├── .github ├── dependabot.yml └── workflows │ ├── release.yml │ └── test.yml ├── .gitignore ├── .goreleaser.yaml ├── .krew.yaml ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── Dockerfile ├── LICENSE ├── MAINTAINERS.md ├── Makefile ├── README.md ├── assets ├── banner-dark.png └── banner-light.png ├── checks.md ├── cmd ├── root.go ├── scan.go └── version.go ├── examples ├── labels.yml └── replicas.yml ├── go.mod ├── go.sum ├── install.sh ├── internal └── builtins │ ├── cis │ ├── M-500_workload_in_default_namespace.yaml │ └── M-500_workload_in_default_namespace_test.yaml │ ├── embed.go │ ├── embed_test.go │ ├── general │ ├── M-400_image_tagged_latest.yaml │ ├── M-400_image_tagged_latest_test.yaml │ ├── M-401_unmanaged_pod.yaml │ ├── M-401_unmanaged_pod_test.yaml │ ├── M-402_readiness_probe.yaml │ ├── M-402_readiness_probe_test.yaml │ ├── M-403_liveness_probe.yaml │ ├── M-403_liveness_probe_test.yaml │ ├── M-404_memory_requests.yaml │ ├── M-404_memory_requests_test.yaml │ ├── M-405_cpu_requests.yaml │ ├── M-405_cpu_requests_test.yaml │ ├── M-406_memory_limit.yaml │ ├── M-406_memory_limit_test.yaml │ ├── M-407_cpu_limit.yaml │ ├── M-407_cpu_limit_test.yaml │ ├── M-408_sudo_container_entrypoint.yaml │ ├── M-408_sudo_container_entrypoint_test.yaml │ ├── M-409_deprecated_image_registry.yaml │ ├── M-409_deprecated_image_registry_test.yaml │ ├── M-410_resource_using_invalid_restartpolicy.yaml │ ├── M-410_resource_using_invalid_restartpolicy_test.yaml │ ├── M-411_role_binding_referencing_anonymous_or_unauthenticated.yaml │ └── M-411_role_binding_referencing_anonymous_or_unauthenticated_test.yaml │ ├── mitre │ ├── M-200_allowed_registries.yml │ ├── M-200_allowed_registries_test.yml │ ├── M-201_app_credentials.yml │ ├── M-201_app_credentials_test.yml │ ├── M-202_auto_mount_service_account_token.yml │ ├── M-202_auto_mount_service_account_token_test.yml │ ├── M-203_ssh_server.yml │ └── M-203_ssh_server_test.yml │ ├── nsa │ ├── M-300_read_only_root_filesystem.yml │ └── M-300_read_only_root_filesystem_test.yml │ └── pss │ ├── baseline │ ├── M-100_host_process.yml │ ├── M-100_host_process_test.yml │ ├── M-101_host_namespaces.yml │ ├── M-101_host_namespaces_test.yml │ ├── M-102_privileged_containers.yml │ ├── M-102_privileged_containers_test.yml │ ├── M-103_capabilities_baseline.yml │ ├── M-103_capabilities_baseline_test.yml │ ├── M-104_host_path_volumes.yml │ ├── M-104_host_path_volumes_test.yml │ ├── M-105_host_ports.yml │ ├── M-105_host_ports_test.yml │ ├── M-106_apparmor.yml │ ├── M-106_apparmor_test.yml │ ├── M-107_selinux.yml │ ├── M-107_selinux_test.yml │ ├── M-108_proc_mount.yml │ ├── M-108_proc_mount_test.yml │ ├── M-109_seccomp_baseline.yml │ ├── M-109_seccomp_baseline_test.yml │ ├── M-110_sysctls.yml │ └── M-110_sysctls_test.yml │ └── restricted │ ├── M-111_volume_types.yml │ ├── M-111_volume_types_test.yml │ ├── M-112_privilege_escalation.yml │ ├── M-112_privilege_escalation_test.yml │ ├── M-113_run_as_non_root.yml │ ├── M-113_run_as_non_root_test.yml │ ├── M-114_run_as_user.yml │ ├── M-114_run_as_user_test.yml │ ├── M-115_seccomp_restricted.yml │ ├── M-115_seccomp_restricted_test.yml │ ├── M-116_capabilities_restricted.yml │ └── M-116_capabilities_restricted_test.yml ├── main.go ├── pkg ├── cmd │ └── scan.go ├── loader │ ├── builtin.go │ ├── builtin_test.go │ ├── loader.go │ ├── loader_test.go │ └── testdata │ │ ├── checks │ │ ├── svc_lb.json │ │ └── workloads │ │ │ ├── replicas.yaml │ │ │ ├── replicas_test.yaml │ │ │ └── unsupported.txt │ │ └── invalid │ │ └── invalid.yml ├── printers │ ├── interface.go │ ├── json.go │ ├── md.go │ ├── table.go │ └── yaml.go ├── types │ ├── check.go │ ├── check_test.go │ ├── report.go │ ├── report_test.go │ ├── severity.go │ ├── severity_test.go │ ├── status.go │ └── status_test.go ├── validator │ ├── activation.go │ ├── compiler.go │ ├── compiler_test.go │ ├── interface.go │ ├── podspec.go │ ├── podspec_test.go │ └── validator.go └── version │ ├── version.go │ └── version_test.go └── test └── builtins_test.go /.github/dependabot.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/.github/dependabot.yml -------------------------------------------------------------------------------- /.github/workflows/release.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/.github/workflows/release.yml -------------------------------------------------------------------------------- /.github/workflows/test.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/.github/workflows/test.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/.gitignore -------------------------------------------------------------------------------- /.goreleaser.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/.goreleaser.yaml -------------------------------------------------------------------------------- /.krew.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/.krew.yaml -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/CODE_OF_CONDUCT.md -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/CONTRIBUTING.md -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/Dockerfile -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/LICENSE -------------------------------------------------------------------------------- /MAINTAINERS.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/MAINTAINERS.md -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/Makefile -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/README.md -------------------------------------------------------------------------------- /assets/banner-dark.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/assets/banner-dark.png -------------------------------------------------------------------------------- /assets/banner-light.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/assets/banner-light.png -------------------------------------------------------------------------------- /checks.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/checks.md -------------------------------------------------------------------------------- /cmd/root.