD.json │ ├── Iptables_or_nftables_Executed_in_Privileged_Container.json │ ├── Kubernetes_Actions:_Exec_into_Pod.json │ ├── Kubernetes_Actions:_Port_Forward_to_Pod.json │ ├── Kubernetes_Dashboard_Deployed.json │ ├── Latest_tag.json │ ├── Linux_Group_Add_Execution.json │ ├── Linux_User_Add_Execution.json │ ├── Log4Shell:_log4j_Remote_Code_Execution_vulnerability.json │ ├── Login_Binaries.json │ ├── Mount_Container_Runtime_Socket.json │ ├── Mounting_Sensitive_Host_Directories.json │ ├── Netcat_Execution_Detected.json │ ├── Network_Management_Execution.json │ ├── No_CPU_request_or_memory_limit_specified.json │ ├── OpenShift:_Central_Admin_Secret_Accessed.json │ ├── OpenShift:_Kubeadmin_Secret_Accessed.json │ ├── OpenShift:_Kubernetes_Secret_Accessed_by_an_Impersonated_User.json │ ├── Password_Binaries.json │ ├── Pod_Service_Account_Token_Automatically_Mounted.json │ ├── Privileged_Container.json │ ├── Privileged_Containers_with_Important_and_Critical_Fixable_CVEs.json │ ├── Process_Targeting_Cluster_Kubelet_Endpoint.json │ ├── Process_Targeting_Cluster_Kubernetes_Docker_Stats_Endpoint.json │ ├── Process_Targeting_Kubernetes_Service_Endpoint.json │ ├── Process_with_UID_0.json │ ├── Rapid_Reset:_Denial_of_Service_Vulnerability_in_HTTP_2_Protocol.json │ ├── Red_Hat_Package_Manager_Execution.json │ ├── Red_Hat_Package_Manager_in_Image.json │ ├── Remote_File_Copy_Binary_Execution.json │ ├── Required_Annotation:_Email.json │ ├── Required_Annotation:_Owner_Team.json │ ├── Required_Image_Label.json │ ├── Required_Label:_Owner_Team.json │ ├── Secret_Mounted_as_Environment_Variable.json │ ├── Secure_Shell_(ssh)_Port_Exposed.json │ ├── Secure_Shell_(ssh)_Port_Exposed_in_Image.json │ ├── Secure_Shell_Server_(sshd)_Execution.json │ ├── SetUID_Processes.json │ ├── Shadow_File_Modification.json │ ├── Shell_Management.json │ ├── Shell_Spawned_by_Java_Application.json │ ├── Spring4Shell_(Spring_Framework_Remote_Code_Execution)_and_Spring_Cloud_Function_vulnerabilities.json │ ├── Ubuntu_Package_Manager_Execution.json │ ├── Ubuntu_Package_Manager_in_Image.json │ ├── Unauthorized_Network_Flow.json │ ├── Unauthorized_Process_Execution.json │ ├── Wget_in_Image.json │ ├── chkconfig_Execution.json │ ├── crontab_Execution.json │ ├── iptables_Execution.json │ ├── nmap_Execution.json │ ├── systemctl_Execution.json │ └── systemd_Execution.json ├── high_level_vulnerabilities │ └── npm-compromised.yaml └── other-examples │ ├── CVE-2021-4034-build-deploy.json │ ├── CVE-2021-44228-build-deploy.json │ ├── contributions.code-workspace │ ├── leaky-vessels.json │ ├── oc-debug-runtime.json │ ├── polkit-execution.json │ ├── polkit-in-image.json │ ├── sensitive-env-vars-with-argocd-exclusion.json │ └── sensitive-env-vars-with-argocd-exclusion.yaml ├── terraform └── azure-sentinel │ ├── README.md │ ├── main.tf │ ├── provider.tf │ └── variables.tf ├── util-scripts ├── acs-correlation-example │ ├── Dockerfile │ ├── README.md │ ├── acs_request.py │ ├── app.py │ ├── config.py │ ├── endpoint_list.json │ ├── logging.conf │ ├── output │ │ ├── sample_cluster_namespace_deployment_alert_output_file.json │ │ └── sample_endpoint_policy_alert_count_output_file.json │ └── requirements.txt ├── compliance-scans-classifications │ ├── stackrox_classifications.sh │ └── stackrox_compliance_scan.sh ├── component-details-to-csv │ ├── README.md │ └── component_details_csv.sh ├── cronjob-upload-vuln-definitions │ ├── fetchvulns-cronjob.yaml │ └── upload-vulns-configmap.yaml ├── export-all-policies │ ├── README.md │ └── export-all-policies.sh ├── export-cves-to-csv │ ├── README.md │ └── create-csv.sh ├── external-entities │ ├── README.md │ ├── external-entities.py │ └── requirements.txt ├── generate_violations_csv │ ├── README.md │ ├── generate_violations_csv.py │ └── requirements.txt ├── health-check │ ├── README.md │ └── health-check.sh ├── image-cve-report │ ├── README.md │ └── image-cve-report.sh ├── listening-endpoints │ ├── README.md │ └── listening-endpoints.sh ├── log4shell │ ├── README.md │ ├── log4shell-check.py │ └── requirements.txt ├── policy-copy-all │ ├── README.md │ └── policy-copy-all.sh ├── policy-update │ ├── README.md │ └── policy-update.sh ├── policy-utils │ └── policies-csv │ │ ├── README.md │ │ └── policies-csv.sh ├── rhcos-node-cves │ ├── README.md │ └── node-cve-report.sh ├── roxctl-base-image │ ├── README.md │ └── base.py ├── roxctl-grace-period │ ├── README.md │ └── grace.py ├── scan-all-registry-images │ ├── README.md │ └── ecr-scan-roxctl.sh ├── violations-to-csv │ ├── README.md │ └── violations-to-csv.sh └── vuln-violation-details │ └── vulnvdetails.sh └── vulnerability-management └── export-workloads ├── README.md ├── export-workloads.py └── export-workloads.sh /.github/workflows/add-issue-to-triage.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/.github/workflows/add-issue-to-triage.yml -------------------------------------------------------------------------------- /.github/workflows/add-new-pr-to-oss-triaging.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/.github/workflows/add-new-pr-to-oss-triaging.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/.gitignore -------------------------------------------------------------------------------- /Readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/Readme.md -------------------------------------------------------------------------------- /acs-export-example/.gitignore: -------------------------------------------------------------------------------- 1 | acs-export-example 2 | *.csv 3 | -------------------------------------------------------------------------------- /acs-export-example/cmd/root.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/acs-export-example/cmd/root.go -------------------------------------------------------------------------------- /acs-export-example/demo.tape: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/acs-export-example/demo.tape -------------------------------------------------------------------------------- /acs-export-example/go.mod: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/acs-export-example/go.mod -------------------------------------------------------------------------------- /acs-export-example/go.sum: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/acs-export-example/go.sum -------------------------------------------------------------------------------- /acs-export-example/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/acs-export-example/main.go -------------------------------------------------------------------------------- /acs-export-example/pkg/config/config.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/acs-export-example/pkg/config/config.go -------------------------------------------------------------------------------- /acs-export-example/pkg/csv/csv.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/acs-export-example/pkg/csv/csv.go -------------------------------------------------------------------------------- /acs-export-example/pkg/export/export.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/acs-export-example/pkg/export/export.go -------------------------------------------------------------------------------- /acs-export-example/pkg/filter/filter.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/acs-export-example/pkg/filter/filter.go -------------------------------------------------------------------------------- /acs-export-example/pkg/table/table.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/acs-export-example/pkg/table/table.go -------------------------------------------------------------------------------- /acs-export-example/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/acs-export-example/readme.md -------------------------------------------------------------------------------- /api-examples/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/api-examples/README.md -------------------------------------------------------------------------------- /api-examples/authprovider-minrole.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/api-examples/authprovider-minrole.md -------------------------------------------------------------------------------- /api-examples/delete_group.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/api-examples/delete_group.md -------------------------------------------------------------------------------- /api-examples/groupsbatch_newgroups.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/api-examples/groupsbatch_newgroups.md -------------------------------------------------------------------------------- /api-examples/groupservice_creategroup.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/api-examples/groupservice_creategroup.md -------------------------------------------------------------------------------- /api-examples/simple-alerts.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/api-examples/simple-alerts.md -------------------------------------------------------------------------------- /backups/api-key-secret.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/backups/api-key-secret.yaml -------------------------------------------------------------------------------- /backups/cron-backup.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/backups/cron-backup.yaml -------------------------------------------------------------------------------- /backups/cron-clean-backup.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/backups/cron-clean-backup.yaml -------------------------------------------------------------------------------- /backups/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/backups/readme.md -------------------------------------------------------------------------------- /backups/retrieve-backups-pod.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/backups/retrieve-backups-pod.yaml -------------------------------------------------------------------------------- /ci/Azure DevOps/Pipelines/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/ci/Azure DevOps/Pipelines/README.md -------------------------------------------------------------------------------- /ci/Azure DevOps/Pipelines/azure-pipelines.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/ci/Azure DevOps/Pipelines/azure-pipelines.yml -------------------------------------------------------------------------------- /ci/CircleCI/.circleci/config.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/ci/CircleCI/.circleci/config.yml -------------------------------------------------------------------------------- /ci/CircleCI/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/ci/CircleCI/README.md -------------------------------------------------------------------------------- /ci/CircleCI/deploy.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/ci/CircleCI/deploy.yml -------------------------------------------------------------------------------- /ci/GitHub/kube-linter/.github/actions/kube-lint/action.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/ci/GitHub/kube-linter/.github/actions/kube-lint/action.yml -------------------------------------------------------------------------------- /ci/GitHub/kube-linter/.github/workflows/kube-linter.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/ci/GitHub/kube-linter/.github/workflows/kube-linter.yml -------------------------------------------------------------------------------- /ci/GitHub/kube-linter/.kube-linter/config.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/ci/GitHub/kube-linter/.kube-linter/config.yaml -------------------------------------------------------------------------------- /ci/GitHub/kube-linter/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/ci/GitHub/kube-linter/README.md -------------------------------------------------------------------------------- /ci/GitHub/kube-linter/yamls/deploy.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/ci/GitHub/kube-linter/yamls/deploy.yaml -------------------------------------------------------------------------------- /ci/GitHub/stackrox-action/.github/actions/stackrox-check/action.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/ci/GitHub/stackrox-action/.github/actions/stackrox-check/action.yml -------------------------------------------------------------------------------- /ci/GitHub/stackrox-action/.github/actions/stackrox-scan/action.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/ci/GitHub/stackrox-action/.github/actions/stackrox-scan/action.yml -------------------------------------------------------------------------------- /ci/GitHub/stackrox-action/.github/workflows/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/ci/GitHub/stackrox-action/.github/workflows/main.yml -------------------------------------------------------------------------------- /ci/GitHub/stackrox-action/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/ci/GitHub/stackrox-action/README.md -------------------------------------------------------------------------------- /ci/GitLab/.gitlab-ci.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/ci/GitLab/.gitlab-ci.yml -------------------------------------------------------------------------------- /ci/GitLab/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/ci/GitLab/README.md -------------------------------------------------------------------------------- /ci/Tekton/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/ci/Tekton/README.md -------------------------------------------------------------------------------- /ci/Tekton/Sample/rox-pipeline.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/ci/Tekton/Sample/rox-pipeline.yml -------------------------------------------------------------------------------- /ci/Tekton/Sample/rox-secrets.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/ci/Tekton/Sample/rox-secrets.yml -------------------------------------------------------------------------------- /ci/Tekton/Tasks/rox-deployment-check-task.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/ci/Tekton/Tasks/rox-deployment-check-task.yml -------------------------------------------------------------------------------- /ci/Tekton/Tasks/rox-image-check-task.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/ci/Tekton/Tasks/rox-image-check-task.yml -------------------------------------------------------------------------------- /ci/Tekton/Tasks/rox-image-scan-task.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/ci/Tekton/Tasks/rox-image-scan-task.yml -------------------------------------------------------------------------------- /ci/argo/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/ci/argo/README.md -------------------------------------------------------------------------------- /ci/argo/argo.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/ci/argo/argo.yml -------------------------------------------------------------------------------- /ci/function/Google Function/CI integration sample/.circleci/config.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/ci/function/Google Function/CI integration sample/.circleci/config.yml -------------------------------------------------------------------------------- /ci/function/Google Function/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/ci/function/Google Function/README.md -------------------------------------------------------------------------------- /ci/function/Google Function/roxctl_image_check/main.