From b74f0069cb90738a70ed33fd1c6d5f7f93a69ab7 Mon Sep 17 00:00:00 2001 From: Doruk Ozturk Date: Thu, 15 Dec 2022 12:42:02 -0500 Subject: [PATCH] style: Make links short and clickable Closes #7 --- hardeneks/cluster_wide/reliability/applications.py | 4 ++-- .../cluster_wide/security/detective_controls.py | 2 +- .../cluster_wide/security/encryption_secrets.py | 6 +++--- hardeneks/cluster_wide/security/iam.py | 10 +++++----- hardeneks/cluster_wide/security/image_security.py | 2 +- .../security/infrastructure_security.py | 4 ++-- hardeneks/cluster_wide/security/multi_tenancy.py | 2 +- .../cluster_wide/security/network_security.py | 6 +++--- hardeneks/cluster_wide/security/pod_security.py | 2 +- .../namespace_based/reliability/applications.py | 12 ++++++------ .../namespace_based/security/encryption_secrets.py | 2 +- hardeneks/namespace_based/security/iam.py | 14 +++++++------- .../namespace_based/security/network_security.py | 2 +- hardeneks/namespace_based/security/pod_security.py | 10 +++++----- .../namespace_based/security/runtime_security.py | 2 +- 15 files changed, 40 insertions(+), 40 deletions(-) diff --git a/hardeneks/cluster_wide/reliability/applications.py b/hardeneks/cluster_wide/reliability/applications.py index bd36beb..54b0ce1 100644 --- a/hardeneks/cluster_wide/reliability/applications.py +++ b/hardeneks/cluster_wide/reliability/applications.py @@ -20,7 +20,7 @@ def check_metrics_server_is_running(resources: Resources): print( Panel( "[red]Deploy metrics server.", - subtitle="Link: https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#run-kubernetes-metrics-server", + subtitle="[link=https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#run-kubernetes-metrics-server]Click to see the guide[/link]", ) ) console.print() @@ -41,7 +41,7 @@ def check_vertical_pod_autoscaler_exists(resources: Resources): print( Panel( "[red]Deploy vertical pod autoscaler if needed.", - subtitle="Link: https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#vertical-pod-autoscaler-vpa", + subtitle="[link=https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#vertical-pod-autoscaler-vpa]Click to see the guide[/link]", ) ) console.print() diff --git a/hardeneks/cluster_wide/security/detective_controls.py b/hardeneks/cluster_wide/security/detective_controls.py index 24fbcb2..f61fe6f 100644 --- a/hardeneks/cluster_wide/security/detective_controls.py +++ b/hardeneks/cluster_wide/security/detective_controls.py @@ -19,7 +19,7 @@ def check_logs_are_enabled(resources: Resources): print( Panel( "[red]Enable control plane logs for auditing", - subtitle="Link: https://aws.github.io/aws-eks-best-practices/security/docs/detective/#enable-audit-logs", + subtitle="[link=https://aws.github.io/aws-eks-best-practices/security/docs/detective/#enable-audit-logs]Click to see the guide[/link]", ) ) console.print() diff --git a/hardeneks/cluster_wide/security/encryption_secrets.py b/hardeneks/cluster_wide/security/encryption_secrets.py index 6c1d227..b740624 100644 --- a/hardeneks/cluster_wide/security/encryption_secrets.py +++ b/hardeneks/cluster_wide/security/encryption_secrets.py @@ -17,7 +17,7 @@ def use_encryption_with_ebs(resources: Resources): print_storage_class_table( offenders, "[red]EBS Storage Classes should have encryption parameter", - "Link: https://aws.github.io/aws-eks-best-practices/security/docs/data/#encryption-at-rest", + "[link=https://aws.github.io/aws-eks-best-practices/security/docs/data/#encryption-at-rest]Click to see the guide[/link]", ) return offenders @@ -39,7 +39,7 @@ def use_encryption_with_efs(resources: Resources): print_persistent_volume_table( offenders, "[red]EFS Persistent volumes should have tls mount option", - "Link: https://aws.github.io/aws-eks-best-practices/security/docs/data/#encryption-at-rest", + "[link=https://aws.github.io/aws-eks-best-practices/security/docs/data/#encryption-at-rest]Click to see