feat: add kubernetes.io/dockerc(onfigjson|fg) secrets (#8718)

Signed-off-by: Dwi Siswanto <me@dw1.io>
2023-11-29 22:40:23 +07:00 · 2023-11-29 22:40:23 +07:00 · 5362807992
parent bc66457262
commit 5362807992
2 changed files with 44 additions and 0 deletions
--- a/file/keys/kubernetes/kubernetes-dockercfg-secret.yaml
+++ b/file/keys/kubernetes/kubernetes-dockercfg-secret.yaml
@ -0,0 +1,22 @@
+id: kubernetes-dockercfg-secret
+
+info:
+  name: kubernetes.io/dockercfg Secret
+  author: dwisiswant0
+  severity: info
+  reference:
+    - https://blog.aquasec.com/the-ticking-supply-chain-attack-bomb-of-exposed-kubernetes-secrets
+  metadata:
+    verified: true
+  tags: kubernetes,k8s,file,keys,secret
+
+file:
+  - extensions:
+      - yaml
+      - yml
+
+    extractors:
+      - type: regex
+        part: body
+        regex:
+          - \.dockercfg:\s+["']?e(w|y)[\w=]+["']?
--- a/file/keys/kubernetes/kubernetes-dockerconfigjson-secret.yaml
+++ b/file/keys/kubernetes/kubernetes-dockerconfigjson-secret.yaml
@ -0,0 +1,22 @@
+id: kubernetes-dockerconfigjson-secret
+
+info:
+  name: kubernetes.io/dockerconfigjson Secret
+  author: dwisiswant0
+  severity: info
+  reference:
+    - https://blog.aquasec.com/the-ticking-supply-chain-attack-bomb-of-exposed-kubernetes-secrets
+  metadata:
+    verified: true
+  tags: kubernetes,k8s,file,keys,secret
+
+file:
+  - extensions:
+      - yaml
+      - yml
+
+    extractors:
+      - type: regex
+        part: body
+        regex:
+          - \.dockerconfigjson:\s+["']?e(w|y)[\w=]+["']?