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/ci/function/Google Function/roxctl_image_check/main.py -------------------------------------------------------------------------------- /ci/function/Google Function/roxctl_image_check/requirements.txt: -------------------------------------------------------------------------------- 1 | # Function dependencies, for example: 2 | # package>=version 3 | 4 | requests 5 | -------------------------------------------------------------------------------- /completions/fish/roxctl.fish: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/completions/fish/roxctl.fish -------------------------------------------------------------------------------- /compliance/scan-compliance.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/compliance/scan-compliance.sh -------------------------------------------------------------------------------- /guides/cloud-provider-integrations/azure-service-principal-m2m-auth.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/guides/cloud-provider-integrations/azure-service-principal-m2m-auth.md -------------------------------------------------------------------------------- /ingress/contour/central-ingress.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/ingress/contour/central-ingress.yaml -------------------------------------------------------------------------------- /ingress/haproxy/Readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/ingress/haproxy/Readme.md -------------------------------------------------------------------------------- /ingress/haproxy/central-hap-ingress.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/ingress/haproxy/central-hap-ingress.yaml -------------------------------------------------------------------------------- /ingress/haproxy/haproxy-controller.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/ingress/haproxy/haproxy-controller.yaml -------------------------------------------------------------------------------- /ingress/istio-gw/Readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/ingress/istio-gw/Readme.md -------------------------------------------------------------------------------- /ingress/istio-gw/central-istio-gw-passthrough.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/ingress/istio-gw/central-istio-gw-passthrough.yaml -------------------------------------------------------------------------------- /ingress/nginx/Readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/ingress/nginx/Readme.md -------------------------------------------------------------------------------- /ingress/nginx/central-nginx-encrypt-ingress.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/ingress/nginx/central-nginx-encrypt-ingress.yaml -------------------------------------------------------------------------------- /ingress/nginx/central-nginx-passthrough-ingress.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/ingress/nginx/central-nginx-passthrough-ingress.yaml -------------------------------------------------------------------------------- /ingress/traefik/Readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/ingress/traefik/Readme.md -------------------------------------------------------------------------------- /ingress/traefik/central-traefik-ingress.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/ingress/traefik/central-traefik-ingress.yaml -------------------------------------------------------------------------------- /policy-examples/cis_policies_split/docker-4.1-no-root-user.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/cis_policies_split/docker-4.1-no-root-user.yaml -------------------------------------------------------------------------------- /policy-examples/cis_policies_split/docker-4.2-trusted-base-images.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/cis_policies_split/docker-4.2-trusted-base-images.yaml -------------------------------------------------------------------------------- /policy-examples/cis_policies_split/docker-4.3-no-unnecessary-packages.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/cis_policies_split/docker-4.3-no-unnecessary-packages.yaml -------------------------------------------------------------------------------- /policy-examples/cis_policies_split/docker-4.4-image-scanning.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/cis_policies_split/docker-4.4-image-scanning.yaml -------------------------------------------------------------------------------- /policy-examples/cis_policies_split/docker-4.5-content-trust.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/cis_policies_split/docker-4.5-content-trust.yaml -------------------------------------------------------------------------------- /policy-examples/cis_policies_split/docker-4.6-healthcheck.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/cis_policies_split/docker-4.6-healthcheck.yaml -------------------------------------------------------------------------------- /policy-examples/cis_policies_split/docker-4.7-no-sensitive-mounts.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/cis_policies_split/docker-4.7-no-sensitive-mounts.yaml -------------------------------------------------------------------------------- /policy-examples/cis_policies_split/docker-5.1-apparmor-profile.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/cis_policies_split/docker-5.1-apparmor-profile.yaml -------------------------------------------------------------------------------- /policy-examples/cis_policies_split/docker-5.10-memory-limits.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/cis_policies_split/docker-5.10-memory-limits.yaml -------------------------------------------------------------------------------- /policy-examples/cis_policies_split/docker-5.11-cpu-priority.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/cis_policies_split/docker-5.11-cpu-priority.yaml -------------------------------------------------------------------------------- /policy-examples/cis_policies_split/docker-5.12-readonly-rootfs.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/cis_policies_split/docker-5.12-readonly-rootfs.yaml -------------------------------------------------------------------------------- /policy-examples/cis_policies_split/docker-5.2-selinux-options.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/cis_policies_split/docker-5.2-selinux-options.yaml -------------------------------------------------------------------------------- /policy-examples/cis_policies_split/docker-5.25-no-privilege-escalation.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/cis_policies_split/docker-5.25-no-privilege-escalation.yaml -------------------------------------------------------------------------------- /policy-examples/cis_policies_split/docker-5.7-no-privileged-ports.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/cis_policies_split/docker-5.7-no-privileged-ports.yaml -------------------------------------------------------------------------------- /policy-examples/cis_policies_split/docker-5.8-no-shared-user-namespaces.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/cis_policies_split/docker-5.8-no-shared-user-namespaces.yaml -------------------------------------------------------------------------------- /policy-examples/cis_policies_split/docker-5.9-no-shared-network-namespaces.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/cis_policies_split/docker-5.9-no-shared-network-namespaces.yaml -------------------------------------------------------------------------------- /policy-examples/cis_policies_split/k8s-5.1.1-no-privileged-containers.