From c12052e03d15879ed74655be0bb17594e69dbf29 Mon Sep 17 00:00:00 2001
From: kaizhe <derek0405@gmail.com>
Date: Fri, 21 Jun 2019 10:41:56 -0700
Subject: [PATCH] add openshift image to whitelist

Signed-off-by: kaizhe <derek0405@gmail.com>
---
 rules/falco_rules.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index 48711283..495f28d4 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -1690,6 +1690,7 @@
        container.image.repository endswith /ose-pod or
        container.image.repository endswith /ose-node or
        container.image.repository endswith /ose-docker-registry or
+       container.image.repository endswith /prometheus-node-exporter or
        container.image.repository endswith /image-inspector))
 
 # These images are allowed both to run with --privileged and to mount