f not set, the default value MaxPolicySelect is used.CapacityRequestPolicy defines how requests consume device capacity. Must not set more than one ValidRequestValues.TimeAdded represents the time at which the taint was added. Added automatically during create or update if not set.A block definition must have block content delimited by "{" and "}", starting on the same line as the block header. https://checkmarx.com/resource/documents/en/34965-68627-auth.html#UUID-c64cdceb-1072-ca20-aa7d-2ba9fd0c4160 https://checkmarx.com/resource/documents/en/34965-68627-auth.html#UUID-01803060-8f64-8090-c956-2b505b1d4b61 https://checkmarx.com/resource/documents/en/34965-68643-scan.html#UUID-d1d53a56-197a-6a16-95e5-c437e6dc060a https://checkmarx.com/resource/documents/en/34965-68643-scan.html#UUID-800f2022-3609-3f40-6f77-9371e54f8b71 https://checkmarx.com/resource/documents/en/34965-68643-scan.html#UUID-851aa940-0454-ec17-4d29-42a2fa1352e0 https://checkmarx.com/resource/documents/en/34965-68643-scan.html#UUID-9a524fb7-0dba-314d-9068-ccea184bc8d9 https://checkmarx.com/resource/documents/en/34965-68643-scan.html#UUID-c073d85b-7605-0c89-909c-7d5b9caaec16 https://checkmarx.com/resource/documents/en/34965-68643-scan.html#UUID-f92335a6-5b1c-e158-7914-2a4e72a2ada5 https://checkmarx.com/resource/documents/en/34965-68643-scan.html#UUID-a0bb20d5-5182-3fb4-3da0-0e263344ffe7 https://checkmarx.com/resource/documents/en/34965-68643-scan.html#UUID-350af120-85fa-9f20-7051-6d605524b4fc 3940200619639447921227904010014361380507973927046544666794829340424572177149687032904726608825893800186160697311231939402006196394479212279040100143613805079739270465446667946905279627659399113263569398956308152294913554433653942643FieldSelectorRequirement is a selector that contains values, a key, and an operator that relates the key and values.operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.The container in which to execute the command. Defaults to only container if there is only one container in the pod.volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.Found a Confluent Secret Key, potentially risking unauthorized operations and data access within Confluent services.Uncovered a Flutterwave Encryption Key, which may compromise payment processing and sensitive financial information.Identified a GitLab Personal Access Token, risking unauthorized access to GitLab repositories and codebase exposure.Identified a Shopify private app access token, risking unauthorized access to private app data and store operations.Identified a Travis CI Access Token, potentially compromising continuous integration services and codebase security.object refers to a metric describing a single kubernetes object (for example, hits-per-second on an Ingress object).ParamRef describes how to locate the params to be used as input to expressions of rules applied by a policy binding.ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interfaceParses the given string as a number of the given base, or raises an error if the string contains invalid characters. $ cx triage show --similarity-id --project-id --scan-type $ cx results risk-management --project-id --scan-id --limit (1-50, default: 50) $ cx results codebashing --language --vulnerability-type --cwe-id --format The Checkmarx One CLI is a fully functional Command Line Interface (CLI) that interacts with the Checkmarx One serverRunning a IaC-Realtime scan is a fast and efficient way to identify Infrustructure as Code vulnerabilities in a file. https://checkmarx.com/resource/documents/en/34965-68653-utils.html#UUID-e086afe1-7bd7-917c-8440-0e965f2e348e https://checkmarx.com/resource/documents/en/34965-68653-utils.html#UUID-f7245425-72b9-9854-a60a-a9f37e0173d9 https://checkmarx.com/resource/documents/en/34965-68653-utils.html#UUID-815a1110-31ef-7cfb-e640-755fab4fae0d tls: failed to find "CERTIFICATE" PEM block in certificate input after skipping PEM blocks of the following types: %vRepresents an empty directory for a pod. Empty directory volumes support ownership management and SELinux relabeling.path of the full path to the volume on the node. It can be either a directory or block device (disk, partition, ...).user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-itDiscovered a potential Asana Client ID, risking unauthorized access to Asana projects and sensitive task information.Discovered a New Relic user API Key, which could lead to compromised application insights and performance monitoring.Discovered a Sidekiq Secret, which could lead to compromised background job processing and application data breaches.(?i)\b(http(?:s??):\/\/)([a-f0-9]{8}:[a-f0-9]{8})@(?:gems.contribsys.com|enterprise.contribsys.com)(?:[\/|\#|\?|:]|$)Detected a Zendesk Secret Key, risking unauthorized access to customer support services and sensitive ticketing data.targetAverageValue is the target per-pod value of global metric (as a quantity). Mutually exclusive with TargetValue.number of undefined symbols after index in dynamic symbol table command is greater than symbol table length (%d > %d)Produces a list of one or more strings by splitting the given string at all instances of a given separator substring.Only files scannable by AST are included by default. Add a comma separated list of extra inclusions, ex: *zip,file.txtContainerExtendedResourceRequest has the mapping of container name, extended resource name to the device request name.Represents a host path mapped into a pod. Host path volumes do not support ownership management or SELinux relabeling.The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)Set of ids/uuids to uniquely identify the node. More info: https://kubernetes.io/docs/reference/node/node-status/#infoIdentified a Discord client ID, which may lead to unauthorized integrations and data exposure in Discord applications.Identified a Finicity Client Secret, which could lead to compromised financial service integrations and data breaches.Found a GitLab Pipeline Trigger Token, potentially compromising continuous integration workflows and project security.Discovered a JFrog Identity Token, potentially compromising access to JFrog services and sensitive software artifacts.Discovered a Kucoin Secret Key, which could lead to compromised cryptocurrency operations and financial data breaches.Uncovered a Launchdarkly Access Token, potentially compromising feature flag management and application functionality.Detected a Shopify custom access token, potentially compromising custom app integrations and e-commerce data security.Uncovered a Yandex AWS Access Token, potentially compromising cloud resource access and data security on Yandex Cloud.Spec specifies the selector and one taint. Changing the spec automatically increments the metadata.generation number.If the given number is negative then returns its positive equivalent, or otherwise returns the given number unchanged. https://checkmarx.com/resource/documents/en/34965-68634-project.html#UUID-44ecd672-8f1f-32de-6c2e-838b680a0bf4 https://checkmarx.com/resource/documents/en/34965-68634-project.html#UUID-bd2c6c68-081a-e134-b16b-067aba3a8eae https://checkmarx.com/resource/documents/en/34965-68634-project.html#UUID-a5d021d1-2917-4327-a889-b4f1a9d19b6d https://checkmarx.com/resource/documents/en/34965-68634-project.html#UUID-2382b35f-fac9-f169-711b-73570278adb1 https://checkmarx.com/resource/documents/en/34965-68634-project.html#UUID-eab37623-899c-e97d-e702-6b1946592986 The kics-realtime command enables the ability to create, run and retrieve results from a kics scan using a docker imageREVERSED_CLIENT_ID com.googleusercontent.apps.407966239993-b1h97alknrmf0g846um5pr3a25s9qmeuIdentified a Vault Service Token, potentially compromising infrastructure security and access to sensitive credentials.GroupVersion contains the "group/version" and "version" string of a version. It is made a struct to keep extensibility.UID is the metadata.UID of the referenced ConfigMap. This field is forbidden in Node.Spec, and required in Node.Status.A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.Pod is a collection of containers that can run on a host. This resource is created by clients and scheduled onto hosts.List of ServiceAccounts. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/Discovered a potential Bitbucket Client Secret, posing a risk of compromised code repositories and unauthorized access.Identified a Confluent Access Token, which could compromise access to streaming data platforms and sensitive data flow.Uncovered a Hugging Face Organization API token, potentially compromising AI organization accounts and associated data.The results of type checking for each expression. Presence of this field indicates the completion of the type checking.Verb is a list of kubernetes resource API verbs, like: get, list, watch, create, update, delete, proxy. "*" means all. $ cx hooks pre-receive secrets-scan $ cx hooks pre-receive secrets-scan --config /path/to/config.yaml provided repository url doesn't need a key. Make sure you are defining the right repository or remove the flag --ssh-keyApp password for Bitbucket authentication.Requires read on “Workspace membership“ and “Repositories“ permissions--output=https://elastic:bF21iC0bfTVXo3qhpJqTGs78@c22f5bc9787c4c268d3b069ad866bdc2.eu-central-1.aws.cloud.es.io:9243/tfsA label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.StatusCause provides more information about an api.Status failure, including cases when multiple errors are encountered.A collection of filters that must match each object tracked by a quota. If not specified, the quota matches all objects.Current service state of pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditionsIdentified an Asana Client Secret, which could lead to compromised project management integrity and unauthorized access.Uncovered a DigitalOcean OAuth Refresh Token, which could allow prolonged unauthorized access and resource manipulation.Identified an EasyPost API token, which could lead to unauthorized postal and shipment service access and data exposure.Discovered a Freshbooks Access Token, posing a risk to accounting software access and sensitive financial data exposure.Uncovered a Microsoft Teams Webhook, which could lead to unauthorized access to team collaboration tools and data leaks.Verb is a list of kubernetes non-resource API verbs, like: get, post, put, delete, patch, head, options. "*" means all.nodeName represents the name of the Node hosting this endpoint. This can be used to determine endpoints local to a Node.The get-states command shows information about each of the custom states that have been configured in your tenant accountPlease provide SPN using: --proxy-kerberos-spn 'HTTP/proxy.example.com' or set CX_PROXY_KERBEROS_SPN environment variable https://checkmarx.com/resource/documents/en/34965-68630-configure.html#UUID-44d2b9af-ae5d-3be9-5e3e-0fda0ab85e05 $ cx utils remediation sca --package --package-files --package-version The BitBucket Server command presents the unique contributors for the provided Bitbucket Server projects and repositoriesWarning: Dependencies are handled in Chart.yaml since apiVersion "v2". We recommend migrating dependencies to Chart.yaml.Uncovered a possible Clojars API token, risking unauthorized access to Clojure libraries and potential code manipulation.websocket: protocol %q was given but is not supported;sharing tls.Config with net/http Transport can cause this error: %wComponentStatus (and ComponentStatusList) holds the cluster validation info. Deprecated: This API is deprecated in v1.19+ProbeHandler defines a specific action that should be taken in a probe. One and only one of the fields must be specified.Uncovered a possible Authress Service Client Access Key, which may compromise access control services and sensitive data.Discovered a Facebook Access Token, posing a risk of unauthorized access to Facebook accounts and personal data exposure.Identified a HashiCorp Terraform password field, risking unauthorized infrastructure configuration and security breaches.Detected a Base64-encoded JSON Web Token, posing a risk of exposing encoded authentication and data exchange information.Generic error returned when the error does not have an API classification.no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal)certificate-authority-data and certificate-authority are both specified for %v. certificate-authority-data will override.api.ExecConfig{Command: %q, Args: %#v, Env: %s, APIVersion: %q, ProvideClusterInfo: %t, Config: %s, StdinUnavailable: %t}PodCertificateRequestStatus describes the status of the request, and holds the certificate data if the request is issued.audience is the intended audience of the token in "TokenRequestSpec". It will default to the audiences of kube apiserver.Returns true if if the given collection can be indexed with the given key without producing an error, or false otherwise. flags=() two_word_flags=() local_nonpersistent_flags=() flags_with_completion=() flags_completion=() The bitbucket command presents the unique contributors for the provided Bitbucket organizations, projects and repositoriesserver is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfsResources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.Uncovered a possible Airtable API Key, potentially compromising database access and leading to data leakage or alteration.Detected an Alibaba Cloud AccessKey ID, posing a risk of unauthorized cloud resource access and potential data compromise.Detected a Beamer API token, potentially compromising content management and exposing sensitive notifications and updates.PersistentVolumeClaimRetentionPolicy describes the policy used for PVCs created from the StatefulSet VolumeClaimTemplates.availableReplicas is the total number of available pods (ready for at least minReadySeconds) targeted by this StatefulSet.ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.Dynamically-linked Go plugins as containerd runtimes will be deprecated in containerd v2.0 and removed in containerd v2.1.failed to read OCI archive tar file: %w. Make sure this is a valid OCI archive created with 'buildah push' or 'skopeo copy'datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecatedThe header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.reason is a brief CamelCase string that describes any failure and is meant for machine parsing and tidy display in the CLI.List of replication controllers. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontrollerIdentified a New Relic ingest browser API token, risking unauthorized access to application performance data and analytics.Label selector for pods. Existing ReplicaSets whose pods are selected by this will be the ones affected by this deployment.name is the name of the referent; More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesThe API server can decode objects encoded in these versions. The encodingVersion must be included in the decodableVersions.NonResourceAttributes includes the authorization attributes available for non-resource requests to the Authorizer interfacedesiredReplicas is the desired number of replicas of pods managed by this autoscaler, as last calculated by the autoscaler.PriorityClass defines mapping from a priority class name to the priority integer value. The value can be any valid integer.The given key does not identify an element in this collection value: a negative number is not a valid index for a sequence.UID is an identifier for the individual request/response. This must be copied over from the corresponding AdmissionRequest.{{with (or .Long .Short)}}{{. | trimTrailingWhitespaces}} {{end}}{{if or .Runnable .HasSubCommands}}{{.UsageString}}{{end}}tls: failed to find certificate PEM data in certificate input, but did find a private key; PEM inputs may have been switchedgrpc: no transport security set (use grpc.WithTransportCredentials(insecure.NewCredentials()) explicitly or set credentials)Optional text to prepend to the name of each environment variable. May consist of any printable ASCII characters except '='.Protocol is the protocol of the service port of which status is recorded here The supported values are: "TCP", "UDP", "SCTP"Discovered a Dropbox short-lived API token, posing a risk of temporary but potentially harmful data access and manipulation."value": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1ODk1ODU1NjN9.PtfDS1niGoZ7pV6kplI-_q1fVKLnknQ3IwcrLZhoVCU",maxReplicas is the upper limit for the number of pods that can be set by the autoscaler; cannot be smaller than MinReplicas.MetricSpec specifies how to scale based on a single metric (only `type` and one other matching field should be set at once).protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP.Merges all of the elements from the given maps into a single map, or the attributes from given objects into a single object.Applies the given regular expression pattern to the given string and replaces all matches with the given replacement string.There was a problem importing the SARIF file. Please contact support for further details with the following error code: %d %sDescribes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.Capacity represents the total resources of a node. More info: https://kubernetes.io/docs/reference/node/node-status/#capacityType is the type of the condition. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditionsMinimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.Detected a Coinbase Access Token, posing a risk of unauthorized access to cryptocurrency accounts and financial transactions.Discovered a Slack Configuration refresh token, potentially allowing prolonged unauthorized access to configuration settings.IngressClassParametersReference identifies an API object. This can be used to specify a cluster or namespace-scoped resource.Contains the information published by the driver. Changing the spec automatically increments the metadata.generation number.attacher indicates the name of the volume driver that MUST handle this request. This is the name returned by GetPluginName().UID is an identifier for the individual request/response. This should be copied over from the corresponding AdmissionRequest.The aufs snapshotter is deprecated since containerd v1.5 and removed in containerd v2.0. Use the overlay snapshotter instead.version specifies the version in the form of "version". This is to save the clients the trouble of splitting the GroupVersion.UpdateOptions may be provided when updating an API object. All fields in UpdateOptions should also be present in PatchOptions.secretNamespace is the namespace of the secret that contains Azure Storage Account Name and Key default is the same as the PodA topology selector requirement is a selector that matches given label. This is an alpha feature and may change in the future.TypedLocalObjectReference contains enough information to let you locate the typed referenced object inside the same namespace.Uncovered a Fastly API key, which may compromise CDN and edge cloud services, leading to content delivery and security issues.Detected a GoCardless API token, potentially risking unauthorized direct debit payment operations and financial data exposure. M_UINT (ServingCellPriorityParametersDescription_t, H_PRIO, 2, &hf_servingcellpriorityparametersdescription_h_prio),status of the condition, one of True, False, Unknown. Approved, Denied, and Failed conditions may not be "False" or "Unknown".Standard list metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataAn argument or block definition is required here. To set an argument, use the equals sign "=" to introduce the argument value. $ cx scan iac-realtime -s --ignored-file-path Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.Identified a Bittrex Access Key, which could lead to unauthorized access to cryptocurrency trading accounts and financial loss.Uncovered a GitHub Personal Access Token, potentially leading to unauthorized repository access and sensitive content exposure."access_token3": "xoxs-420083410720-421837374423-440811613314-977844f625b707d5b0b268206dbc92cbc85feef3e71b08e44815a8e6e7657190"Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataRule is a tuple of APIGroups, APIVersion, and Resources.It is recommended to make sure that all the tuple expansions are valid.command %v has exited with %v, make sure the URL is valid, and Docker 18.09 or later is installed on the remote host: stderr=%sConstructs a string by applying formatting verbs to a series of arguments, using a similar syntax to the C function \"printf\". --------------------------------------------------------------------------------------------------------------------------------================================================================================================================================Address of this server, suitable for a client that matches the above CIDR. This can be a hostname, hostname:port, IP or IP:port.Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kindsThe name attribute of the resource associated with the status StatusReason (when there is a single name which can be described).The path within the volume from which to select the file. Must be relative and may not contain the '..' path or start with '..'.Items is a list of LimitRange objects. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/Represents an NFS mount that lasts the lifetime of a pod. NFS volumes do not support ownership management or SELinux relabeling.This should be a short, machine understandable string that gives the reason for the transition into the object's current status.volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.Discovered a potential Age encryption tool secret key, risking data decryption and unauthorized access to sensitive information.Detected an Atlassian API token, posing a threat to project management and collaboration tool security and data confidentiality.replicas is the number of desired pods. This is a pointer to distinguish between explicit zero and not specified. Defaults to 1.Kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds^(?:(?:[a-zA-Z]:|\\\\[a-z0-9_.$●-]+\\[a-z0-9_.$●-]+)\\|\\?[^\\/:*?"<>|\r\n]+\\?)(?:[^\\/:*?"<>|\r\n]+\\)*[^\\/:*?"