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/cis_policies_split/k8s-5.1.1-no-privileged-containers.yaml -------------------------------------------------------------------------------- /policy-examples/cis_policies_split/k8s-5.1.2-no-host-network.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/cis_policies_split/k8s-5.1.2-no-host-network.yaml -------------------------------------------------------------------------------- /policy-examples/cis_policies_split/k8s-5.1.3-no-host-pid-ipc.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/cis_policies_split/k8s-5.1.3-no-host-pid-ipc.yaml -------------------------------------------------------------------------------- /policy-examples/cis_policies_split/k8s-5.1.4-no-privilege-escalation.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/cis_policies_split/k8s-5.1.4-no-privilege-escalation.yaml -------------------------------------------------------------------------------- /policy-examples/cis_policies_split/k8s-5.1.5-no-root-containers.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/cis_policies_split/k8s-5.1.5-no-root-containers.yaml -------------------------------------------------------------------------------- /policy-examples/cis_policies_split/k8s-5.1.6-minimize-capabilities.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/cis_policies_split/k8s-5.1.6-minimize-capabilities.yaml -------------------------------------------------------------------------------- /policy-examples/cis_policies_split/k8s-5.2.1-no-privilege-escalation-admission.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/cis_policies_split/k8s-5.2.1-no-privilege-escalation-admission.yaml -------------------------------------------------------------------------------- /policy-examples/cis_policies_split/k8s-5.2.3-no-host-paths-admission.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/cis_policies_split/k8s-5.2.3-no-host-paths-admission.yaml -------------------------------------------------------------------------------- /policy-examples/cis_policies_split/k8s-5.2.4-no-net-raw-capability.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/cis_policies_split/k8s-5.2.4-no-net-raw-capability.yaml -------------------------------------------------------------------------------- /policy-examples/cis_policies_split/k8s-5.3.1-cni-network-policies.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/cis_policies_split/k8s-5.3.1-cni-network-policies.yaml -------------------------------------------------------------------------------- /policy-examples/cis_policies_split/k8s-5.7.1-no-secrets-in-env.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/cis_policies_split/k8s-5.7.1-no-secrets-in-env.yaml -------------------------------------------------------------------------------- /policy-examples/cis_policies_split/k8s-5.7.2-no-default-service-accounts.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/cis_policies_split/k8s-5.7.2-no-default-service-accounts.yaml -------------------------------------------------------------------------------- /policy-examples/cis_policies_split/k8s-resource-limits-cpu-memory.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/cis_policies_split/k8s-resource-limits-cpu-memory.yaml -------------------------------------------------------------------------------- /policy-examples/cis_policies_split/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/cis_policies_split/readme.md -------------------------------------------------------------------------------- /policy-examples/cis_policies_split/runtime-4-package-manager-usage.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/cis_policies_split/runtime-4-package-manager-usage.yaml -------------------------------------------------------------------------------- /policy-examples/cis_policies_split/runtime-5-suspicious-downloads.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/cis_policies_split/runtime-5-suspicious-downloads.yaml -------------------------------------------------------------------------------- /policy-examples/cis_policies_split/runtime-6-unauthorized-ports.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/cis_policies_split/runtime-6-unauthorized-ports.yaml -------------------------------------------------------------------------------- /policy-examples/cis_policies_split/runtime-docker-1-container-escape.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/cis_policies_split/runtime-docker-1-container-escape.yaml -------------------------------------------------------------------------------- /policy-examples/cis_policies_split/runtime-docker-2-crypto-mining.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/cis_policies_split/runtime-docker-2-crypto-mining.yaml -------------------------------------------------------------------------------- /policy-examples/cis_policies_split/runtime-docker-3-suspicious-network-tools.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/cis_policies_split/runtime-docker-3-suspicious-network-tools.yaml -------------------------------------------------------------------------------- /policy-examples/cis_policies_split/runtime-k8s-1-unauthorized-processes.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/cis_policies_split/runtime-k8s-1-unauthorized-processes.yaml -------------------------------------------------------------------------------- /policy-examples/cis_policies_split/runtime-k8s-2-privilege-escalation.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/cis_policies_split/runtime-k8s-2-privilege-escalation.yaml -------------------------------------------------------------------------------- /policy-examples/cis_policies_split/runtime-k8s-3-unauthorized-network.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/cis_policies_split/runtime-k8s-3-unauthorized-network.yaml -------------------------------------------------------------------------------- /policy-examples/cis_policies_split/runtime-k8s-4-readonly-fs-modifications.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/cis_policies_split/runtime-k8s-4-readonly-fs-modifications.yaml -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/30-Day_Scan_Age.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/30-Day_Scan_Age.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/90-Day_Image_Age.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/90-Day_Image_Age.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/ADD_Command_used_instead_of_COPY.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/ADD_Command_used_instead_of_COPY.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Alpine_Linux_Package_Manager_(apk)_in_Image.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Alpine_Linux_Package_Manager_(apk)_in_Image.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Alpine_Linux_Package_Manager_Execution.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Alpine_Linux_Package_Manager_Execution.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Apache_Struts:_CVE-2017-5638.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Apache_Struts:_CVE-2017-5638.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/CAP_SYS_ADMIN_capability_added.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/CAP_SYS_ADMIN_capability_added.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Compiler_Tool_Execution.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Compiler_Tool_Execution.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Container_using_read-write_root_filesystem.