From 3db6f861405b182102d5e02ae9de9a678be113c9 Mon Sep 17 00:00:00 2001
From: Giovanni Toraldo <giovanni.toraldo@hyland.com>
Date: Thu, 3 Oct 2024 12:45:25 +0200
Subject: [PATCH] kics exclude-queries

---
 .github/kics.yml           | 5 +++++
 .github/workflows/kics.yml | 1 +
 2 files changed, 6 insertions(+)
 create mode 100644 .github/kics.yml

diff --git a/.github/kics.yml b/.github/kics.yml
new file mode 100644
index 000000000..e842eefbf
--- /dev/null
+++ b/.github/kics.yml
@@ -0,0 +1,5 @@
+exclude-queries:
+  - 610e266e-6c12-4bca-9925-1ed0cd29742b # Security Opt Not Set
+  - 27fcc7d6-c49b-46e0-98f1-6c082a6a2750 # No New Privileges Not Set
+  - d6355c88-1e8d-49e9-b2f2-f8a1ca12c75b # Docker Socket Mounted In Container
+  - 1c1325ff-831d-43a1-973e-839ae57dfcc0 # Volume Has Sensitive Host Directory
diff --git a/.github/workflows/kics.yml b/.github/workflows/kics.yml
index 071cedbfc..cbf86f5ab 100644
--- a/.github/workflows/kics.yml
+++ b/.github/workflows/kics.yml
@@ -33,6 +33,7 @@ jobs:
           enable_jobs_summary: true
           platform_type: 'dockercompose,kubernetes'
           disable_secrets: true
+          config_path: .github/kics.yml
       - name: Upload SARIF file
         uses: github/codeql-action/upload-sarif@323f5ef653b88011bf10e9a0a56d70d742463c9a # v3.26.8
         with: