@@ -126,11 +126,20 @@ environments:
126126 _rawValues :
127127 customRules :
128128 otomi-rules.yaml : >-
129+ - macro: protected_shell_spawner
130+ condition: (
131+ container.image.repository in (
132+ ghcr.io/cloudnative-pg
133+ )
134+ )
129135 - macro: k8s_containers
130136 condition: (
131137 container.image.repository in (
132138 docker.io/velero/velero,
133139 docker.io/weaveworks/kured,
140+ ghcr.io/aquasecurity/trivy-operator,
141+ quay.io/argoproj/argocd,
142+ quay.io/keycloak/keycloak-operator,
134143 k8s.gcr.io/kube-state-metrics/kube-state-metrics,
135144 quay.io/jetstack/cert-manager-cainjector,
136145 quay.io/jetstack/cert-manager-controller,
@@ -144,9 +153,17 @@ environments:
144153 docker.io/drone/drone-runner-kube,
145154 docker.io/grafana/promtail,
146155 gcr.io/tekton-releases/github.com/tektoncd/dashboard/cmd/dashboard,
147- quay.io/argoprojlabs/argocd-image-updater
156+ quay.io/argoprojlabs/argocd-image-updater,
157+ gcr.io/tekton-releases/github.com/tektoncd/triggers/cmd/eventlistenersink,
158+ docker.io/bitnami/sealed-secrets-controller,
159+ ghcr.io/cloudnative-pg/postgresql,
160+ jaegertracing/jaeger-operator
148161 ) or (k8s.ns.name = "kube-system")
149162 or (k8s.ns.name = "ingress")
163+ or (k8s.ns.name = "kyverno")
164+ or (k8s.ns.name = "cnpg-system")
165+ or (k8s.ns.name = "tekton-pipelines")
166+ or (k8s.ns.name = "falco")
150167 )
151168 - macro: user_known_write_below_etc_activities
152169 condition: (
0 commit comments