<>|\r\n]*$AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA900697CBBBCF9441CFAB76E1890E46884EAE321F70C0BCB4981527897504BEC3E36A62BCDFA2304976540F6450085F2DAE145C22553B465763689180EA2571867423E640ECE5C12788717B9C1BA06CBC2A6FEBA85842458C56DDE9DB1758D39C0313D82BA51735CDB3EA499AA77A7D6943A64F7A3F25FE26F06B51BAA2696FA9035DA5B534BD595F5AF0FA2C892376C84ACE1BB4E3019B71634C01131159CAE03CEE9D9932184BEEF216BD71DF2DADF86A627306ECFF96DBB8BACE198B61E00F8B33281AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D0098EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F8227DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F8111B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD8089212EE58E6764838B69782136F0F2D3BA06E27695716054092E60A80BEDB212B64E585D90BCE13761F85C3F1D2A64E3BE8FEA2220F01EBA5EEB0F35DBD29D922ABhttps://gitlab.com/gitlab-org/security-products/security-report-schemas/-/blob/master/dist/dependency-scanning-report-format.jsonAccess to the specified file is restricted. Please ensure you have the necessary permissions to access the CLI configuration filetls: failed to find PEM block with type ending in "PRIVATE KEY" in key input after skipping PEM blocks of the following types: %vdes-cbc-crc des-cbc-md4 des-cbc-md5 des-cbc-raw des3-cbc-raw des-hmac-sha1 arcfour-hmac-exp rc4-hmac-exp arcfour-hmac-md5-exp desfailed to parse manifest.json: %w. Make sure this tar file was created with 'save' command (like: 'docker save' or 'podman save')Status of all the conditions for the component as a list of ComponentStatus objects. Deprecated: This API is deprecated in v1.19+Phase is the current lifecycle phase of the namespace. More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. Cannot be updated.PersistentVolumeClaimSpec describes the common attributes of storage devices and allows a Source for provider-specific attributesstorageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhIjoxLCJiIjoyLCJjIjozfQ.hxhGCCCmGV9nT1slief1WgEsOsfdnlVizNrODxfh1M8Standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataStandard object metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadatascope represents if this refers to a cluster or namespace scoped resource. This may be set to "Cluster" (default) or "Namespace".Requests represent individual requests for distinct devices which must all be satisfied. If empty, nothing needs to be allocated.reclaimPolicy controls the reclaimPolicy for dynamically provisioned PersistentVolumes of this storage class. Defaults to Delete.The ";" character is not valid. Use newlines to separate arguments and blocks, and commas to separate items in collection values.tokenInvalidtokenCommatokenColontokenEqualstokenKeywordtokenNumbertokenStringtokenBrackOtokenBrackCtokenBraceOtokenBraceCtokenEOFThe map to extract keys from. May instead be an object-typed value, in which case the result is a tuple of the object attributes.Returns the value of the element with the given key from the given map, or returns the default value if there is no such element. $ cx hooks pre-commit secrets-install-git-hook $ cx hooks pre-commit secrets-scan $ cx hooks pre-receive secrets-scan Local build threshold. Format -=. Example: scan --threshold "sast-high=10;sca-high=5;iac-security-low=10"(?i)\bFROM\s+(?:--platform=[^\s]+\s+)?([^\s:@]+(?::[^\s@]+)?(?:@sha256:[a-fA-F0-9]{64})?)(?:\s+AS\s+([a-zA-Z0-9][a-zA-Z0-9_.-]*))?Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kindsSecret holds secret data of a certain type. The total bytes of the values in the Data field must be less than MaxSecretSize bytes.secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secretIdentified a potential Adafruit API Key, which could lead to unauthorized access to Adafruit services and sensitive data exposure.Detected a pattern that resembles an Adobe OAuth Web Client ID, posing a risk of compromised Adobe integrations and data breaches.https://lh3.googleusercontent.com/-tWXjX3LUD6w/Ua4La_N5E2I/AAAAAAAAACg/qcm19xbEYa4/s640/EXO-XOXO-teaser-exo-k-34521098-720-516.jpgcurrentRevision, if not empty, indicates the version of the StatefulSet used to generate Pods in the sequence [0,currentReplicas).Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.MutatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and may change the object.RuleWithOperations is a tuple of Operations and Resources. It is recommended to make sure that all the tuple expansions are valid.`verbs` is a list of matching verbs and may not be empty. "*" matches all verbs and, if present, must be the only entry. Required.Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataFieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"The Causes array includes more details associated with the StatusReason failure. Not all StatusReasons may provide detailed causes.FlexPersistentVolumeSource represents a generic persistent volume resource that is provisioned/attached using an exec based plugin.Spec defines the desired quota. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statusIf specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the pluginDiscovered a potential Adobe Client Secret, which, if exposed, could allow unauthorized Adobe service access and data manipulation.Identified an Algolia API Key, which could result in unauthorized search operations and data exposure on Algolia-managed platforms.Discovered a potential Alibaba Cloud Secret Key, potentially allowing unauthorized operations and data access within Alibaba Cloud.Uncovered a HashiCorp Terraform user/org API token, which may lead to unauthorized infrastructure management and security breaches.# HuggingFace API Token https://huggingface.co/settings/tokens HUGGINGFACE_API_TOKEN=hf_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx,A list of host rules used to configure the Ingress. If unspecified, or no rule matches, all traffic is sent to the default backend.maxReplicas is the upper limit for the number of replicas to which the autoscaler can scale up. It cannot be less that minReplicas.uid contains the uid of the user that created the CertificateSigningRequest. Populated by the API server on creation and immutable.A string containing all of the characters to trim. Each character is taken separately, so the order of characters is insignificant. The contributor-count command enables the ability to count unique contributors from different SCM repositories, for the past 90 days0051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f0000c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650Both 'rule' and 'ignoreRule' flags were provided, I will first take all in 'rule' and then remove all in 'ignoreRule' from the list.v?([0-9|x|X|\*]+)(\.[0-9|x|X|\*]+)?(\.[0-9|x|X|\*]+)?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?verbs is a list of supported kube verbs (this includes get, list, watch, create, update, patch, delete, deletecollection, and proxy)nfs represents an NFS mount on the host. Provisioned by an admin. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfsFound a pattern resembling a Codecov Access Token, posing a risk of unauthorized access to code coverage reports and sensitive data.request returned %s with a message (> %d bytes) for API route and version %s, check if the server supports the requested API versionThe number of pending and running pods which are not terminating (without a deletionTimestamp). The value is zero for finished jobs.Specifies the required Pod condition type. To match a pod condition it is required that specified type equals the pod condition type.This flag tells the controller to suspend subsequent executions, it does not apply to already started executions. Defaults to false.StatefulSetPersistentVolumeClaimRetentionPolicy describes the policy used for PVCs created from the StatefulSet VolumeClaimTemplates.updatedReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version indicated by updateRevision.MutatingAdmissionPolicy describes the definition of an admission mutation policy that mutates the object coming into admission chain.failed to read tar file: %w. Make sure this is a valid tar file was created with 'save' command (like: 'docker save' or 'podman save')hard is the set of desired hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumesSpecifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.Identified a pattern that may indicate AWS credentials, risking unauthorized cloud resource access and data breaches on AWS platforms. change_dir(cwd) subdirs = glob.glob('HF_CAASIMULIAComputeServicesBuildTime.HF*.Linux64') if len(subdirs) == 1:currentReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version indicated by currentRevision.An API server instance reports the version it can decode and the version it encodes objects to when persisting objects in the backend.API server instances report the version they can decode and the version they encode objects to when persisting objects in the backend.The number of failed finished jobs to retain. This is a pointer to distinguish between explicit zero and not specified. Defaults to 1.Result contains extra details into why an admission request was denied. This field IS NOT consulted in any way if "Allowed" is "true".Hard is the set of enforced hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.Required. The effect of the taint on pods that do not tolerate the taint. Valid effects are NoSchedule, PreferNoSchedule and NoExecute.Conditions is an array of current observed node conditions. More info: https://kubernetes.io/docs/reference/node/node-status/#conditionRepresents a Quobyte mount that lasts the lifetime of a pod. Quobyte volumes do not support ownership management or SELinux relabeling.nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfsCurrent status of a job. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statusAPI server instances report the versions they can decode and the version they encode objects to when persisting objects in the backend.`verbs` is a list of matching verbs and may not be empty. "*" matches all verbs. If it is present, it must be the only entry. Required.Default specifies how much of this capacity is consumed by a request that does not contain an entry for it in DeviceRequest's Capacity.When using the legacy index syntax, chaining two indexes together is not permitted. Use the proper index syntax instead, like [%s][%s].SCS scan warning: Unable to run Scorecard scanner due to unsupported repo host. Currently, Scorecard can only run on GitHub Cloud repos.Spec defines the behavior of a node. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statusRepresents a Rados Block Device mount that lasts the lifetime of a pod. RBD volumes support ownership management and SELinux relabeling.secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.If true, only write logs to their native severity level (vs also writing to each lower severity level; no effect when -logtostderr=true)forZones indicates the zone(s) this endpoint should be consumed by to enable topology aware routing. May contain a maximum of 8 entries.ClusterRole is a cluster level, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding or ClusterRoleBinding.Adds the duration represented by the given duration string to the given RFC 3339 timestamp string, returning another RFC 3339 timestamp.Constructs a list of strings by applying formatting verbs to a series of arguments, using a similar syntax to the C function \"printf\".driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.RequestMappings identifies the mapping of to device request in the generated ResourceClaim.secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secretmonitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-ituser is Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-ituser is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it"Authorization": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c2VybmFtZTpib2IifQ.HcfCW67Uda-0gz54ZWTqmtgJnZeNem0Q757eTa9EZuw"^(\^|>=)(?Pv?([0-9]+)(\.[0-9]+)?(\.[0-9]+)?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?)( |$)logs at or above this threshold go to stderr when writing to files and stderr (no effect when -logtostderr=true or -alsologtostderr=true)ObjectMetricSource indicates how to scale on a metric describing a kubernetes object (for example, hits-per-second on an Ingress object).APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.ValidatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and object without changing it.username contains the name of the user that created the CertificateSigningRequest. Populated by the API server on creation and immutable.forZones indicates the zone(s) this endpoint should be consumed by when using topology aware routing. May contain a maximum of 8 entries.RoleRef can only reference a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error.^rgb\(\s*(0|[1-9]\d?|1\d\d?|2[0-4]\d|25[0-5])\s*,\s*(0|[1-9]\d?|1\d\d?|2[0-4]\d|25[0-5])\s*,\s*(0|[1-9]\d?|1\d\d?|2[0-4]\d|25[0-5])\s*\)$There is no corresponding closing brace before the end of the file. This may be caused by incorrect brace nesting elsewhere in this file.cannot slice a set, because its elements do not have indices; explicitly convert to a list if the ordering of the result is not importantUsed to facilitate programmatic handling of secret data. More info: https://kubernetes.io/docs/concepts/configuration/secret/#secret-typesValue is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.PersistentVolumeSource is similar to VolumeSource but meant for the administrator who creates PVs. Exactly one of its members must be set.iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin.Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.PodDisruptionBudgetStatus represents information about the status of a PodDisruptionBudget. Status may trail the actual state of a system.a memory allocator was provided but the encoder %s doesn't implement the runtime.EncoderWithAllocator, using regular encoder.Encode methodResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. "*" means all.The number of successful finished jobs to retain. This is a pointer to distinguish between explicit zero and not specified. Defaults to 3.drivers is a list of information of all CSI Drivers existing on a node. If all drivers in the list are uninstalled, this can become empty.There is no closing brace for this block before the end of the file. This may be caused by incorrect brace nesting elsewhere in this file.a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric characterIt seems that %s is not available for AI Guided Remediation. Please ensure that you have opened the correct workspace or the relevant file.Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.Represents a Glusterfs mount that lasts the lifetime of a pod. Glusterfs volumes do not support ownership management or SELinux relabeling.endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-podIngress is a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points.Spec defines the behavior of a service. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXkInvalid timeout value. Timeout must be a single integer in seconds, or an integer followed by a corresponding time unit (e.g. 1s | 2m | 3h)selector is the label selector for pods. Existing ReplicaSets whose pods are selected by this will be the ones affected by this deployment.ValidatingAdmissionPolicy describes the definition of an admission validation policy that accepts or rejects an object without changing it.reason is why the action was taken. It is human-readable. This field cannot be empty for new Events and it can have at most 128 characters. apiVersion: v1 kind: ServiceAccount metadata: annotations: iam.gke.io/gcp-service-account: %s@%s.iam.gserviceaccount.com name: %s Policy Violation - Break Build Enabled. To bypass the policy evaluation and continue with the build, you can use the `--ignore-policy` flag.Invalid value for --container-images flag. The 'dir:' prefix is not supported as it would scan entire directories rather than a single imageno tag found in manifest RepoTags: %s. Make sure the image was saved with a tag using 'docker save ' or 'podman save 'ClusterTrustBundleProjection describes how to select a set of ClusterTrustBundle objects and project their contents into the pod filesystem.Items is the list of Namespace objects in the list. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/Deprecated: Previously used to specify the source of the node's configuration for the DynamicKubeletConfig feature. This feature is removed.Current status of a cron job. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statuskind is the kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kindsFailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.conditions is the set of conditions required for this autoscaler to scale its target, and indicates whether or not those conditions are met.rules is a list of host rules used to configure the Ingress. If unspecified, or no rule matches, all traffic is sent to the default backend.APIVersions lists the versions that are available, to allow clients to discover the API at /api, which is the root path of the legacy v1 API.ServerAddressByClientCIDR helps the client to determine the server address that they should use, depending on the clientCIDR that they match.items is a list of persistent volume claims. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaimsThe pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator .Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs volumes do not support ownership management or SELinux relabeling.action is what action was taken/failed regarding to the regarding object. It is machine-readable. This field can have at most 128 characters.`limited` specifies how requests are handled for a Limited priority level. This field must be non-empty if and only if `type` is `"Limited"`.Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule and NoExecute.There is no corresponding closing bracket before the end of the file. This may be caused by incorrect bracket nesting elsewhere in this file.chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbcappArmorProfile is the AppArmor options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows."ZGlkOmtleTp6Nk1rak1TWWF1dU1neDlhekV5VW5UVzVvNWpGUmtiQnU1VDgzZjM5dU53bnNHbW0jejZMU29HdFpTclVNWnVkQWFnekVmWWY3azhqSFpjR0Q3OVNveDd2NHdDa0RLTlN3"ObjectMetricStatus indicates the current value of a metric describing a kubernetes object (for example, hits-per-second on an Ingress object).FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Ignore.CertificateSigningRequestStatus contains conditions used to indicate approved/denied/failed status of the request, and the issued certificate.extra contains extra attributes of the user that created the CertificateSigningRequest. Populated by the API server on creation and immutable.HardwareAddress represents the hardware address (e.g. MAC Address) of the device's network interface. Must not be longer than 128 characters.The given key does not identify an element in this collection value: the given index is greater than or equal to the length of the collection.Returns the values of elements of a given map, or the values of attributes of a given object, in lexicographic order by key or attribute name.Specify the state that you would like to apply. Can be a pre-configured state (e.g., not_exploitable) or a custom state created in your accountvolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.ResourceVersion is the metadata.ResourceVersion of the referenced ConfigMap. This field is forbidden in Node.Spec, and required in Node.Status.Names by which this image is known. e.g. ["kubernetes.example/hyperkube:v1.0.7", "cloud-vendor.registry.example/cloud-vendor/hyperkube:v1.0.7"]ResourceHealth represents the health of a resource. It has the latest device health information. This is a part of KEP https://kep.k8s.io/4680.accessModes contains all ways the volume can be mounted. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modesemptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir(?Ui)^(?P(?:[[:alpha:]][[:word:].]*(?:\.[[:alpha:]][[:word:].]*)*-?)+)(?:-(?P(\d.*|(build\d+.*)|(rc?\d+(?:^[[:alpha:]].*)?))))?$numberReady is the number of nodes that should be running the daemon pod and have one or more of the daemon pod running with a Ready Condition.APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required.Extra corresponds to the user.Info.GetExtra() method from the authenticator. Since that is input to the authorizer it needs a reflection here.groups contains group membership of the user that created the CertificateSigningRequest. Populated by the API server on creation and immutable.`nonResourceRules` is a list of NonResourcePolicyRules that identify matching requests according to their verb and the target non-resource URL.RoleList is a collection of Roles Deprecated in v1.17 in favor of rbac.authorization.k8s.io/v1 RoleList, and will no longer be served in v1.22.Specifies the action taken on a container exit if the requirements are satisfied. The only possible value is "Restart" to restart the container.Spec defines the limits enforced. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statusLoadBalancerIngress represents the status of a load-balancer ingress point: traffic intended for the service should be sent to an ingress point.A scoped-resource selector requirement is a selector that contains values, a scope name, and an operator that relates the scope name and values.The number of old history to retain to allow rollback. This is a pointer to distinguish between explicit zero and not specified. Defaults to 10.updateRevision, if not empty, indicates the version of the StatefulSet used to generate Pods in the sequence [replicas-updatedReplicas,replicas)related is the optional secondary object for more complex actions. E.g. when regarding object triggers a creation or deletion of related object.