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Container_using_read-write_root_filesystem.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Container_with_privilege_escalation_allowed.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Container_with_privilege_escalation_allowed.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Cryptocurrency_Mining_Process_Execution.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Cryptocurrency_Mining_Process_Execution.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Curl_in_Image.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Curl_in_Image.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Deployments_should_have_at_least_one_ingress_Network_Policy.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Deployments_should_have_at_least_one_ingress_Network_Policy.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Deployments_with_externally_exposed_endpoints.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Deployments_with_externally_exposed_endpoints.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Docker_CIS_4.1:_Ensure_That_a_User_for_the_Container_Has_Been_Created.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Docker_CIS_4.1:_Ensure_That_a_User_for_the_Container_Has_Been_Created.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Docker_CIS_4.4:_Ensure_images_are_scanned_and_rebuilt_to_include_security_patches.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Docker_CIS_4.4:_Ensure_images_are_scanned_and_rebuilt_to_include_security_patches.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Docker_CIS_4.7:_Alert_on_Update_Instruction.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Docker_CIS_4.7:_Alert_on_Update_Instruction.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Docker_CIS_5.15:_Ensure_that_the_host's_process_namespace_is_not_shared.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Docker_CIS_5.15:_Ensure_that_the_host's_process_namespace_is_not_shared.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Docker_CIS_5.16:_Ensure_that_the_host's_IPC_namespace_is_not_shared.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Docker_CIS_5.16:_Ensure_that_the_host's_IPC_namespace_is_not_shared.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Docker_CIS_5.19:_Ensure_mount_propagation_mode_is_not_enabled.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Docker_CIS_5.19:_Ensure_mount_propagation_mode_is_not_enabled.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Docker_CIS_5.1_Ensure_that,_if_applicable,_an_AppArmor_Profile_is_enabled.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Docker_CIS_5.1_Ensure_that,_if_applicable,_an_AppArmor_Profile_is_enabled.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Docker_CIS_5.21:_Ensure_the_default_seccomp_profile_is_not_disabled.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Docker_CIS_5.21:_Ensure_the_default_seccomp_profile_is_not_disabled.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Docker_CIS_5.7:_Ensure_privileged_ports_are_not_mapped_within_containers.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Docker_CIS_5.7:_Ensure_privileged_ports_are_not_mapped_within_containers.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Docker_CIS_5.9_and_5.20:_Ensure_that_the_host's_network_namespace_is_not_shared.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Docker_CIS_5.9_and_5.20:_Ensure_that_the_host's_network_namespace_is_not_shared.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Drop_All_Capabilities.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Drop_All_Capabilities.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Emergency_Deployment_Annotation.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Emergency_Deployment_Annotation.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Environment_Variable_Contains_Secret.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Environment_Variable_Contains_Secret.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Fixable_CVSS_>=_6_and_Privileged.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Fixable_CVSS_>=_6_and_Privileged.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Fixable_CVSS_>=_7.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Fixable_CVSS_>=_7.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Fixable_Severity_at_least_Important.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Fixable_Severity_at_least_Important.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Images_with_no_scans.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Images_with_no_scans.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Improper_Usage_of_Orchestrator_Secrets_Volume.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Improper_Usage_of_Orchestrator_Secrets_Volume.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Insecure_specified_in_CMD.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Insecure_specified_in_CMD.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Iptables_or_nftables_Executed_in_Privileged_Container.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Iptables_or_nftables_Executed_in_Privileged_Container.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Kubernetes_Actions:_Exec_into_Pod.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Kubernetes_Actions:_Exec_into_Pod.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Kubernetes_Actions:_Port_Forward_to_Pod.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Kubernetes_Actions:_Port_Forward_to_Pod.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Kubernetes_Dashboard_Deployed.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Kubernetes_Dashboard_Deployed.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Latest_tag.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Latest_tag.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Linux_Group_Add_Execution.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Linux_Group_Add_Execution.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Linux_User_Add_Execution.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Linux_User_Add_Execution.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Log4Shell:_log4j_Remote_Code_Execution_vulnerability.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Log4Shell:_log4j_Remote_Code_Execution_vulnerability.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Login_Binaries.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Login_Binaries.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Mount_Container_Runtime_Socket.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Mount_Container_Runtime_Socket.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Mounting_Sensitive_Host_Directories.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Mounting_Sensitive_Host_Directories.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Netcat_Execution_Detected.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Netcat_Execution_Detected.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Network_Management_Execution.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Network_Management_Execution.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/No_CPU_request_or_memory_limit_specified.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/No_CPU_request_or_memory_limit_specified.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/OpenShift:_Central_Admin_Secret_Accessed.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/OpenShift:_Central_Admin_Secret_Accessed.