feat: update issue map and tomls for kube-linter (#37)

Signed-off-by: Srijan Saurav <[email protected]>
Co-authored-by: Srijan Saurav <[email protected]>

Author: jaffrey-deepsource

README.md

@@ -6,7 +6,7 @@ Hub of all open-source third-party static analyzers supported by DeepSource. Usa
 
 | Analyzer name                                                                 | Latest version | Language / Technology |
 | :---------------------------------------------------------------------------- | :------------- | :-------------------- |
-| [stackrox/kube-linter](https://github.com/stackrox/kube-linter)               | 0.6.4          | Kubernetes, Helm      |
+| [stackrox/kube-linter](https://github.com/stackrox/kube-linter)               | 0.7.6          | Kubernetes, Helm      |
 | [aws-cloudformation/cfn-lint](https://github.com/aws-cloudformation/cfn-lint) | 0.83.3         | AWS CloudFormation    |
 | [dart-lang/linter](https://github.com/dart-lang/sdk/tree/main/pkg/linter)     | 3.2.0          | Dart, Flutter         |
 | [crytic/slither](https://github.com/crytic/slither)                           | 0.10.0         | Solidity, Vyper       |

analyzers/kube-linter/.deepsource/issues/KUBELIN-W1052.toml

@@ -0,0 +1,14 @@
+
+title = "ServiceMonitor selector mismatch"
+verbose_name = "dangling-servicemonitor"
+severity = "major"
+category = "antipattern"
+weight = 70
+description = """
+Indicates when a service monitor's selectors don't match any service. ServiceMonitors are a custom resource only used by the Prometheus operator (https://prometheus-operator.dev/docs/operator/design/#servicemonitor).
+
+<!--more-->
+
+## Remediation
+Check selectors and your services.
+"""

analyzers/kube-linter/.deepsource/issues/KUBELIN-W1053.toml

@@ -0,0 +1,14 @@
+
+title = "Job TTL misconfigured"
+verbose_name = "job-ttl-seconds-after-finished"
+severity = "major"
+category = "antipattern"
+weight = 70
+description = """
+Indicates when standalone jobs do not set ttlSecondsAfterFinished and when jobs managed by cronjob do set ttlSecondsAfterFinished.
+
+<!--more-->
+
+## Remediation
+Set Job.spec.ttlSecondsAfterFinished. Unset CronJob.Spec.JobTemplate.Spec.ttlSecondsAfterFinished.
+"""

analyzers/kube-linter/.deepsource/issues/KUBELIN-W1054.toml

@@ -0,0 +1,14 @@
+
+title = "Liveness probe port mismatch"
+verbose_name = "liveness-port"
+severity = "major"
+category = "antipattern"
+weight = 70
+description = """
+Indicates when containers have a liveness probe to a not exposed port.
+
+<!--more-->
+
+## Remediation
+Check which ports you've exposed and ensure they match what you have specified in the liveness probe.
+"""

analyzers/kube-linter/.deepsource/issues/KUBELIN-W1055.toml

@@ -0,0 +1,14 @@
+
+title = "PDB unhealthy pod eviction policy"
+verbose_name = "pdb-unhealthy-pod-eviction-policy"
+severity = "major"
+category = "antipattern"
+weight = 70
+description = """
+Indicates when a PodDisruptionBudget does not explicitly set the unhealthyPodEvictionPolicy field.
+
+<!--more-->
+
+## Remediation
+Set unhealthyPodEvictionPolicy to AlwaysAllow. Refer to https://kubernetes.io/docs/tasks/run-application/configure-pdb/#unhealthy-pod-eviction-policy for more information.
+"""

analyzers/kube-linter/.deepsource/issues/KUBELIN-W1056.toml

@@ -0,0 +1,14 @@
+
+title = "Missing/invalid priority class"
+verbose_name = "priority-class-name"
+severity = "major"
+category = "antipattern"
+weight = 70
+description = """
+Indicates when a deployment-like object does not use a valid priority class name
+
+<!--more-->
+
+## Remediation
+Set up the priority class name for your object to any accepted values.
+"""

analyzers/kube-linter/.deepsource/issues/KUBELIN-W1057.toml

@@ -0,0 +1,14 @@
+
+title = "Readiness probe port mismatch"
+verbose_name = "readiness-port"
+severity = "major"
+category = "antipattern"
+weight = 70
+description = """
+Indicates when containers have a readiness probe to a not exposed port.
+
+<!--more-->
+
+## Remediation
+Check which ports you've exposed and ensure they match what you have specified in the readiness probe.
+"""

analyzers/kube-linter/.deepsource/issues/KUBELIN-W1058.toml

@@ -0,0 +1,14 @@
+
+title = "Missing restart policy"
+verbose_name = "restart-policy"
+severity = "major"
+category = "antipattern"
+weight = 70
+description = """
+Indicates when a deployment-like object does not use a restart policy
+
+<!--more-->
+
+## Remediation
+Set up the restart policy for your object to 'Always' or 'OnFailure' to increase the fault tolerance.
+"""

analyzers/kube-linter/.deepsource/issues/KUBELIN-W1059.toml

@@ -0,0 +1,14 @@
+
+title = "Privileged container allowed (SCC)"
+verbose_name = "scc-deny-privileged-container"
+severity = "critical"
+category = "security"
+weight = 90
+description = """
+Indicates when allowPrivilegedContainer SecurityContextConstraints set to true
+
+<!--more-->
+
+## Remediation
+SecurityContextConstraints has AllowPrivilegedContainer set to "true". Using this option is dangerous, please consider using allowedCapabilities instead. Refer to https://docs.openshift.com/container-platform/4.12/authentication/managing-security-context-constraints.html#scc-settings_configuring-internal-oauth for details.
+"""

analyzers/kube-linter/.deepsource/issues/KUBELIN-W1060.toml

@@ -0,0 +1,14 @@
+
+title = "Startup probe port mismatch"
+verbose_name = "startup-port"
+severity = "major"
+category = "antipattern"
+weight = 70
+description = """
+Indicates when containers have a startup probe to a not exposed port.
+
+<!--more-->
+
+## Remediation
+Check which ports you've exposed and ensure they match what you have specified in the startup probe.
+"""