`apiGroups` is a list of matching API groups and may not be empty. "*" matches all API groups and, if present, must be the only entry. Required.RoleList is a collection of Roles. Deprecated in v1.17 in favor of rbac.authorization.k8s.io/v1 RoleList, and will no longer be served in v1.22.Use this flag to update to the latest version of the ASCA scanner.Otherwise, we will check if there is an existing installation that can be used.RFC 3339 date and time at which the object was acknowledged by the Kubelet. This is before the Kubelet pulled the container image(s) for the pod.keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-itmetadata is the standard object metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata`metadata` is the standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataDevice represents one individual hardware instance that can be selected based on its attributes. Besides the name, exactly one field must be set.Generate the autocompletion script for %[1]s for the specified shell. See each sub-command's help for details on how to use the generated script. Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers.Restart policy for the container to manage the restart behavior of each container within a pod. You cannot set this field on ephemeral containers.Represents an ISCSI disk. ISCSI volumes can only be mounted as read/write once. ISCSI volumes support ownership management and SELinux relabeling.^urn:cdx:(?P[\da-f]{8}-[\da-f]{4}-[\da-f]{4}-[\da-f]{4}-[\da-f]{12})/(?P[1-9]\d*)(?:#(?P[\da-zA-Z\-._~%!$&'()*+,;=:@/?]+))?$defines the behavior of the scale. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status.DEPRECATED. A sequence number representing a specific generation of the template. Populated by the system. It can be set only during the creation.Formats a timestamp given in RFC 3339 syntax into another timestamp in some other machine-oriented time syntax, as described in the format string.DownwardAPIVolumeSource represents a volume containing downward API info. Downward API volumes support ownership management and SELinux relabeling.volumeHandle is the unique volume name returned by the CSI volume plugin’s CreateVolume to refer to the volume on all subsequent calls. Required..*[/\\](?P[^/\\]+)[/\\](?P[^/\\]+)[/\\](?P[^/\\]+)[/\\](?P[^/\\]+)[/\\]package[/\\](?P[^/\\]+)[/\\]conaninfo\.txtupdateStrategy indicates the StatefulSetUpdateStrategy that will be employed to update Pods in the StatefulSet when a revision is made to Template.a valid label must be an empty string or consist of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric characterUser is the user you're testing for. If you specify "User" but not "Group", then is it interpreted as "What if User were not a member of any groupsreportingController is the name of the controller that emitted this Event, e.g. `kubernetes.io/kubelet`. This field cannot be empty for new Events.This field holds configuration for multiple potential drivers which could satisfy requests in this claim. It is ignored while allocating the claim.If DeviceClassName is set, the selectors defined there must be satisfied by a device to be selected. This field corresponds to class.metadata.name.if [[ $(type -t compopt) = "builtin" ]]; then complete -o default -F __start_%s %s else complete -o default -o nospace -F __start_%s %s fi The import command enables you to import SAST scan results from an external source into Checkmarx One. The results must be submitted in sarif formatcrypto/tls: ExportKeyingMaterial is unavailable when neither TLS 1.3 nor Extended Master Secret are negotiated; override with GODEBUG=tlsunsafeekm=1Follow on ThreadscolumnDefinitions describes each column in the returned items array. The number of cells per row will always match the number of column definitions.wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.The type of keypair Kubelet will generate for the pod. Valid values are "RSA3072", "RSA4096", "ECDSAP256", "ECDSAP384", "ECDSAP521", and "ED25519".The number of old ReplicaSets to retain to allow rollback. This is a pointer to distinguish between explicit zero and not specified. Defaults to 10.a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric characterUser is the user you're testing for. If you specify "User" but not "Groups", then is it interpreted as "What if User were not a member of any groupsThe sets to consider. Also accepts lists and tuples, and if all arguments are of list or tuple type then the result will preserve the input orderingThe name of this port. This must match the 'name' field in the corresponding ServicePort. Must be a DNS_LABEL. Optional only if one port is defined.targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs"Optional deadline in seconds for starting the job if it misses scheduled time for any reason. Missed jobs executions will be counted as failed ones.`metadata` is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataSource records whether the configuration comes from a class and thus is not something that a normal user would have been able to set or from a claim.The device this taint is attached to has the "effect" on any claim which does not tolerate the taint and, through the claim, to pods using the claim.message represents the error encountered during Attach or Detach operation. This string maybe logged, so it should not contain sensitive information. $ cx scan secrets-realtime -s $ cx scan secrets-realtime -s --ignored-file-path Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.KubeletConfigKey declares which key of the referenced ConfigMap corresponds to the KubeletConfiguration structure This field is required in all cases.Represents a list of rules to be checked to determine if the container should be restarted on exit. You cannot set this field on ephemeral containers.PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset.fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".Replicas is the most recently observed number of non-terminating pods. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset`name` is the name of the resource being referenced. `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.PodCertificateRequest encodes a pod requesting a certificate from a given signer. Kubelets use this API to implement podCertificate projected volumesSelectors contains the same selection criteria as a ResourceClaim. Currently, CEL expressions are supported. All of these selectors must be satisfied.preemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset.message represents the error encountered during Attach or Detach operation. This string may be logged, so it should not contain sensitive information. $ cx hooks pre-commit secrets-ignore --resultIds=a1b2c3d4e5f6,f1e2d3c4b5a6 $ cx hooks pre-commit secrets-ignore --all NoMatchEmptyMatchLiteralCharClassAnyCharNotNLAnyCharBeginLineEndLineBeginTextEndTextWordBoundaryNoWordBoundaryCaptureStarPlusQuestRepeatConcatAlternateNodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil. This API is deprecated since 1.22A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed.The desired behavior of this daemon set. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statusspec defines the behavior of the scale. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status.current status of the scale. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status. Read-only.VolumeAttachment captures the intent to attach or detach the specified volume to/from the specified node. VolumeAttachment objects are non-namespaced.Applies the given regular expression pattern to the given string and returns information about a single match, or raises an error if there is no match.manifest.json not found in tar file or no RepoTags found. Make sure this tar file was created with 'save' command (like: 'docker save' or 'podman save')host will try HTTPS first since it is configured for HTTP with a TLS configuration, consider changing host to HTTPS or removing unused TLS configurationreadOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstoreBounded-sized list of signatures of pods that should avoid this node, sorted in timestamp order from oldest to newest. Size of the slice is unspecified.LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-itSpec is the desired state of the Ingress. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statusA unique value that identifies this user across time. If this user is deleted and another user by the same name is added, they will have different UIDs.spec is the desired state of the Ingress. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statusResourceClaimTemplate is used to produce ResourceClaim objects. This is an alpha type and requires enabling the DynamicResourceAllocation feature gate.status represents status of the VolumeAttachment request. Populated by the entity completing the attach or detach operation, i.e. the external-attacher.The `io.containerd.runc.v1` runtime is deprecated since containerd v1.4 and removed in containerd v2.0. Use the `io.containerd.runc.v2` runtime instead.
{{.ScanInfoMessage}}
A score between 0 (low) and 100 (high) indicating the degree of confidence in the exploitability of this vulnerability in the context of your code.
$ cx utils pr github --scan-id --token --namespace --repo-name --pr-number Represents downward API info for projecting into a projected volume. Note that this is identical to a downwardAPI volume source without the default mode.IP addresses which offer the related ports that are marked as ready. These endpoints should be considered safe for load balancers and clients to utilize.May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation.portals is the iSCSI Target Portal List. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1The number of nodes that should be running the daemon pod and have none of the daemon pod running and available (ready for at least spec.minReadySeconds)Please report a bug to github.com/gogo/protobuf if you see this message: Writing extensions is not supported for extensions stored in a byte slice field.spec defines the behaviour of autoscaler. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status.HorizontalPodAutoscalerBehavior configures the scaling behavior of the target in both Up and Down directions (scaleUp and scaleDown fields respectively).leaseDurationSeconds is a duration that candidates for a lease need to wait to force acquire it. This is measure against time of last observed renewTime.Can't access attributes on a list of objects. Did you mean to access attribute %q for a specific element of the list, or across all elements of the list?Can't access attributes on a list of objects. Did you mean to access an attribute for a specific element of the list, or across all elements of the list?The `containerd.io/restart.logpath` label is deprecated since containerd v1.5 and removed in containerd v2.0. Use `containerd.io/restart.loguri` instead.index.json not found in OCI archive tar file. Make sure this is a valid OCI archive created with 'buildah push' or 'skopeo copy' using oci-archive: formatSpec defines the behavior of the Namespace. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statusName must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/

You should see a token hf_xxxxx (old tokens are api_XXXXXXXX or api_org_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX).

# Req: Invoke-RestMethod -Uri 'http://localhost:8085/users' -Headers @{ 'X-API-KEY' = 'eyJhbGciOiJub25lIn0.eyJ1c2VybmFtZSI6Im1vcnR5Iiwic3ViIjoiMTIzIn0.' }Status is the current state of the Ingress. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statusPodsMetricStatus indicates the current value of a metric describing each pod in the current scale target (for example, transactions-processed-per-second).jsonPatch defines a [JSON patch](https://jsonpatch.com/) operation to perform a mutation to the object. A CEL expression is used to create the JSON patch.NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path. "*" means all.spec is the desired state of the IPAddress. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statusstatus is the current state of the Ingress. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statusLimits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/nodeAffinity defines constraints that limit what nodes this volume can be accessed from. This field influences the scheduling of pods that use this volume.List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated.Exactly specifies the details for a single request that must be met exactly for the request to be satisfied. One of Exactly or FirstAvailable must be set.name represents the name of the CSI driver that this object refers to. This MUST be the same name returned by the CSI GetPluginName() call for that driver.name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted.SuccessPolicyRule describes rule for declaring a Job as succeeded. Each rule must have at least one of the "succeededIndexes" or "succeededCount" specified.spec contains the specification of the Lease. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statustype is the type of this event (Normal, Warning), new types could be added in the future. It is machine-readable. This field cannot be empty for new Events.spec is the desired state of the ServiceCIDR. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statusexpirationSeconds is the duration of validity of the token in "TokenRequestSpec". It has the same default value of "ExpirationSeconds" in "TokenRequestSpec"The given key does not identify an element in this collection value: indexing a sequence requires a whole number, but the given index has a fractional part.There is no closing brace for this interpolation sequence before the end of the file. This might be caused by incorrect nesting inside the given expression. Total Results: %d (Total Results includes only API documentation vulnerabilities and does not include API code vulnerabilities.) 68647976601306097149819007990813932172694353001433054093944634591855431833976560521225596406614545549772963113914808580371219879997166438125740282911150571516864797660130609714981900799081393217269435300143305409394463459185543183397655394245057746333217197532963996371363321113864768612440380340372808892707005449no image tag found in OCI index.json annotations (org.opencontainers.image.ref.name). Please ensure the OCI directory was created with proper tag informationlastPhaseTransitionTime is the time the phase transitioned from one to another and automatically resets to current time everytime a volume phase transitions.storageClassName is the name of StorageClass to which this persistent volume belongs. Empty value means that this volume does not belong to any StorageClass.[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}@[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}\/IncomingWebhook\/[a-z0-9]{32}\/[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}Defines the maximum size a log file can grow to (no effect when -logtostderr=true). Unit is megabytes. If the value is 0, the maximum file size is unlimited.spec is the desired state of the IngressClass. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statusThe ResourceClaim this DeviceToleration is attached to tolerates any taint that matches the triple using the matching operator .DeviceTaintSelector defines which device(s) a DeviceTaintRule applies to. The empty selector matches all devices. Without a selector, no devices are matched.expirationSeconds is the duration of validity of the token in "TokenRequestSpec". It has the same default value of "ExpirationSeconds" in "TokenRequestSpec".Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'Resizing'.Status is the status of the condition. Can be True, False, Unknown. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditionsSpecification of the desired behavior of a job. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statusselector is a label query over pods that should match the replicas count. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/leaseDurationSeconds is a duration that candidates for a lease need to wait to force acquire it. This is measured against the time of last observed renewTime.PreferredHolder signals to a lease holder that the lease has a more optimal holder and should be given up. This field can only be set if Strategy is also set.reportingInstance is the ID of the controller instance, e.g. `kubelet-xyzf`. This field cannot be empty for new Events and it can have at most 128 characters.`status` is the current status of a FlowSchema. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statusattached indicates the volume is successfully attached. This field must only be set by the entity completing the attach operation, i.e. the external-attacher.There is no closing parenthesis for this function call before the end of the file. This may be caused by incorrect parenthesis nesting elsewhere in this file.operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. The list of operators may grow in the future.Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.The list of ports that are exposed by this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxiesClusterRoleBinding references a ClusterRole, but not contain it. It can reference a ClusterRole in the global namespace, and adds who information via Subject.Value is the taint value the toleration matches to. If the operator is Exists, the value must be empty, otherwise just a regular string. Must be a label value.Operation is the operation being performed. This may be different than the operation requested. e.g. a patch can result in either a CREATE or UPDATE Operation.invalid configuration: to exclude binary packages based on file ownership overlap relationships, cataloging file ownership overlap relationships must be enabledTable is a tabular representation of a set of API resources. The server transforms the object into a set of preferred columns for quickly reviewing the objects.path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statuscephFS represents a Ceph FS mount on the host that shares a pod's lifetime. Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported.Specification of the desired behavior of the job. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statusThe number of nodes that should be running the daemon pod and have one or more of the daemon pod running and available (ready for at least spec.minReadySeconds)Total number of nodes that should be running the daemon pod and have one or more of the daemon pod running with a Ready Condition by passing the readinessProbe.lastScaleTime is the last time the HorizontalPodAutoscaler scaled the number of pods; used by the autoscaler to control how often the number of pods is changed.lastScaleTime is the last time the HorizontalPodAutoscaler scaled the number of pods, used by the autoscaler to control how often the number of pods is changed.spec represents specification of the RuntimeClass More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statusThe IP of this endpoint. May not be loopback (127.0.0.0/8 or ::1), link-local (169.254.0.0/16 or fe80::/10), or link-local multicast (224.0.0.0/24 or ff02::/16).Name is a DNS_LABEL representing the unique name of the container. Each container in a pod must have a unique name across all container types. Cannot be updated.capacity is the description of the persistent volume's resources and capacity. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacitySpecifies the required Pod condition status. To match a pod condition it is required that the specified status equals the pod condition status. Defaults to True.If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. `port` should be a valid port number (1-65535, inclusive).PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to.value represents the integer value of this priority class. This is the actual priority that pods receive when they have the name of this class in their pod spec.The `io.containerd.runtime.v1.linux` runtime is deprecated since containerd v1.4 and removed in containerd v2.0. Use the `io.containerd.runc.v2` runtime instead.Invalid value for --container-images flag. Registry format must specify a single image, not just a registry URL. Use format: registry:/:consider using a custom Comparer; if you control the implementation of type, you can also consider using an Exporter, AllowUnexported, or cmpopts.IgnoreUnexportedreadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdiskStatus describes the current status of a Namespace. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statusrbd represents a Rados Block Device mount on the host that shares a pod's lifetime. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. parser.add_argument("--hf_token", type=str, default='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', help="Hugging Face Access Token to access PyAnnote gated models")DEPRECATED 1.9 - This group version of NetworkPolicyList is deprecated by networking/v1/NetworkPolicyList. Network Policy List is a list of NetworkPolicy objects. WARNING! Your credentials are stored unencrypted in '%s'. Configure a credential helper to remove this warning. See https://docs.docker.com/go/credential-store/ ResourceRules describes what operations on what resources/subresources the admission policy matches. The policy cares about an operation if it matches _any_ Rule.Spec holds information about the request being evaluated. spec.namespace must be equal to the namespace you made the request against. If empty, it is defaulted.SubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAuthorizationAttributes and NonResourceAuthorizationAttributes must be setperiodSeconds specifies the window of time for which the policy should hold true. PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min).RoleRef can only reference a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. This field is immutable.ClusterRoleList is a collection of ClusterRoles. Deprecated in v1.17 in favor of rbac.authorization.k8s.io/v1 ClusterRoles, and will no longer be served in v1.22.ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdiskphase indicates if a volume is available, bound to a claim, or released by a claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#phaseRequest is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.Status defines the actual enforced quota and its current usage. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statusContainer's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.quobyte represents a Quobyte mount on the host that shares a pod's lifetime. Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported.Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.The path to the field that refers the expression. For example, the reference to the expression of the first item of validations is "spec.validations[0].expression"ServiceCIDR defines a range of IP addresses using CIDR format (e.g. 192.168.0.0/24 or 2001:db2::/64). This range is used to allocate ClusterIPs to Service objects.readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.mdA list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed.LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.Label selector for pods. Existing ReplicaSets whose pods are selected by this will be the ones affected by this deployment. It must match the pod template's labels.`caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. If unspecified, system trust roots on the apiserver are used.port represents the port number of the endpoint. If this is not specified, ports are not restricted and must be interpreted in the context of the specific consumer.RoleBindingList is a collection of RoleBindings Deprecated in v1.17 in favor of rbac.authorization.k8s.io/v1 RoleBindingList, and will no longer be served in v1.22.Returns the element with the given index from the given list or tuple, applying the modulo operation to the given index if it's greater than the number of elements.volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstoreContainerState holds a possible state of container. Only one of its members may be specified. If none of them is specified, the default one is ContainerStateWaiting.A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1status is the current status of the scale. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status. Read-only.AllNodes indicates that all nodes have access to the resources in the pool. Exactly one of NodeName, NodeSelector, AllNodes, and PerDeviceNodeSelection must be set. $ cx telemetry ai --ai-provider --problem-severity --type --sub-type --agent --engine Kerberos proxy authentication setup failed because no Kerberos credential cache was found. Make sure to run 'kinit' to populate the cache before running this command.APIResourceList is a list of APIResource, it is used to expose the name of the resources supported in a specific group and version, and if the resource is namespaced.UID of the resource. (when there is a single resource which can be described). More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uidsstatus defines current status of the scale. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status. Read-only.v?([0-9]+(\.[0-9]+)*?)(-([0-9]+[0-9A-Za-z\-~]*(\.[0-9A-Za-z\-~]+)*)|(-?([A-Za-z\-~]+[0-9A-Za-z\-~]*(\.[0-9A-Za-z\-~]+)*)))?(\+([0-9A-Za-z\-~]+(\.[0-9A-Za-z\-~]+)*))??SelfSubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAuthorizationAttributes and NonResourceAuthorizationAttributes must be setscaleTargetRef points to the target resource to scale, and is used to the pods for which metrics should be collected, as well as to actually change the replica count.note is a human-readable description of the status of this operation. Maximal length of the note is 1kB, but libraries should be prepared to handle values up to 64kB.`status` is the current status of a "request-priority". More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statusnamespace is the namespace of the resource being referenced. This field is required when scope is set to "Namespace" and must be unset when scope is set to "Cluster".status represents the current state of the ServiceCIDR. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statusIf specified, these are the driver-defined taints. The maximum number of taints is 4. This is an alpha field and requires enabling the DRADeviceTaints feature gate.Status of the operation. One of: "Success" or "Failure". More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statusreadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfsResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod. Exactly one of ResourceClaimName and ResourceClaimTemplateName must be set.AutomountServiceAccountToken indicates whether pods running as this service account should have an API token automatically mounted. Can be overridden at the pod level.SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field.TokenReview attempts to authenticate a token to a known user. Note: TokenReview requests may be cached by the webhook token authenticator plugin in the kube-apiserver.^v?([0-9]+(\.[0-9]+)*?)(-([0-9]+[0-9A-Za-z\-~]*(\.[0-9A-Za-z\-~]+)*)|(-([A-Za-z\-~]+[0-9A-Za-z\-~]*(\.[0-9A-Za-z\-~]+)*)))?(\+([0-9A-Za-z\-~]+(\.[0-9A-Za-z\-~]+)*))??$parameters is a link to a custom resource containing additional configuration for the controller. This is optional if the controller does not require extra parameters.Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error.RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error.Count is used only when the count mode is "ExactCount". Must be greater than zero. If AllocationMode is ExactCount and this field is not specified, the default is one.Single-line block syntax can include only one argument definition. To define multiple arguments, use the multi-line block syntax with one argument definition per line.There is no closing brace for this interpolation sequence before the end of the quoted template. This might be caused by incorrect nesting inside the given expression.Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.ImageID is the image ID of the container's image. The image ID may not match the image ID of the image used in the PodSpec, as it may have been resolved by the runtime.type is the type of metric source. It should be one of "ContainerResource", "External", "Object", "Pods" or "Resource", each mapping to a matching field in the object.^v?([0-9]+(\.[0-9]+)*?)(-([0-9]+[0-9A-Za-z\-~]*(\.[0-9A-Za-z\-~]+)*)|(-?([A-Za-z\-~]+[0-9A-Za-z\-~]*(\.[0-9A-Za-z\-~]+)*)))?(\+([0-9A-Za-z\-~]+(\.[0-9A-Za-z\-~]+)*))??$APIGroup holds the API group of the referenced subject. Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User and Group subjects.DeviceConfiguration must have exactly one field set. It gets embedded inline in some other structs which have other fields, so field names must not conflict with those.cbor: DecMode with non-default StringExpectedEncoding or ByteSliceExpectedEncoding treats tag %d as built-in and conflicts with the provided TagSet's registration of %vWhen using the legacy index syntax, chaining two indexes together is not permitted. Use the proper index syntax with a full splat expression [*] instead, like [%s][%s].Additional scan options supported by kics. Should follow comma separated format. For example : --additional-params -v, --exclude-results,fec62a97d569662093dbb9739360942ffsType to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.APIGroup is the group for the resource being referenced. It is empty for the core API. This matches the group in the APIVersion that is used when creating the resources. $ cx scan containers-realtime -s $ cx scan containers-realtime -s --ignored-file-path SCS scan failed to start: Scorecard scan is missing required flags, please include in the ast-cli arguments: --scs-repo-url your_repo_url --scs-repo-token your_repo_tokenTemplate defines the pods that will be created from this pod template. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statusdef test_internal_api_org_inclusion_with_href(api_name, href, expected, monkeypatch, called_with): monkeypatch.setattr("requests.sessions.Session.request", called_with)Standard object's metadata of the jobs created from this template. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataPodFailurePolicyRule describes how a pod failure is handled when the requirements are met. One of onExitCodes and onPodConditions, but not both, can be used in each rule.type is the type of metric source. It will be one of "ContainerResource", "External", "Object", "Pods" or "Resource", each corresponds to a matching field in the object.status contains information about whether the request is approved or denied, and the certificate issued by the signer, or the failure condition indicating signer failure.LeaseCandidate defines a candidate for a Lease object. Candidates are created such that coordinated leader election will pick the best leader from the list of candidates.Two different items produced the key %q in this 'for' expression. If duplicates are expected, use the ellipsis (...) after the value expression to enable grouping by key.Represents a Fibre Channel volume. Fibre Channel volumes can only be mounted as read/write once. Fibre Channel volumes support ownership management and SELinux relabeling.ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported."url_private": "https:\/\/files.slack.com\/files-pri\/T04MCQMEXQ9-F04MAA1PKE3\/image.png?t=xoxe-4726837507825-4848681849303-4856614048758-e0b1f3d4cb371f92260edb0d9444d206"revisionHistoryLimit is the number of old ReplicaSets to retain to allow rollback. This is a pointer to distinguish between explicit zero and not specified. Defaults to 2.reference to scaled resource; horizontal pod autoscaler will learn the current resource consumption and will set the desired number of pods by using its Scale subresource.ResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches. The policy cares about an operation if it matches _any_ Rule.The status of the ValidatingAdmissionPolicy, including warnings that are useful to determine if the policy behaves in the expected way. Populated by the system. Read-only.^v?(?:0|[1-9]\d*)\.(?:0|[1-9]\d*)\.(?:0|[1-9]\d*)(-(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(\.(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*)?(\+[0-9a-zA-Z-]+(\.[0-9a-zA-Z-]+)*)?$volumeMode defines if a volume is intended to be used with a formatted filesystem or to remain in raw block state. Value of Filesystem is implied when not included in spec.storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported.def test_private_space(self): hf_token = "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" # Intentionally revealing this key for testing purposes io = gr.load(The access controller was unable to authenticate the client. Often this will be accompanied by a Www-Authenticate HTTP response header indicating how to authenticate.Resource is an ObjectRef to another Kubernetes resource in the namespace of the Ingress object. If resource is specified, serviceName and servicePort must not be specified.DEPRECATED 1.9 - This group version of NetworkPolicy is deprecated by networking/v1/NetworkPolicy. NetworkPolicy describes what network traffic is allowed for a set of PodsResourceRule is the list of actions the subject is allowed to perform on resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.request contains an x509 certificate signing request encoded in a "CERTIFICATE REQUEST" PEM block. When serialized as JSON or YAML, the data is additionally base64-encoded.resource is an ObjectRef to another Kubernetes resource in the namespace of the Ingress object. If resource is specified, serviceName and servicePort must not be specified.Counters defines the set of counters for this CounterSet The name of each counter must be unique in that set and must be a DNS label. The maximum number of counters is 32.Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated."refresh_token1": "xoxe-1-My0xLTMxNzcwMjQ0MTcxMy01MTU4MTUyNjkxNzE0LTUxODE4NDI0MDY3MzYtMjA5MGFkOTFlZThkZWE2OGFlZDYwYWJjODNhYzAxYjA5ZjVmODBhYjgzN2QyNDdjOTNlOGY5NTg2YWM1OGM4Mg""refresh_token2": "xoxe-1-My0xLTM0MTQwNDE0MDE3Ni01MTgyMDc1NDk2MDgwLTU0MjQ1NjIwNzgxODEtNGJkYTZhYTUxY2M1ODk3ZTNkN2YzMTgxMDI1ZDQzNzgwNWY4NWQ0ODdhZGIzM2ViOGI0MTM0MjdlNGVmYzQ4Ng"Expression is the expression that will be evaluated as the value of the variable. The CEL expression has access to the same identifiers as the CEL expressions in Validation.ResourceRules is the list of actions the subject is allowed to perform on resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.DeviceRequest is a request for devices required for a claim. This is typically a request for a single resource like a device, but can also ask for several identical devices.path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpathAn empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).ISCSIPersistentVolumeSource represents an ISCSI disk. ISCSI volumes can only be mounted as read/write once. ISCSI volumes support ownership management and SELinux relabeling.Unschedulable controls node schedulability of new pods. By default, node is schedulable. More info: https://kubernetes.io/docs/concepts/nodes/node/#manual-node-administrationspec is the specification for the behaviour of the autoscaler. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status.ObjectMeta may contain labels and annotations that will be copied into the ResourceClaim when creating it. No other fields are allowed and will be rejected during validation.Capacity defines the set of capacities for this device. The name of each capacity must be unique in that set. The maximum number of attributes and capacities combined is 32.%[1]s and %[2]s both match some paths, like %[3]q. But neither is more specific than the other. %[1]s matches %[4]q, but %[2]s doesn't. %[2]s matches %[5]q, but %[1]s doesn't.group is the preferred group of the resource. Empty implies the group of the containing resource list. For subresources, this may have a different value, for example: Scale".If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.Finalizers is an opaque list of values that must be empty to permanently remove object from storage. More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-itscaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported.+HWI-ST565_0092:4:1101:5508:5860#ACTTGA/1 bb_eeeeegfgffhiiiiiiiiiiihiiiiicgafhf_eefghihhiiiifhifhhdhifhiiiihifdgdhggf\bbceceedbcd @HWI-ST565_0092:4:1101:7621:5770#ACTTGA/1"news_train_dataset = datasets.load_dataset('nlpHakdang/aihub-news30k', data_files = \"train_news_text.csv\", use_auth_token='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')\n",observedGeneration is the most recent generation observed for this StatefulSet. It corresponds to the StatefulSet's generation, which is updated on mutation by the API Server.DeviceTaintRule adds one taint to all devices which match the selector. This has the same effect as if the taint was specified directly in the ResourceSlice by the DRA driver.Applies the given regular expression pattern to the given string and returns a list of information about all non-overlapping matches, or an empty list if there are no matches.spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaimsName uniquely identifies this resource claim inside the pod. This must match the name of an entry in pod.spec.resourceClaims, which implies that the string must be a DNS_LABEL.secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-itThe number of nodes that are running the daemon pod, but are not supposed to run the daemon pod. More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/Invalid value for --container-images flag. Unknown prefix '%s:'. Supported prefixes are: docker:, podman:, containerd:, registry:, docker-archive:, oci-archive:, oci-dir:, file:readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.mdPersistentVolume (PV) is a storage resource provisioned by an administrator. It is analogous to a node. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumesfsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it%s: indicates that the parent package claims ownership of a child package since the parent metadata indicates overlap with a location that a cataloger found the child package byThe number of pods which reached phase Succeeded. The value increases monotonically for a given spec. However, it may decrease in reaction to scale down of elastic indexed jobs.Attributes defines the set of attributes for this device. The name of each attribute must be unique in that set. The maximum number of attributes and capacities combined is 32.The `mirrors` property of `[plugins."io.containerd.grpc.v1.cri".registry]` is deprecated since containerd v1.5 and will be removed in containerd v2.1. Use `config_path` instead.The `configs` property of `[plugins."io.containerd.grpc.v1.cri".registry]` is deprecated since containerd v1.5 and will be removed in containerd v2.1. Use `config_path` instead.flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.If specified, the fully qualified Pod hostname will be "...svc.". If not specified, the pod will not have a domainname at all.The number of nodes that are running at least 1 daemon pod and are supposed to run the daemon pod. More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/Strategy indicates the strategy for picking the leader for coordinated leader election (Alpha) Using this field requires the CoordinatedLeaderElection feature gate to be enabled.values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.If set, this represents the .metadata.generation that the pod status was set based upon. This is an alpha field. Enable PodObservedGenerationTracking to be able to use this field.The location of the Certificate Table in the binary makes no sense and is either beyond the boundaries of the file, or in the middle of the PE header; VirtualAddress: %x, Size: %xpolicies is a list of potential scaling polices which can be used during scaling. At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalidaction is what action was taken/failed regarding to the regarding object. It is machine-readable. This field cannot be empty for new Events and it can have at most 128 characters.`spec` is the specification of the desired behavior of a FlowSchema. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statusA single static variable reference is required: only attribute access and indexing with constant keys. No calculations, function calls, template expressions, etc are allowed here.fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probesDEPRECATED - This group version of DaemonSet is deprecated by apps/v1/DaemonSet. See the release notes for more information. DaemonSet represents the configuration of a daemon set.`service` is a reference to the service for this webhook. Either `service` or `url` must be specified. If the webhook is running within the cluster, then you should use `service`.NonResourceRules is the list of actions the subject is allowed to perform on non-resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.Subject matches the originator of a request, as identified by the request authentication system. There are three ways of matching an originator; by user, group, or service account.NetworkPolicyIngressRule describes a particular set of traffic that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and from.The `auths` property of `[plugins."io.containerd.grpc.v1.cri".registry]` is deprecated since containerd v1.3 and will be removed in containerd v2.1. Use `ImagePullSecrets` instead.Use 'cx --help' for more information about a command. Read the manual at https://checkmarx.com/resource/documents/en/34965-68620-checkmarx-one-cli-tool.htmlfsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.NodePhase is the recently observed lifecycle phase of the node. More info: https://kubernetes.io/docs/concepts/nodes/node/#phase The field is never populated, and now is deprecated.EnableServiceLinks indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Defaults to true.Replicas is the most recently observed number of replicas. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontrollerCount of hash collisions for the Deployment. The Deployment controller uses this field as a collision avoidance mechanism when it needs to create the name for the newest ReplicaSet.Most recent generation observed when updating this PDB status. DisruptionsAllowed and other status information is valid only if observedGeneration equals to PDB's object generation.ResourceClaimConsumerReference contains enough information to let you locate the consumer of a ResourceClaim. The user must be a resource in the same namespace as the ResourceClaim.SCS scan warning: Unable to start Scorecard scan due to missing required flags, please include in the ast-cli arguments: --scs-repo-url your_repo_url --scs-repo-token your_repo_tokenreadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-podWhether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.Resources represents the compute resource requests and limits that have been successfully enacted on the running container after it has been started or has been successfully resized.currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaimIf set, this represents the .metadata.generation that the pod condition was set based upon. This is an alpha field. Enable PodObservedGenerationTracking to be able to use this field.PodStatus represents information about the status of a pod. Status may trail the actual state of a system, especially if the node that hosts the pod cannot contact the control plane.If this expression is intended to be a reference, wrap it in parentheses. If it's instead intended as a literal name containing periods, wrap it in quotes to create a string literal.PodResourceClaimStatus is stored in the PodStatus for each PodResourceClaim which references a ResourceClaimTemplate. It stores the generated name for the corresponding ResourceClaim.iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes/#iscsiLabel query over pods whose evictions are managed by the disruption budget. A null selector will match no pods, while an empty ({}) selector will select all pods within the namespace.ClusterRoleBindingList is a collection of ClusterRoleBindings. Deprecated in v1.17 in favor of rbac.authorization.k8s.io/v1 ClusterRoleBindings, and will no longer be served in v1.22. $ cx scan asca --file-source --asca-latest-version $ cx scan asca --file-source --ignored-file-path image %s could not be accessed on a registry to record its digest. Each node will access %s independently, possibly leading to different nodes running different versions of the image. Spec defines the specification of the desired behavior of the ReplicaSet. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statusa mandatory memory allocator wasn't provided, this might have a negative impact on performance, check invocations of EncodeWithAllocator method, falling back on runtime.SimpleAllocatoraverageUtilization is the current value of the average of the resource metric across all relevant pods, represented as a percentage of the requested value of the resource for the pods.Counters defines the set of counters for this CounterSet The name of each counter must be unique in that set and must be a DNS label. The maximum number of counters in all sets is 32.fsType is the Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.SecretEnvSource selects a Secret to populate the environment variables with. The contents of the target Secret's Data field will represent the key-value pairs as environment variables.Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probesDEPRECATED - This group version of DaemonSet is deprecated by apps/v1beta2/DaemonSet. See the release notes for more information. DaemonSet represents the configuration of a daemon set.Resources is a list of resources this rule applies to. "*" means all in the specified apiGroups. "*/foo" represents the subresource 'foo' for all resources in the specified apiGroups.Status of the condition, one of True, False, Unknown. Approved, Denied, and Failed conditions may not be "False" or "Unknown". Defaults to "True". If unset, should be treated as "True".tolerations are appended (excluding duplicates) to pods running with this RuntimeClass during admission, effectively unioning the set of nodes tolerated by the pod and the RuntimeClass.attachError represents the last error encountered during attach operation, if any. This field must only be set by the entity completing the attach operation, i.e. the external-attacher.detachError represents the last error encountered during detach operation, if any. This field must only be set by the entity completing the detach operation, i.e. the external-attacher.Elements of a set are identified only by their value and don't have any separate index or key to select with, so it's only possible to perform operations across all elements of the set.status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaimsServiceAccount binds together: * a name, understood by users, and perhaps by peripheral systems, for an identity * a principal that can be authenticated and authorized * a set of secretsClusterRoleBindingList is a collection of ClusterRoleBindings. Deprecated in v1.17 in favor of rbac.authorization.k8s.io/v1 ClusterRoleBindingList, and will no longer be served in v1.22.Spec for the ResourceClaim. The entire content is copied unchanged into the ResourceClaim that gets created from this template. The same fields as in a ResourceClaim are also valid here.Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.You must provide one or more resources by argument or filename. Example resource specifications include: '-f rsrc.yaml' '--filename=rsrc.json' ' ' ''Specification of the desired behavior of a cron job, including the schedule. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statusCount of hash collisions for the DaemonSet. The DaemonSet controller uses this field as a collision avoidance mechanism when it needs to create the name for the newest ControllerRevision.`spec` is the specification of the desired behavior of a "request-priority". More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statusNodeName identifies the node where the device is available. Must only be set if Spec.PerDeviceNodeSelection is set to true. At most one of NodeName, NodeSelector and AllNodes can be set.Invalid value for --container-images flag. Registry format must specify a single image, not just a registry URL. Use format: registry:/: or registry::timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". Default value is 10800(for 3 hours).A node selector represents the union of the results of one or more label queries over a set of nodes; that is, it represents the OR of the selectors represented by the node selector terms.appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows.terminating indicates that this endpoint is terminating. A nil value indicates an unknown state. Consumers should interpret this unknown state to mean that the endpoint is not terminating.ClusterRoleSelectors holds a list of selectors which will be used to find ClusterRoles and create the rules. If any of the selectors match, then the ClusterRole's permissions will be addedDevices contains the status of each device allocated for this claim, as reported by the driver. This can include driver-specific information. Entries are owned by their respective drivers.Describes the ResourceClaim that is to be generated. This field is immutable. A ResourceClaim will get created by the control plane for a Pod when needed and then not get updated anymore.AllNodes indicates that all nodes have access to the device. Must only be set if Spec.PerDeviceNodeSelection is set to true. At most one of NodeName, NodeSelector and AllNodes can be set.Most recently observed status of the node. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statusKey is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.targetAverageUtilization is the target value of the average of the resource metric across all relevant pods, represented as a percentage of the requested value of the resource for the pods.Transforms a list, set, or tuple value into a tuple by replacing any given elements that are themselves sequences with a flattened tuple of all of the nested elements concatenated together.PartialObjectMetadata is a generic representation of any object with ObjectMeta. It allows clients to get access to a particular ObjectMeta schema without knowing the details of the version.readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-itOptional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.overhead represents the resource overhead associated with running a pod for a given RuntimeClass. For more details, see https://kubernetes.io/docs/concepts/scheduling-eviction/pod-overhead/
Policy Rule Break Build