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/OpenShift:_Kubeadmin_Secret_Accessed.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/OpenShift:_Kubeadmin_Secret_Accessed.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/OpenShift:_Kubernetes_Secret_Accessed_by_an_Impersonated_User.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/OpenShift:_Kubernetes_Secret_Accessed_by_an_Impersonated_User.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Password_Binaries.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Password_Binaries.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Pod_Service_Account_Token_Automatically_Mounted.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Pod_Service_Account_Token_Automatically_Mounted.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Privileged_Container.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Privileged_Container.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Privileged_Containers_with_Important_and_Critical_Fixable_CVEs.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Privileged_Containers_with_Important_and_Critical_Fixable_CVEs.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Process_Targeting_Cluster_Kubelet_Endpoint.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Process_Targeting_Cluster_Kubelet_Endpoint.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Process_Targeting_Cluster_Kubernetes_Docker_Stats_Endpoint.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Process_Targeting_Cluster_Kubernetes_Docker_Stats_Endpoint.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Process_Targeting_Kubernetes_Service_Endpoint.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Process_Targeting_Kubernetes_Service_Endpoint.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Process_with_UID_0.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Process_with_UID_0.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Rapid_Reset:_Denial_of_Service_Vulnerability_in_HTTP_2_Protocol.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Rapid_Reset:_Denial_of_Service_Vulnerability_in_HTTP_2_Protocol.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Red_Hat_Package_Manager_Execution.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Red_Hat_Package_Manager_Execution.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Red_Hat_Package_Manager_in_Image.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Red_Hat_Package_Manager_in_Image.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Remote_File_Copy_Binary_Execution.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Remote_File_Copy_Binary_Execution.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Required_Annotation:_Email.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Required_Annotation:_Email.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Required_Annotation:_Owner_Team.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Required_Annotation:_Owner_Team.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Required_Image_Label.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Required_Image_Label.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Required_Label:_Owner_Team.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Required_Label:_Owner_Team.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Secret_Mounted_as_Environment_Variable.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Secret_Mounted_as_Environment_Variable.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Secure_Shell_(ssh)_Port_Exposed.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Secure_Shell_(ssh)_Port_Exposed.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Secure_Shell_(ssh)_Port_Exposed_in_Image.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Secure_Shell_(ssh)_Port_Exposed_in_Image.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Secure_Shell_Server_(sshd)_Execution.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Secure_Shell_Server_(sshd)_Execution.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/SetUID_Processes.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/SetUID_Processes.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Shadow_File_Modification.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Shadow_File_Modification.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Shell_Management.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Shell_Management.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Shell_Spawned_by_Java_Application.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Shell_Spawned_by_Java_Application.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Spring4Shell_(Spring_Framework_Remote_Code_Execution)_and_Spring_Cloud_Function_vulnerabilities.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Spring4Shell_(Spring_Framework_Remote_Code_Execution)_and_Spring_Cloud_Function_vulnerabilities.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Ubuntu_Package_Manager_Execution.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Ubuntu_Package_Manager_Execution.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Ubuntu_Package_Manager_in_Image.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Ubuntu_Package_Manager_in_Image.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Unauthorized_Network_Flow.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Unauthorized_Network_Flow.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Unauthorized_Process_Execution.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Unauthorized_Process_Execution.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/Wget_in_Image.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/Wget_in_Image.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/chkconfig_Execution.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/chkconfig_Execution.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/crontab_Execution.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/crontab_Execution.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/iptables_Execution.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/iptables_Execution.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/nmap_Execution.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/nmap_Execution.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/systemctl_Execution.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/systemctl_Execution.json -------------------------------------------------------------------------------- /policy-examples/default-policies-4.8/systemd_Execution.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/default-policies-4.8/systemd_Execution.json -------------------------------------------------------------------------------- /policy-examples/high_level_vulnerabilities/npm-compromised.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/high_level_vulnerabilities/npm-compromised.yaml -------------------------------------------------------------------------------- /policy-examples/other-examples/CVE-2021-4034-build-deploy.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/other-examples/CVE-2021-4034-build-deploy.json -------------------------------------------------------------------------------- /policy-examples/other-examples/CVE-2021-44228-build-deploy.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/other-examples/CVE-2021-44228-build-deploy.json -------------------------------------------------------------------------------- /policy-examples/other-examples/contributions.code-workspace: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/other-examples/contributions.code-workspace -------------------------------------------------------------------------------- /policy-examples/other-examples/leaky-vessels.