the guide[/link]", ) return offenders @@ -57,6 +57,6 @@ def use_efs_access_points(resources: Resources): print_persistent_volume_table( offenders, "[red]EFS Persistent volumes should leverage access points", - "Link: https://aws.github.io/aws-eks-best-practices/security/docs/data/#use-efs-access-points-to-simplify-access-to-shared-datasets", + "[link=https://aws.github.io/aws-eks-best-practices/security/docs/data/#use-efs-access-points-to-simplify-access-to-shared-datasets]Click to see the guide[/link]", ) return offenders diff --git a/hardeneks/cluster_wide/security/iam.py b/hardeneks/cluster_wide/security/iam.py index ea5aee0..d362fd7 100644 --- a/hardeneks/cluster_wide/security/iam.py +++ b/hardeneks/cluster_wide/security/iam.py @@ -24,7 +24,7 @@ def restrict_wildcard_for_cluster_roles(resources: Resources): print_role_table( offenders, "[red]ClusterRoles should not have '*' in Verbs or Resources", - "Link: https://aws.github.io/aws-eks-best-practices/security/docs/iam/#employ-least-privileged-access-when-creating-rolebindings-and-clusterrolebindings", + "[link=https://aws.github.io/aws-eks-best-practices/security/docs/iam/#employ-least-privileged-access-when-creating-rolebindings-and-clusterrolebindings]Click to see the guide[/link]", "ClusterRole", ) return offenders @@ -40,7 +40,7 @@ def check_endpoint_public_access(resources: Resources): print( Panel( "[red]EKS Cluster Endpoint is not Private", - subtitle="Link: https://aws.github.io/aws-eks-best-practices/security/docs/iam/#make-the-eks-cluster-endpoint-private", + subtitle="[link=https://aws.github.io/aws-eks-best-practices/security/docs/iam/#make-the-eks-cluster-endpoint-private]Click to see the guide[/link]", ) ) console.print() @@ -58,7 +58,7 @@ def check_aws_node_daemonset_service_account(resources: Resources): print( Panel( "[red]Update the aws-node daemonset to use IRSA", - subtitle="Link: https://aws.github.io/aws-eks-best-practices/security/docs/iam/#update-the-aws-node-daemonset-to-use-irsa", + subtitle="[link=https://aws.github.io/aws-eks-best-practices/security/docs/iam/#update-the-aws-node-daemonset-to-use-irsa]Click to see the guide[/link]", ) ) console.print() @@ -95,7 +95,7 @@ def check_access_to_instance_profile(resources: Resources): print_instance_metadata_table( offenders, "[red]Restrict access to the instance profile assigned to nodes", - "Link: https://aws.github.io/aws-eks-best-practices/security/docs/iam/#when-your-application-needs-access-to-imds-use-imdsv2-and-increase-the-hop-limit-on-ec2-instances-to-2", + "[link=https://aws.github.io/aws-eks-best-practices/security/docs/iam/#when-your-application-needs-access-to-imds-use-imdsv2-and-increase-the-hop-limit-on-ec2-instances-to-2]Click to see the guide[/link]", ) return offenders @@ -116,7 +116,7 @@ def disable_anonymous_access_for_cluster_roles(resources: Resources): print_role_table( offenders, "[red]Don't bind clusterroles to anonymous/unauthenticated groups", - "Link: https://aws.github.io/aws-eks-best-practices/security/docs/iam/#review-and-revoke-unnecessary-anonymous-access", + "[link=https://aws.github.io/aws-eks-best-practices/security/docs/iam/#review-and-revoke-unnecessary-anonymous-access]Click to see the guide[/link]", "ClusterRoleBinding", ) diff --git a/hardeneks/cluster_wide/security/image_security.py b/hardeneks/cluster_wide/security/image_security.py index 28e1f49..ba232c0 100644 --- a/hardeneks/cluster_wide/security/image_security.py +++ b/hardeneks/cluster_wide/security/image_security.py @@ -18,7 +18,7 @@ def use_immutable_tags_with_ecr(resources: Resources): offenders, "imageTagMutability", "[red]Make image tags immutable.", - "Link: https://aws.github.io/aws-eks-best-practices/security/docs/image/#use-immutable-tags-with-ecr", + "[link=https://aws.github.io/aws-eks-best-practices/security/docs/image/#use-immutable-tags-with-ecr]Click to see the guide[/link]", ) return