fix: fix queries tags

Author: Arta Asadi

queries/k8/k8s_clusterrolebindings_granting_cluster_admin.yaml

@@ -50,10 +50,14 @@ query: |
     crb.platform_integration_id ASC,
     resource ASC;
 tags:
-  asset: Kubernetes
-  value: Enforce Least Privilege
-  outcome: Reduce Security Risk
-  standard: CIS Kubernetes Benchmark
+  asset:
+    - Kubernetes
+  value:
+    - Enforce Least Privilege
+  outcome:
+    - Reduce Security Risk
+  standard:
+    - CIS Kubernetes Benchmark
 classification:
   - [ "Security", "IAM", "Admin Rights" ]
   - [ "Security", "IAM", "Excessive Permissions" ]

queries/k8/k8s_containers_running_as_root.yaml

@@ -50,10 +50,14 @@ query: |
     p.platform_integration_id ASC,
     resource ASC;
 tags:
-  asset: Kubernetes
-  value: Reduce Security Risk
-  outcome: Limit Blast Radius
-  standard: CIS Kubernetes Benchmark
+  asset:
+    - Kubernetes
+  value:
+    - Reduce Security Risk
+  outcome:
+    - Limit Blast Radius
+  standard:
+    - CIS Kubernetes Benchmark
 classification:
   - [ "Security", "Workload Configuration" ]
   - [ "Security", "Vulnerabilities", "Containers" ]

queries/k8/k8s_ingress_without_tls.yaml

@@ -30,10 +30,14 @@ query: |
     i.platform_integration_id ASC,
     resource ASC;
 tags:
-  asset: Kubernetes
-  value: Enhance Data Security
-  outcome: Enforce Encryption
-  standard: CIS Kubernetes Benchmark
+  asset:
+    - Kubernetes
+  value:
+    - Enhance Data Security
+  outcome:
+    - Enforce Encryption
+  standard:
+    - CIS Kubernetes Benchmark
 classification:
   - [ "Security", "Web Security" ]
   - [ "Security", "Data Protection" ]

queries/k8/k8s_pod_privileged_containers.yaml

@@ -32,9 +32,12 @@ query: |
     p.platform_integration_id ASC,
     resource ASC;
 tags:
-  asset: Kubernetes
-  value: Reduce Security Risk
-  outcome: Limit Blast Radius
+  asset:
+    - Kubernetes
+  value:
+    - Reduce Security Risk
+  outcome:
+    - Limit Blast Radius
 classification:
   - [ "Security", "Workload Configuration" ]
   - [ "Security", "Vulnerabilities", "Containers" ]

queries/k8/k8s_pods_mounting_sensitive_hostpaths.yaml

@@ -42,12 +42,15 @@ query: |
     p.platform_integration_id ASC,
     resource ASC;
 tags:
-  asset: Kubernetes
-  value: Reduce Attack Surface
+  asset:
+    - Kubernetes
+  value:
+    - Reduce Attack Surface
   outcome: # Use list format for multiple outcomes
     - Enhance Isolation
     - Prevent Container Escape
-  standard: CIS Kubernetes Benchmark
+  standard:
+    - CIS Kubernetes Benchmark
 classification:
   - [ "Security", "Workload Configuration" ]
   - [ "Security", "Vulnerabilities", "Configuration" ]

queries/k8/k8s_pods_using_host_network.yaml

@@ -28,10 +28,14 @@ query: |
     p.platform_integration_id ASC,
     resource ASC;
 tags:
-  asset: Kubernetes
-  value: Reduce Attack Surface
-  outcome: Enhance Isolation
-  standard: CIS Kubernetes Benchmark
+  asset:
+    - Kubernetes
+  value:
+    - Reduce Attack Surface
+  outcome:
+    - Enhance Isolation
+  standard:
+    - CIS Kubernetes Benchmark
 classification:
   - [ "Security", "Workload Configuration" ]
   - [ "Security", "Vulnerabilities", "Configuration" ]

queries/k8/k8s_pods_using_host_pid_ipc.yaml

@@ -33,10 +33,14 @@ query: |
     p.platform_integration_id ASC,
     resource ASC;
 tags:
-  asset: Kubernetes
-  value: Reduce Attack Surface
-  outcome: Enhance Isolation
-  standard: CIS Kubernetes Benchmark
+  asset:
+    - Kubernetes
+  value:
+    - Reduce Attack Surface
+  outcome:
+    - Enhance Isolation
+  standard:
+    - CIS Kubernetes Benchmark
 classification:
   - [ "Security", "Workload Configuration" ]
   - [ "Security", "Vulnerabilities", "Configuration" ]

queries/k8/k8s_rbac_wildcard_permissions.yaml

@@ -65,10 +65,14 @@ query: |
     rww.platform_integration_id ASC,
     resource ASC;
 tags:
-  asset: Kubernetes
-  value: Enforce Least Privilege
-  outcome: Reduce Security Risk
-  standard: CIS Kubernetes Benchmark
+  asset:
+    - Kubernetes
+  value:
+    - Enforce Least Privilege
+  outcome:
+    - Reduce Security Risk
+  standard:
+    - CIS Kubernetes Benchmark
 classification:
   - [ "Security", "IAM", "Excessive Permissions" ]
   - [ "Infrastructure", "Kubernetes", "Access Control" ]

queries/k8/k8s_services_exposed_externally.yaml

@@ -31,9 +31,12 @@ query: |
     s.platform_integration_id ASC,
     resource ASC;
 tags:
-  asset: Kubernetes
-  value: Reduce Attack Surface
-  outcome: Control Network Exposure
+  asset:
+    - Kubernetes
+  value:
+    - Reduce Attack Surface
+  outcome:
+    - Control Network Exposure
 classification:
   - [ "Security", "Public Exposure" ]
   - [ "Infrastructure", "Kubernetes", "Networking" ]

queries/k8/pods_running_in_default_namespace.yaml

@@ -30,11 +30,13 @@ query: |
     p.platform_integration_id ASC,
     resource ASC;
 tags:
-  asset: Kubernetes
+  asset:
+    - Kubernetes
   value: # Use list format for multiple values
     - Improve Organization
     - Enhance Security Posture
-  outcome: Facilitate Policy Enforcement
+  outcome:
+    - Facilitate Policy Enforcement
 classification:
   - [ "Security", "Workload Configuration" ]
   - [ "Infrastructure", "Kubernetes", "Configuration" ]

queries/k8/privileged_containers.yaml

@@ -83,9 +83,12 @@ query: |
     resource ASC,
     pp.container_name ASC; -- Include container name in ordering
 tags:
-  asset: Kubernetes
-  value: Reduce Security Risk
-  outcome: Limit Blast Radius
+  asset:
+    - Kubernetes
+  value:
+    - Reduce Security Risk
+  outcome:
+    - Limit Blast Radius
 classification:
   - [ "Security", "Workload Configuration" ]
   - [ "Security", "Vulnerabilities", "Containers" ]