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/other-examples/leaky-vessels.json -------------------------------------------------------------------------------- /policy-examples/other-examples/oc-debug-runtime.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/other-examples/oc-debug-runtime.json -------------------------------------------------------------------------------- /policy-examples/other-examples/polkit-execution.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/other-examples/polkit-execution.json -------------------------------------------------------------------------------- /policy-examples/other-examples/polkit-in-image.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/other-examples/polkit-in-image.json -------------------------------------------------------------------------------- /policy-examples/other-examples/sensitive-env-vars-with-argocd-exclusion.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/other-examples/sensitive-env-vars-with-argocd-exclusion.json -------------------------------------------------------------------------------- /policy-examples/other-examples/sensitive-env-vars-with-argocd-exclusion.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/policy-examples/other-examples/sensitive-env-vars-with-argocd-exclusion.yaml -------------------------------------------------------------------------------- /terraform/azure-sentinel/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/terraform/azure-sentinel/README.md -------------------------------------------------------------------------------- /terraform/azure-sentinel/main.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/terraform/azure-sentinel/main.tf -------------------------------------------------------------------------------- /terraform/azure-sentinel/provider.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/terraform/azure-sentinel/provider.tf -------------------------------------------------------------------------------- /terraform/azure-sentinel/variables.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/terraform/azure-sentinel/variables.tf -------------------------------------------------------------------------------- /util-scripts/acs-correlation-example/Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/util-scripts/acs-correlation-example/Dockerfile -------------------------------------------------------------------------------- /util-scripts/acs-correlation-example/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/util-scripts/acs-correlation-example/README.md -------------------------------------------------------------------------------- /util-scripts/acs-correlation-example/acs_request.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/util-scripts/acs-correlation-example/acs_request.py -------------------------------------------------------------------------------- /util-scripts/acs-correlation-example/app.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/util-scripts/acs-correlation-example/app.py -------------------------------------------------------------------------------- /util-scripts/acs-correlation-example/config.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/util-scripts/acs-correlation-example/config.py -------------------------------------------------------------------------------- /util-scripts/acs-correlation-example/endpoint_list.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/util-scripts/acs-correlation-example/endpoint_list.json -------------------------------------------------------------------------------- /util-scripts/acs-correlation-example/logging.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/util-scripts/acs-correlation-example/logging.conf -------------------------------------------------------------------------------- /util-scripts/acs-correlation-example/output/sample_cluster_namespace_deployment_alert_output_file.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/util-scripts/acs-correlation-example/output/sample_cluster_namespace_deployment_alert_output_file.json -------------------------------------------------------------------------------- /util-scripts/acs-correlation-example/output/sample_endpoint_policy_alert_count_output_file.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/util-scripts/acs-correlation-example/output/sample_endpoint_policy_alert_count_output_file.json -------------------------------------------------------------------------------- /util-scripts/acs-correlation-example/requirements.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/util-scripts/acs-correlation-example/requirements.txt -------------------------------------------------------------------------------- /util-scripts/compliance-scans-classifications/stackrox_classifications.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/util-scripts/compliance-scans-classifications/stackrox_classifications.sh -------------------------------------------------------------------------------- /util-scripts/compliance-scans-classifications/stackrox_compliance_scan.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/util-scripts/compliance-scans-classifications/stackrox_compliance_scan.sh -------------------------------------------------------------------------------- /util-scripts/component-details-to-csv/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/util-scripts/component-details-to-csv/README.md -------------------------------------------------------------------------------- /util-scripts/component-details-to-csv/component_details_csv.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/util-scripts/component-details-to-csv/component_details_csv.sh -------------------------------------------------------------------------------- /util-scripts/cronjob-upload-vuln-definitions/fetchvulns-cronjob.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/util-scripts/cronjob-upload-vuln-definitions/fetchvulns-cronjob.yaml -------------------------------------------------------------------------------- /util-scripts/cronjob-upload-vuln-definitions/upload-vulns-configmap.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/util-scripts/cronjob-upload-vuln-definitions/upload-vulns-configmap.yaml -------------------------------------------------------------------------------- /util-scripts/export-all-policies/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/util-scripts/export-all-policies/README.md -------------------------------------------------------------------------------- /util-scripts/export-all-policies/export-all-policies.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/util-scripts/export-all-policies/export-all-policies.sh -------------------------------------------------------------------------------- /util-scripts/export-cves-to-csv/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/util-scripts/export-cves-to-csv/README.md -------------------------------------------------------------------------------- /util-scripts/export-cves-to-csv/create-csv.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/util-scripts/export-cves-to-csv/create-csv.sh -------------------------------------------------------------------------------- /util-scripts/external-entities/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/util-scripts/external-entities/README.md -------------------------------------------------------------------------------- /util-scripts/external-entities/external-entities.