offenders diff --git a/hardeneks/cluster_wide/security/infrastructure_security.py b/hardeneks/cluster_wide/security/infrastructure_security.py index 9caec37..e282a1b 100644 --- a/hardeneks/cluster_wide/security/infrastructure_security.py +++ b/hardeneks/cluster_wide/security/infrastructure_security.py @@ -34,7 +34,7 @@ def deploy_workers_onto_private_subnets(resources: Resources): print_instance_public_table( offenders, "[red]Place worker nodes on private subnets.", - "Link: https://aws.github.io/aws-eks-best-practices/security/docs/hosts/#deploy-workers-onto-private-subnets", + "[link=https://aws.github.io/aws-eks-best-practices/security/docs/hosts/#deploy-workers-onto-private-subnets]Click to see the guide[/link]", ) return offenders @@ -59,7 +59,7 @@ def make_sure_inspector_is_enabled(resources: Resources): print( Panel( "[red]Enable Amazon Inspector for ec2 and ecr", - subtitle="Link: https://aws.github.io/aws-eks-best-practices/security/docs/hosts/#run-amazon-inspector-to-assess-hosts-for-exposure-vulnerabilities-and-deviations-from-best-practices", + subtitle="[link=https://aws.github.io/aws-eks-best-practices/security/docs/hosts/#run-amazon-inspector-to-assess-hosts-for-exposure-vulnerabilities-and-deviations-from-best-practices]Click to see the guide[/link]", ) ) console.print() diff --git a/hardeneks/cluster_wide/security/multi_tenancy.py b/hardeneks/cluster_wide/security/multi_tenancy.py index aab9e3d..118f87d 100644 --- a/hardeneks/cluster_wide/security/multi_tenancy.py +++ b/hardeneks/cluster_wide/security/multi_tenancy.py @@ -20,7 +20,7 @@ def ensure_namespace_quotas_exist(resources: Resources): print_namespace_table( offenders, "[red]Namespaces should have quotas assigned", - "Link: https://aws.github.io/aws-eks-best-practices/security/docs/multitenancy/#namespaces", + "[link=https://aws.github.io/aws-eks-best-practices/security/docs/multitenancy/#namespaces]Click to see the guide[/link]", ) return offenders diff --git a/hardeneks/cluster_wide/security/network_security.py b/hardeneks/cluster_wide/security/network_security.py index d2deda9..e1345a0 100644 --- a/hardeneks/cluster_wide/security/network_security.py +++ b/hardeneks/cluster_wide/security/network_security.py @@ -27,7 +27,7 @@ def check_vpc_flow_logs(resources: Resources): print( Panel( "[red]Enable flow logs for your VPC.", - subtitle="Link: https://aws.github.io/aws-eks-best-practices/security/docs/network/#log-network-traffic-metadata", + subtitle="[link=https://aws.github.io/aws-eks-best-practices/security/docs/network/#log-network-traffic-metadata]Click to see the guide[/link]", ) ) console.print() @@ -43,7 +43,7 @@ def check_awspca_exists(resources: Resources): print( Panel( "[red]Install aws privateca issuer for your certificates.", - subtitle="Link: https://aws.github.io/aws-eks-best-practices/security/docs/network/#acm-private-ca-with-cert-manager", + subtitle="[link=https://aws.github.io/aws-eks-best-practices/security/docs/network/#acm-private-ca-with-cert-manager]Click to see the guide[/link]", ) ) console.print() @@ -60,7 +60,7 @@ def check_default_deny_policy_exists(resources: Resources): print_namespace_table( offenders, "[red]Namespaces that does not have default network deny policies", - "Link: https://aws.github.io/aws-eks-best-practices/security/docs/network/#create-a-default-deny-policy", + "[link=https://aws.github.io/aws-eks-best-practices/security/docs/network/#create-a-default-deny-policy]Click to see the guide[/link]", ) return offenders diff --git a/hardeneks/cluster_wide/security/pod_security.py b/hardeneks/cluster_wide/security/pod_security.py index 8618686..1f8c478 100644 --- a/hardeneks/cluster_wide/security/pod_security.py +++ b/hardeneks/cluster_wide/security/pod_security.py @@ -22,7 +22,7 @@ def ensure_namespace_psa_exist(resources: Resources): print_namespace_table( offenders, "[red]Namespaces should have psa modes.", - "Link: https://aws.github.io/aws-eks-best-practices/security/docs/pods/#pod-security-standards-pss-and-pod-security-admission-psa", + "[link=https://aws.github.io/aws-eks-best-practices/security/docs/pods/#pod-security-standards-pss-and-pod-security-admission-psa]Click to see the guide[/link]", ) return offenders diff --git a/hardeneks/namespace_based/reliability/applications.py b/hardeneks/namespace_based/reliability/applications.py index 482d4f4..a6aeeb5 100644 --- a/hardeneks/namespace_based/reliability/applications.py +++ b/hardeneks/namespace_based/reliability/applications.py @@ -19,7 +19,7 @@ def avoid_running_singleton_pods(namespaced_resources: NamespacedResources): print_pod_table( offenders, "[red]Avoid running pods without deployments.", - "Link: https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#avoid-running-singleton-pods", + "[link=https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#avoid-running-singleton-pods]Click to see the guide[/link]", ) return offenders @@ -35,7 +35,7 @@ def run_multiple_replicas(namespaced_resources: NamespacedResources): print_deployment_table( offenders, "[red]Avoid running single replica deployments", - "Link: https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#run-multiple-replicas", + "[link=https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#run-multiple-replicas]Click to see the guide[/link]", ) return offenders @@ -58,7 +58,7 @@ def schedule_replicas_across_nodes(namespaced_resources: NamespacedResources): print_service_table( offenders, "[red]Spread replicas across AZs and Nodes", - "Link: https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#schedule-replicas-across-nodes", + "[link=https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#schedule-replicas-across-nodes]Click to see the guide[/link]", ) return offenders @@ -78,7 +78,7 @@ def check_horizontal_pod_autoscaling_exists( print_service_table( offenders, "[red]Deploy horizontal pod autoscaler for deployments", - "Link: https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#horizontal-pod-autoscaler-hpa", + "[link=https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#horizontal-pod-autoscaler-hpa]Click to see the guide[/link]", ) return offenders @@ -95,7 +95,7 @@ def check_readiness_probes(namespaced_resources: NamespacedResources): print_pod_table( offenders, "[red]Define readiness probes for pods.", - "Link: https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#use-readiness-probe-to-detect-partial-unavailability", + "[link=https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#use-readiness-probe-to-detect-partial-unavailability]Click to see the guide[/link]", ) return offenders @@ -112,6 +112,6 @@ def check_liveness_probes(namespaced_resources: NamespacedResources): print_pod_table( offenders, "[red]Define liveness probes for pods.", - "Link: https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#use-liveness-probe-to-remove-unhealthy-pods", + "[link=https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#use-liveness-probe-to-remove-unhealthy-pods]Click to see the guide[/link]", ) return offenders diff --git a/hardeneks/namespace_based/security/encryption_secrets.py b/hardeneks/namespace_based/security/encryption_secrets.py index e174a7f..9ca1743 100644 --- a/hardeneks/namespace_based/security/encryption_secrets.py +++ b/hardeneks/namespace_based/security/encryption_secrets.py @@ -22,7 +22,7 @@ def disallow_secrets_from_env_vars(resources: NamespacedResources): print_pod_table( offenders, "[red]Disallow secrets from env vars", - "Link: https://aws.github.io/aws-eks-best-practices/security/docs/data/#use-volume-mounts-instead-of-environment-variables", + "[link=https://aws.github.io/aws-eks-best-practices/security/docs/data/#use-volume-mounts-instead-of-environment-variables]Click to see the guide[/link]", ) return offenders diff --git a/hardeneks/namespace_based/security/iam.py