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/cmd/root.go -------------------------------------------------------------------------------- /cmd/scan.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/cmd/scan.go -------------------------------------------------------------------------------- /cmd/version.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/cmd/version.go -------------------------------------------------------------------------------- /examples/labels.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/examples/labels.yml -------------------------------------------------------------------------------- /examples/replicas.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/examples/replicas.yml -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/go.mod -------------------------------------------------------------------------------- /go.sum: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/go.sum -------------------------------------------------------------------------------- /install.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/install.sh -------------------------------------------------------------------------------- /internal/builtins/cis/M-500_workload_in_default_namespace.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/cis/M-500_workload_in_default_namespace.yaml -------------------------------------------------------------------------------- /internal/builtins/cis/M-500_workload_in_default_namespace_test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/cis/M-500_workload_in_default_namespace_test.yaml -------------------------------------------------------------------------------- /internal/builtins/embed.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/embed.go -------------------------------------------------------------------------------- /internal/builtins/embed_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/embed_test.go -------------------------------------------------------------------------------- /internal/builtins/general/M-400_image_tagged_latest.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/general/M-400_image_tagged_latest.yaml -------------------------------------------------------------------------------- /internal/builtins/general/M-400_image_tagged_latest_test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/general/M-400_image_tagged_latest_test.yaml -------------------------------------------------------------------------------- /internal/builtins/general/M-401_unmanaged_pod.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/general/M-401_unmanaged_pod.yaml -------------------------------------------------------------------------------- /internal/builtins/general/M-401_unmanaged_pod_test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/general/M-401_unmanaged_pod_test.yaml -------------------------------------------------------------------------------- /internal/builtins/general/M-402_readiness_probe.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/general/M-402_readiness_probe.yaml -------------------------------------------------------------------------------- /internal/builtins/general/M-402_readiness_probe_test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/general/M-402_readiness_probe_test.yaml -------------------------------------------------------------------------------- /internal/builtins/general/M-403_liveness_probe.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/general/M-403_liveness_probe.yaml -------------------------------------------------------------------------------- /internal/builtins/general/M-403_liveness_probe_test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/general/M-403_liveness_probe_test.yaml -------------------------------------------------------------------------------- /internal/builtins/general/M-404_memory_requests.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/general/M-404_memory_requests.yaml -------------------------------------------------------------------------------- /internal/builtins/general/M-404_memory_requests_test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/general/M-404_memory_requests_test.yaml -------------------------------------------------------------------------------- /internal/builtins/general/M-405_cpu_requests.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/general/M-405_cpu_requests.yaml -------------------------------------------------------------------------------- /internal/builtins/general/M-405_cpu_requests_test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/general/M-405_cpu_requests_test.yaml -------------------------------------------------------------------------------- /internal/builtins/general/M-406_memory_limit.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/general/M-406_memory_limit.yaml -------------------------------------------------------------------------------- /internal/builtins/general/M-406_memory_limit_test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/general/M-406_memory_limit_test.yaml -------------------------------------------------------------------------------- /internal/builtins/general/M-407_cpu_limit.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/general/M-407_cpu_limit.yaml -------------------------------------------------------------------------------- /internal/builtins/general/M-407_cpu_limit_test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/general/M-407_cpu_limit_test.yaml -------------------------------------------------------------------------------- /internal/builtins/general/M-408_sudo_container_entrypoint.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/general/M-408_sudo_container_entrypoint.yaml -------------------------------------------------------------------------------- /internal/builtins/general/M-408_sudo_container_entrypoint_test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/general/M-408_sudo_container_entrypoint_test.yaml -------------------------------------------------------------------------------- /internal/builtins/general/M-409_deprecated_image_registry.