github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-03 15:46:33 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #270 from dkerwin/add_gitlab_ee

Browse Source 
Add official gitlab EE docker image to list of known shell spawning images
This commit is contained in:
Mark Stemm
2017-09-22 17:19:14 -07:00
committed by GitHub
parent 2d0963e97c 64145ba961
commit 1666d03afc
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
rules/falco_rules.yaml
View File

@@ -512,7 +512,8 @@
# as a packaging mechanism more than for a dedicated microservice. # as a packaging mechanism more than for a dedicated microservice.
- macro: shell_spawning_containers - macro: shell_spawning_containers
condition: (container.image startswith jenkins or condition: (container.image startswith jenkins or
container.image startswith gitlab/gitlab-ce) container.image startswith gitlab/gitlab-ce or
container.image startswith gitlab/gitlab-ee)
- rule: Launch Privileged Container - rule: Launch Privileged Container
desc: Detect the initial process started in a privileged container. Exceptions are made for known trusted images. desc: Detect the initial process started in a privileged container. Exceptions are made for known trusted images.