misconfigurations:
  - id: AVD-KSV-0121
    statement: Some plugins require access to various host paths
    paths:
      - dlb_plugin/base/intel-dlb-plugin.yaml
      - fpga_plugin/base/intel-fpga-plugin-daemonset.yaml
      - qat_plugin/base/intel-qat-kernel-plugin.yaml
      - qat_plugin/overlays/qat_initcontainer/qat_initcontainer.yaml

  - id: AVD-KSV-0017
    statement: initcontainers require privileged access
    paths:
      - dlb_plugin/overlays/dlb_initcontainer/dlb_initcontainer.yaml
      - dsa_plugin/overlays/dsa_initcontainer/dsa_initcontainer.yaml
      - iaa_plugin/overlays/iaa_initcontainer/iaa_initcontainer.yaml
      - qat_plugin/base/intel-qat-kernel-plugin.yaml
      - qat_plugin/overlays/qat_initcontainer/qat_initcontainer.yaml

  - id: AVD-KSV-0047
    statement: gpu plugin in kubelet mode requires "nodes/proxy" resource access
    paths:
      - gpu_plugin/overlays/fractional_resources/gpu-manager-role.yaml
      - operator/rbac/gpu_manager_role.yaml
      - operator/rbac/role.yaml

  - id: AVD-KSV-0014
    statement: These are false detections for not setting "readOnlyFilesystem"
    paths:
      - fpga_plugin/overlays/region/mode-region.yaml
      - gpu_plugin/overlays/fractional_resources/add-mounts.yaml
      - gpu_plugin/overlays/fractional_resources/add-args.yaml
      - gpu_plugin/overlays/fractional_resources/gpu-manager-role.yaml
      - gpu_plugin/overlays/monitoring_shared-dev_nfd/add-args.yaml
      - gpu_plugin/overlays/nfd_labeled_nodes/add-args.yaml
      - iaa_plugin/overlays/iaa_initcontainer/iaa_initcontainer.yaml
      - fpga_admissionwebhook/base/manager_webhook_patch.yaml
      - operator/device/dlb/dlb.yaml
      - operator/device/dsa/dsa.yaml
      - operator/device/fpga/fpga.yaml
      - operator/device/gpu/gpu.yaml
      - operator/device/qat/qat.yaml
      - operator/device/sgx/sgx.yaml
      - gpu_tensorflow_test/deployment.yaml
      - sgx_enclave_apps/overlays/sgx_ecdsa_inproc_quote/add_sgx_default_qcnl_conf.yaml
      - xpumanager_sidecar/kustom/kustom_xpumanager.yaml
      - operator/default/manager_auth_proxy_patch.yaml
      - operator/default/manager_webhook_patch.yaml
      - qat_plugin/overlays/debug/add-args.yaml
      - qat_plugin/overlays/e2e/add-args.yaml
      - qat_plugin/overlays/debug/add-args.yaml
      - sgx_admissionwebhook/base/manager_webhook_patch.yaml