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/general/M-409_deprecated_image_registry.yaml -------------------------------------------------------------------------------- /internal/builtins/general/M-409_deprecated_image_registry_test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/general/M-409_deprecated_image_registry_test.yaml -------------------------------------------------------------------------------- /internal/builtins/general/M-410_resource_using_invalid_restartpolicy.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/general/M-410_resource_using_invalid_restartpolicy.yaml -------------------------------------------------------------------------------- /internal/builtins/general/M-410_resource_using_invalid_restartpolicy_test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/general/M-410_resource_using_invalid_restartpolicy_test.yaml -------------------------------------------------------------------------------- /internal/builtins/general/M-411_role_binding_referencing_anonymous_or_unauthenticated.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/general/M-411_role_binding_referencing_anonymous_or_unauthenticated.yaml -------------------------------------------------------------------------------- /internal/builtins/general/M-411_role_binding_referencing_anonymous_or_unauthenticated_test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/general/M-411_role_binding_referencing_anonymous_or_unauthenticated_test.yaml -------------------------------------------------------------------------------- /internal/builtins/mitre/M-200_allowed_registries.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/mitre/M-200_allowed_registries.yml -------------------------------------------------------------------------------- /internal/builtins/mitre/M-200_allowed_registries_test.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/mitre/M-200_allowed_registries_test.yml -------------------------------------------------------------------------------- /internal/builtins/mitre/M-201_app_credentials.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/mitre/M-201_app_credentials.yml -------------------------------------------------------------------------------- /internal/builtins/mitre/M-201_app_credentials_test.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/mitre/M-201_app_credentials_test.yml -------------------------------------------------------------------------------- /internal/builtins/mitre/M-202_auto_mount_service_account_token.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/mitre/M-202_auto_mount_service_account_token.yml -------------------------------------------------------------------------------- /internal/builtins/mitre/M-202_auto_mount_service_account_token_test.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/mitre/M-202_auto_mount_service_account_token_test.yml -------------------------------------------------------------------------------- /internal/builtins/mitre/M-203_ssh_server.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/mitre/M-203_ssh_server.yml -------------------------------------------------------------------------------- /internal/builtins/mitre/M-203_ssh_server_test.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/mitre/M-203_ssh_server_test.yml -------------------------------------------------------------------------------- /internal/builtins/nsa/M-300_read_only_root_filesystem.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/nsa/M-300_read_only_root_filesystem.yml -------------------------------------------------------------------------------- /internal/builtins/nsa/M-300_read_only_root_filesystem_test.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/nsa/M-300_read_only_root_filesystem_test.yml -------------------------------------------------------------------------------- /internal/builtins/pss/baseline/M-100_host_process.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/pss/baseline/M-100_host_process.yml -------------------------------------------------------------------------------- /internal/builtins/pss/baseline/M-100_host_process_test.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/pss/baseline/M-100_host_process_test.yml -------------------------------------------------------------------------------- /internal/builtins/pss/baseline/M-101_host_namespaces.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/pss/baseline/M-101_host_namespaces.yml -------------------------------------------------------------------------------- /internal/builtins/pss/baseline/M-101_host_namespaces_test.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/pss/baseline/M-101_host_namespaces_test.yml -------------------------------------------------------------------------------- /internal/builtins/pss/baseline/M-102_privileged_containers.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/pss/baseline/M-102_privileged_containers.yml -------------------------------------------------------------------------------- /internal/builtins/pss/baseline/M-102_privileged_containers_test.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/pss/baseline/M-102_privileged_containers_test.yml -------------------------------------------------------------------------------- /internal/builtins/pss/baseline/M-103_capabilities_baseline.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/pss/baseline/M-103_capabilities_baseline.yml -------------------------------------------------------------------------------- /internal/builtins/pss/baseline/M-103_capabilities_baseline_test.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/pss/baseline/M-103_capabilities_baseline_test.yml -------------------------------------------------------------------------------- /internal/builtins/pss/baseline/M-104_host_path_volumes.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/pss/baseline/M-104_host_path_volumes.yml -------------------------------------------------------------------------------- /internal/builtins/pss/baseline/M-104_host_path_volumes_test.