Initial commit

2025-11-29 17:51:02 +08:00
commit ff1f4bd119
252 changed files with 72682 additions and 0 deletions
--- a/skills/devsecops/container-hadolint/assets/hadolint-balanced.yaml
+++ b/skills/devsecops/container-hadolint/assets/hadolint-balanced.yaml
@@ -0,0 +1,40 @@
+# Hadolint Balanced Configuration
+# Recommended for most production use cases
+# Balances security enforcement with practical development needs
+
+failure-threshold: warning
+
+# Allow common development patterns that don't compromise security
+ignored:
+  - DL3059  # Multiple RUN instructions (improves layer caching in development)
+
+# Trusted registries - add your organization's registries
+trustedRegistries:
+  - docker.io/library     # Official Docker Hub images
+  - gcr.io/distroless     # Google distroless images
+  - cgr.dev/chainguard    # Chainguard images
+  # Add your private registries below:
+  # - mycompany.azurecr.io
+  # - gcr.io/my-project
+
+# Balanced severity levels
+override:
+  error:
+    - DL3002  # Never switch to root (critical security)
+    - DL3020  # Use COPY instead of ADD (prevent URL injection)
+  warning:
+    - DL3000  # Use absolute WORKDIR
+    - DL3001  # Version pinning for package managers
+    - DL3006  # Always tag images
+    - DL3008  # Version pinning for apt
+    - DL3013  # Version pinning for pip
+    - DL3025  # Use JSON notation for CMD/ENTRYPOINT
+  info:
+    - DL3007  # Use image digests (nice to have)
+    - DL3009  # Delete apt cache (optimization)
+
+# Recommended OCI labels
+label-schema:
+  maintainer: text
+  org.opencontainers.image.version: semver
+  org.opencontainers.image.vendor: text