b/hardeneks/namespace_based/security/iam.py index 2bda99f..698074e 100644 --- a/hardeneks/namespace_based/security/iam.py +++ b/hardeneks/namespace_based/security/iam.py @@ -27,7 +27,7 @@ def restrict_wildcard_for_roles(resources: NamespacedResources): print_role_table( offenders, "[red]Roles should not have '*' in Verbs or Resources", - "Link: https://aws.github.io/aws-eks-best-practices/security/docs/iam/#employ-least-privileged-access-when-creating-rolebindings-and-clusterrolebindings", + "[link=https://aws.github.io/aws-eks-best-practices/security/docs/iam/#employ-least-privileged-access-when-creating-rolebindings-and-clusterrolebindings]Click to see the guide[/link]", "Role", ) return offenders @@ -44,7 +44,7 @@ def disable_service_account_token_mounts(resources: NamespacedResources): print_pod_table( offenders, "[red]Auto-mounting of Service Account tokens is not allowed", - "Link: https://aws.github.io/aws-eks-best-practices/security/docs/iam/#disable-auto-mounting-of-service-account-tokens", + "[link=https://aws.github.io/aws-eks-best-practices/security/docs/iam/#disable-auto-mounting-of-service-account-tokens]Click to see the guide[/link]", ) return offenders @@ -64,7 +64,7 @@ def disable_run_as_root_user(resources: NamespacedResources): print_pod_table( offenders, "[red]Running as root is not allowed", - "Link: https://aws.github.io/aws-eks-best-practices/security/docs/iam/#run-the-application-as-a-non-root-user", + "[link=https://aws.github.io/aws-eks-best-practices/security/docs/iam/#run-the-application-as-a-non-root-user]Click to see the guide[/link]", ) return offenders @@ -86,7 +86,7 @@ def disable_anonymous_access_for_roles(resources: NamespacedResources): print_role_table( offenders, "[red]Don't bind roles to anonymous or unauthenticated groups", - "Link: https://aws.github.io/aws-eks-best-practices/security/docs/iam/#review-and-revoke-unnecessary-anonymous-access", + "[link=https://aws.github.io/aws-eks-best-practices/security/docs/iam/#review-and-revoke-unnecessary-anonymous-access]Click to see the guide[/link]", "RoleBinding", ) return offenders @@ -116,7 +116,7 @@ def use_dedicated_service_accounts_for_each_deployment( print_workload_table( offenders, "[red]Don't share service accounts between Deployments", - "Link: https://aws.github.io/aws-eks-best-practices/security/docs/iam/#use-dedicated-service-accounts-for-each-application", + "[link=https://aws.github.io/aws-eks-best-practices/security/docs/iam/#use-dedicated-service-accounts-for-each-application]Click to see the guide[/link]", "Deployment", ) @@ -147,7 +147,7 @@ def use_dedicated_service_accounts_for_each_stateful_set( print_workload_table( offenders, "[red]Don't share service accounts between StatefulSets", - "Link: https://aws.github.io/aws-eks-best-practices/security/docs/iam/#use-dedicated-service-accounts-for-each-application", + "[link=https://aws.github.io/aws-eks-best-practices/security/docs/iam/#use-dedicated-service-accounts-for-each-application]Click to see the guide[/link]", "StatefulSet", ) @@ -178,7 +178,7 @@ def use_dedicated_service_accounts_for_each_daemon_set( print_workload_table( offenders, "[red]Don't share service accounts between DaemonSets", - "Link: https://aws.github.io/aws-eks-best-practices/security/docs/iam/#use-dedicated-service-accounts-for-each-application", + "[link=https://aws.github.io/aws-eks-best-practices/security/docs/iam/#use-dedicated-service-accounts-for-each-application]Click to see the guide[/link]", "DaemonSet", ) diff --git a/hardeneks/namespace_based/security/network_security.py b/hardeneks/namespace_based/security/network_security.py index 8712fea..0d2ff7d 100644 --- a/hardeneks/namespace_based/security/network_security.py +++ b/hardeneks/namespace_based/security/network_security.py @@ -30,6 +30,6 @@ def use_encryption_with_aws_load_balancers( print_service_table( offenders, "[red]Make sure you specify an ssl cert", - "Link: https://aws.github.io/aws-eks-best-practices/security/docs/network/#use-encryption-with-aws-load-balancers", + "[link=https://aws.github.io/aws-eks-best-practices/security/docs/network/#use-encryption-with-aws-load-balancers]Click to see the guide[/link]", ) return offenders diff --git a/hardeneks/namespace_based/security/pod_security.py b/hardeneks/namespace_based/security/pod_security.py index b75dd36..de4b551 100644 --- a/hardeneks/namespace_based/security/pod_security.py +++ b/hardeneks/namespace_based/security/pod_security.py @@ -27,7 +27,7 @@ def disallow_container_socket_mount(namespaced_resources: NamespacedResources): print_pod_table( offenders, "[red]Container socket mounts are not allowed", - "Link: https://aws.github.io/aws-eks-best-practices/security/docs/pods/#never-run-docker-in-docker-or-mount-the-socket-in-the-container", + "[link=https://aws.github.io/aws-eks-best-practices/security/docs/pods/#never-run-docker-in-docker-or-mount-the-socket-in-the-container]Click to see the guide[/link]", ) return offenders @@ -47,7 +47,7 @@ def disallow_host_path_or_make_it_read_only( print_pod_table( offenders, "[red]Restrict the use of hostpath.", - "Link: https://aws.github.io/aws-eks-best-practices/security/docs/pods/#restrict-the-use-of-hostpath-or-if-hostpath-is-necessary-restrict-which-prefixes-can-be-used-and-configure-the-volume-as-read-only", + "[link=https://aws.github.io/aws-eks-best-practices/security/docs/pods/#restrict-the-use-of-hostpath-or-if-hostpath-is-necessary-restrict-which-prefixes-can-be-used-and-configure-the-volume-as-read-only]Click to see the guide[/link]", ) return offenders @@ -69,7 +69,7 @@ def set_requests_limits_for_containers( print_pod_table( offenders, "[red]Set requests and limits for each container.", - "Link: https://aws.github.io/aws-eks-best-practices/security/docs/pods/#set-requests-and-limits-for-each-container-to-avoid-resource-contention-and-dos-attacks", + "[link=https://aws.github.io/aws-eks-best-practices/security/docs/pods/#set-requests-and-limits-for-each-container-to-avoid-resource-contention-and-dos-attacks]Click to see the guide[/link]", ) return offenders @@ -90,7 +90,7 @@ def disallow_privilege_escalation(namespaced_resources: NamespacedResources): print_pod_table( offenders, "[red]Set allowPrivilegeEscalation in the pod spec to false", - "Link: https://aws.github.io/aws-eks-best-practices/security/docs/pods/#do-not-allow-privileged-escalation", + "[link=https://aws.github.io/aws-eks-best-practices/security/docs/pods/#do-not-allow-privileged-escalation]Click to see the guide[/link]", ) return offenders @@ -111,7 +111,7 @@ def check_read_only_root_file_system( print_pod_table( offenders, "[red]Configure your images with a read-only root file system", - "Link: https://aws.github.io/aws-eks-best-practices/security/docs/pods/#configure-your-images-with-read-only-root-file-system", + "[link=https://aws.github.io/aws-eks-best-practices/security/docs/pods/#configure-your-images-with-read-only-root-file-system]Click to see the guide[/link]", ) return offenders diff --git a/hardeneks/namespace_based/security/runtime_security.py b/hardeneks/namespace_based/security/runtime_security.py index 644482f..91e349b 100644 --- a/hardeneks/namespace_based/security/runtime_security.py +++ b/hardeneks/namespace_based/security/runtime_security.py @@ -40,7 +40,7 @@ def disallow_linux_capabilities(namespaced_resources: NamespacedResources): """ [red]Capabilities beyond the allowed list are disallowed. """, - "Link: https://aws.github.io/aws-eks-best-practices/security/docs/runtime/#consider-adddropping-linux-capabilities-before-writing-seccomp-policies", + "[link=https://aws.github.io/aws-eks-best-practices/security/docs/runtime/#consider-adddropping-linux-capabilities-before-writing-seccomp-policies]Click to see the guide[/link]", ) return offenders