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/pss/baseline/M-104_host_path_volumes_test.yml -------------------------------------------------------------------------------- /internal/builtins/pss/baseline/M-105_host_ports.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/pss/baseline/M-105_host_ports.yml -------------------------------------------------------------------------------- /internal/builtins/pss/baseline/M-105_host_ports_test.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/pss/baseline/M-105_host_ports_test.yml -------------------------------------------------------------------------------- /internal/builtins/pss/baseline/M-106_apparmor.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/pss/baseline/M-106_apparmor.yml -------------------------------------------------------------------------------- /internal/builtins/pss/baseline/M-106_apparmor_test.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/pss/baseline/M-106_apparmor_test.yml -------------------------------------------------------------------------------- /internal/builtins/pss/baseline/M-107_selinux.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/pss/baseline/M-107_selinux.yml -------------------------------------------------------------------------------- /internal/builtins/pss/baseline/M-107_selinux_test.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/pss/baseline/M-107_selinux_test.yml -------------------------------------------------------------------------------- /internal/builtins/pss/baseline/M-108_proc_mount.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/pss/baseline/M-108_proc_mount.yml -------------------------------------------------------------------------------- /internal/builtins/pss/baseline/M-108_proc_mount_test.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/pss/baseline/M-108_proc_mount_test.yml -------------------------------------------------------------------------------- /internal/builtins/pss/baseline/M-109_seccomp_baseline.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/pss/baseline/M-109_seccomp_baseline.yml -------------------------------------------------------------------------------- /internal/builtins/pss/baseline/M-109_seccomp_baseline_test.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/pss/baseline/M-109_seccomp_baseline_test.yml -------------------------------------------------------------------------------- /internal/builtins/pss/baseline/M-110_sysctls.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/pss/baseline/M-110_sysctls.yml -------------------------------------------------------------------------------- /internal/builtins/pss/baseline/M-110_sysctls_test.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/pss/baseline/M-110_sysctls_test.yml -------------------------------------------------------------------------------- /internal/builtins/pss/restricted/M-111_volume_types.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/pss/restricted/M-111_volume_types.yml -------------------------------------------------------------------------------- /internal/builtins/pss/restricted/M-111_volume_types_test.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/pss/restricted/M-111_volume_types_test.yml -------------------------------------------------------------------------------- /internal/builtins/pss/restricted/M-112_privilege_escalation.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/pss/restricted/M-112_privilege_escalation.yml -------------------------------------------------------------------------------- /internal/builtins/pss/restricted/M-112_privilege_escalation_test.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/pss/restricted/M-112_privilege_escalation_test.yml -------------------------------------------------------------------------------- /internal/builtins/pss/restricted/M-113_run_as_non_root.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/pss/restricted/M-113_run_as_non_root.yml -------------------------------------------------------------------------------- /internal/builtins/pss/restricted/M-113_run_as_non_root_test.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/pss/restricted/M-113_run_as_non_root_test.yml -------------------------------------------------------------------------------- /internal/builtins/pss/restricted/M-114_run_as_user.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/pss/restricted/M-114_run_as_user.yml -------------------------------------------------------------------------------- /internal/builtins/pss/restricted/M-114_run_as_user_test.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/pss/restricted/M-114_run_as_user_test.yml -------------------------------------------------------------------------------- /internal/builtins/pss/restricted/M-115_seccomp_restricted.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/pss/restricted/M-115_seccomp_restricted.yml -------------------------------------------------------------------------------- /internal/builtins/pss/restricted/M-115_seccomp_restricted_test.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/pss/restricted/M-115_seccomp_restricted_test.yml -------------------------------------------------------------------------------- /internal/builtins/pss/restricted/M-116_capabilities_restricted.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/pss/restricted/M-116_capabilities_restricted.yml -------------------------------------------------------------------------------- /internal/builtins/pss/restricted/M-116_capabilities_restricted_test.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/internal/builtins/pss/restricted/M-116_capabilities_restricted_test.yml -------------------------------------------------------------------------------- /main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/main.go -------------------------------------------------------------------------------- /pkg/cmd/scan.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/pkg/cmd/scan.go -------------------------------------------------------------------------------- /pkg/loader/builtin.