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/util-scripts/external-entities/external-entities.py -------------------------------------------------------------------------------- /util-scripts/external-entities/requirements.txt: -------------------------------------------------------------------------------- 1 | tabulate==0.9.0 2 | requests==2.25.0 3 | -------------------------------------------------------------------------------- /util-scripts/generate_violations_csv/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/util-scripts/generate_violations_csv/README.md -------------------------------------------------------------------------------- /util-scripts/generate_violations_csv/generate_violations_csv.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/util-scripts/generate_violations_csv/generate_violations_csv.py -------------------------------------------------------------------------------- /util-scripts/generate_violations_csv/requirements.txt: -------------------------------------------------------------------------------- 1 | requests 2 | pandas 3 | -------------------------------------------------------------------------------- /util-scripts/health-check/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/util-scripts/health-check/README.md -------------------------------------------------------------------------------- /util-scripts/health-check/health-check.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/util-scripts/health-check/health-check.sh -------------------------------------------------------------------------------- /util-scripts/image-cve-report/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/util-scripts/image-cve-report/README.md -------------------------------------------------------------------------------- /util-scripts/image-cve-report/image-cve-report.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/util-scripts/image-cve-report/image-cve-report.sh -------------------------------------------------------------------------------- /util-scripts/listening-endpoints/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/util-scripts/listening-endpoints/README.md -------------------------------------------------------------------------------- /util-scripts/listening-endpoints/listening-endpoints.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/util-scripts/listening-endpoints/listening-endpoints.sh -------------------------------------------------------------------------------- /util-scripts/log4shell/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/util-scripts/log4shell/README.md -------------------------------------------------------------------------------- /util-scripts/log4shell/log4shell-check.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/util-scripts/log4shell/log4shell-check.py -------------------------------------------------------------------------------- /util-scripts/log4shell/requirements.txt: -------------------------------------------------------------------------------- 1 | pandas 2 | requests -------------------------------------------------------------------------------- /util-scripts/policy-copy-all/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/util-scripts/policy-copy-all/README.md -------------------------------------------------------------------------------- /util-scripts/policy-copy-all/policy-copy-all.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/util-scripts/policy-copy-all/policy-copy-all.sh -------------------------------------------------------------------------------- /util-scripts/policy-update/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/util-scripts/policy-update/README.md -------------------------------------------------------------------------------- /util-scripts/policy-update/policy-update.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/util-scripts/policy-update/policy-update.sh -------------------------------------------------------------------------------- /util-scripts/policy-utils/policies-csv/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/util-scripts/policy-utils/policies-csv/README.md -------------------------------------------------------------------------------- /util-scripts/policy-utils/policies-csv/policies-csv.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/util-scripts/policy-utils/policies-csv/policies-csv.sh -------------------------------------------------------------------------------- /util-scripts/rhcos-node-cves/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/util-scripts/rhcos-node-cves/README.md -------------------------------------------------------------------------------- /util-scripts/rhcos-node-cves/node-cve-report.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/util-scripts/rhcos-node-cves/node-cve-report.sh -------------------------------------------------------------------------------- /util-scripts/roxctl-base-image/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/util-scripts/roxctl-base-image/README.md -------------------------------------------------------------------------------- /util-scripts/roxctl-base-image/base.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/util-scripts/roxctl-base-image/base.py -------------------------------------------------------------------------------- /util-scripts/roxctl-grace-period/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/util-scripts/roxctl-grace-period/README.md -------------------------------------------------------------------------------- /util-scripts/roxctl-grace-period/grace.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/util-scripts/roxctl-grace-period/grace.py -------------------------------------------------------------------------------- /util-scripts/scan-all-registry-images/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/util-scripts/scan-all-registry-images/README.md -------------------------------------------------------------------------------- /util-scripts/scan-all-registry-images/ecr-scan-roxctl.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/util-scripts/scan-all-registry-images/ecr-scan-roxctl.sh -------------------------------------------------------------------------------- /util-scripts/violations-to-csv/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/util-scripts/violations-to-csv/README.md -------------------------------------------------------------------------------- /util-scripts/violations-to-csv/violations-to-csv.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/util-scripts/violations-to-csv/violations-to-csv.sh -------------------------------------------------------------------------------- /util-scripts/vuln-violation-details/vulnvdetails.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/util-scripts/vuln-violation-details/vulnvdetails.sh -------------------------------------------------------------------------------- /vulnerability-management/export-workloads/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/vulnerability-management/export-workloads/README.md -------------------------------------------------------------------------------- /vulnerability-management/export-workloads/export-workloads.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/vulnerability-management/export-workloads/export-workloads.py -------------------------------------------------------------------------------- /vulnerability-management/export-workloads/export-workloads.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stackrox/contributions/HEAD/vulnerability-management/export-workloads/export-workloads.sh --------------------------------------------------------------------------------