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/pkg/loader/builtin.go -------------------------------------------------------------------------------- /pkg/loader/builtin_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/pkg/loader/builtin_test.go -------------------------------------------------------------------------------- /pkg/loader/loader.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/pkg/loader/loader.go -------------------------------------------------------------------------------- /pkg/loader/loader_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/pkg/loader/loader_test.go -------------------------------------------------------------------------------- /pkg/loader/testdata/checks/svc_lb.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/pkg/loader/testdata/checks/svc_lb.json -------------------------------------------------------------------------------- /pkg/loader/testdata/checks/workloads/replicas.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/pkg/loader/testdata/checks/workloads/replicas.yaml -------------------------------------------------------------------------------- /pkg/loader/testdata/checks/workloads/replicas_test.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/pkg/loader/testdata/checks/workloads/replicas_test.yaml -------------------------------------------------------------------------------- /pkg/loader/testdata/checks/workloads/unsupported.txt: -------------------------------------------------------------------------------- 1 | unsupported file type -------------------------------------------------------------------------------- /pkg/loader/testdata/invalid/invalid.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/pkg/loader/testdata/invalid/invalid.yml -------------------------------------------------------------------------------- /pkg/printers/interface.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/pkg/printers/interface.go -------------------------------------------------------------------------------- /pkg/printers/json.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/pkg/printers/json.go -------------------------------------------------------------------------------- /pkg/printers/md.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/pkg/printers/md.go -------------------------------------------------------------------------------- /pkg/printers/table.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/pkg/printers/table.go -------------------------------------------------------------------------------- /pkg/printers/yaml.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/pkg/printers/yaml.go -------------------------------------------------------------------------------- /pkg/types/check.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/pkg/types/check.go -------------------------------------------------------------------------------- /pkg/types/check_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/pkg/types/check_test.go -------------------------------------------------------------------------------- /pkg/types/report.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/pkg/types/report.go -------------------------------------------------------------------------------- /pkg/types/report_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/pkg/types/report_test.go -------------------------------------------------------------------------------- /pkg/types/severity.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/pkg/types/severity.go -------------------------------------------------------------------------------- /pkg/types/severity_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/pkg/types/severity_test.go -------------------------------------------------------------------------------- /pkg/types/status.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/pkg/types/status.go -------------------------------------------------------------------------------- /pkg/types/status_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/pkg/types/status_test.go -------------------------------------------------------------------------------- /pkg/validator/activation.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/pkg/validator/activation.go -------------------------------------------------------------------------------- /pkg/validator/compiler.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/pkg/validator/compiler.go -------------------------------------------------------------------------------- /pkg/validator/compiler_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/pkg/validator/compiler_test.go -------------------------------------------------------------------------------- /pkg/validator/interface.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/pkg/validator/interface.go -------------------------------------------------------------------------------- /pkg/validator/podspec.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/pkg/validator/podspec.go -------------------------------------------------------------------------------- /pkg/validator/podspec_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/pkg/validator/podspec_test.go -------------------------------------------------------------------------------- /pkg/validator/validator.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/pkg/validator/validator.go -------------------------------------------------------------------------------- /pkg/version/version.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/pkg/version/version.go -------------------------------------------------------------------------------- /pkg/version/version_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/pkg/version/version_test.go -------------------------------------------------------------------------------- /test/builtins_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/undistro/marvin/HEAD/test/builtins_test.go --------------------------------------------------------------------------------