titan-iac/ci/titan-iac-trivy-waivers.json

{
  "version": 1,
  "generated_from": "Jenkins titan-iac build 225 Trivy filesystem scan",
  "default_expires_at": "2026-05-22",
  "ticket": "atlas-quality-wave-k8s-hardening",
  "default_reason": "Existing Kubernetes manifest hardening baseline accepted only for the first quality-gate rollout; fix or renew explicitly before expiry.",
  "misconfigurations": [
    {
      "id": "DS-0002",
      "targets": [
        "dockerfiles/Dockerfile.ananke-node-helper"
      ]
    },
    {
      "id": "KSV-0009",
      "targets": [
        "services/mailu/vip-controller.yaml",
        "services/maintenance/k3s-agent-restart-daemonset.yaml"
      ]
    },
    {
      "id": "KSV-0010",
      "targets": [
        "services/maintenance/k3s-agent-restart-daemonset.yaml",
        "services/maintenance/metis-sentinel-amd64-daemonset.yaml",
        "services/maintenance/metis-sentinel-arm64-daemonset.yaml",
        "services/monitoring/jetson-tegrastats-exporter.yaml"
      ]
    },
    {
      "id": "KSV-0014",
      "targets": [
        "infrastructure/cert-manager/cleanup/cert-manager-cleanup-job.yaml",
        "infrastructure/core/ntp-sync-daemonset.yaml",
        "infrastructure/longhorn/adopt/longhorn-helm-adopt-job.yaml",
        "infrastructure/longhorn/core/longhorn-disk-tags-ensure-job.yaml",
        "infrastructure/longhorn/core/longhorn-settings-ensure-job.yaml",
        "infrastructure/longhorn/core/vault-sync-deployment.yaml",
        "infrastructure/longhorn/ui-ingress/oauth2-proxy-longhorn.yaml",
        "infrastructure/modules/profiles/components/device-plugin-jetson/daemonset.yaml",
        "infrastructure/modules/profiles/components/device-plugin-minipc/daemonset.yaml",
        "infrastructure/modules/profiles/components/device-plugin-tethys/daemonset.yaml",
        "infrastructure/postgres/statefulset.yaml",
        "infrastructure/vault-csi/vault-csi-provider.yaml",
        "services/ai-llm/deployment.yaml",
        "services/bstein-dev-home/backend-deployment.yaml",
        "services/bstein-dev-home/chat-ai-gateway-deployment.yaml",
        "services/bstein-dev-home/frontend-deployment.yaml",
        "services/bstein-dev-home/oneoffs/migrations/portal-migrate-job.yaml",
        "services/bstein-dev-home/oneoffs/portal-onboarding-e2e-test-job.yaml",
        "services/bstein-dev-home/vault-sync-deployment.yaml",
        "services/bstein-dev-home/vaultwarden-cred-sync-cronjob.yaml",
        "services/comms/atlasbot-deployment.yaml",
        "services/comms/coturn.yaml",
        "services/comms/element-call-deployment.yaml",
        "services/comms/guest-name-job.yaml",
        "services/comms/guest-register-deployment.yaml",
        "services/comms/livekit-token-deployment.yaml",
        "services/comms/livekit.yaml",
        "services/comms/mas-deployment.yaml",
        "services/comms/oneoffs/bstein-force-leave-job.yaml",
        "services/comms/oneoffs/comms-secrets-ensure-job.yaml",
        "services/comms/oneoffs/mas-admin-client-secret-ensure-job.yaml",
        "services/comms/oneoffs/mas-db-ensure-job.yaml",
        "services/comms/oneoffs/mas-local-users-ensure-job.yaml",
        "services/comms/oneoffs/othrys-kick-numeric-job.yaml",
        "services/comms/oneoffs/synapse-admin-ensure-job.yaml",
        "services/comms/oneoffs/synapse-seeder-admin-ensure-job.yaml",
        "services/comms/oneoffs/synapse-signingkey-ensure-job.yaml",
        "services/comms/oneoffs/synapse-user-seed-job.yaml",
        "services/comms/pin-othrys-job.yaml",
        "services/comms/reset-othrys-room-job.yaml",
        "services/comms/seed-othrys-room.yaml",
        "services/comms/vault-sync-deployment.yaml",
        "services/comms/wellknown.yaml",
        "services/crypto/monerod/deployment.yaml",
        "services/crypto/wallet-monero-temp/deployment.yaml",
        "services/crypto/xmr-miner/deployment.yaml",
        "services/crypto/xmr-miner/vault-sync-deployment.yaml",
        "services/crypto/xmr-miner/xmrig-daemonset.yaml",
        "services/finance/actual-budget-deployment.yaml",
        "services/finance/firefly-cronjob.yaml",
        "services/finance/firefly-deployment.yaml",
        "services/finance/firefly-user-sync-cronjob.yaml",
        "services/finance/oneoffs/finance-secrets-ensure-job.yaml",
        "services/gitea/deployment.yaml",
        "services/harbor/vault-sync-deployment.yaml",
        "services/health/wger-admin-ensure-cronjob.yaml",
        "services/health/wger-deployment.yaml",
        "services/health/wger-user-sync-cronjob.yaml",
        "services/jellyfin/deployment.yaml",
        "services/jellyfin/loader.yaml",
        "services/jenkins/deployment.yaml",
        "services/jenkins/vault-sync-deployment.yaml",
        "services/keycloak/deployment.yaml",
        "services/keycloak/oneoffs/actual-oidc-secret-ensure-job.yaml",
        "services/keycloak/oneoffs/harbor-oidc-secret-ensure-job.yaml",
        "services/keycloak/oneoffs/ldap-federation-job.yaml",
        "services/keycloak/oneoffs/logs-oidc-secret-ensure-job.yaml",
        "services/keycloak/oneoffs/mas-secrets-ensure-job.yaml",
        "services/keycloak/oneoffs/metis-oidc-secret-ensure-job.yaml",
        "services/keycloak/oneoffs/metis-ssh-keys-secret-ensure-job.yaml",
        "services/keycloak/oneoffs/portal-admin-client-secret-ensure-job.yaml",
        "services/keycloak/oneoffs/portal-e2e-client-job.yaml",
        "services/keycloak/oneoffs/portal-e2e-execute-actions-email-test-job.yaml",
        "services/keycloak/oneoffs/portal-e2e-target-client-job.yaml",
        "services/keycloak/oneoffs/portal-e2e-token-exchange-permissions-job.yaml",
        "services/keycloak/oneoffs/portal-e2e-token-exchange-test-job.yaml",
        "services/keycloak/oneoffs/quality-oidc-secret-ensure-job.yaml",
        "services/keycloak/oneoffs/realm-settings-job.yaml",
        "services/keycloak/oneoffs/soteria-oidc-secret-ensure-job.yaml",
        "services/keycloak/oneoffs/synapse-oidc-secret-ensure-job.yaml",
        "services/keycloak/oneoffs/user-overrides-job.yaml",
        "services/keycloak/oneoffs/vault-oidc-secret-ensure-job.yaml",
        "services/keycloak/vault-sync-deployment.yaml",
        "services/logging/node-image-gc-rpi4-daemonset.yaml",
        "services/logging/node-image-prune-rpi5-daemonset.yaml",
        "services/logging/node-log-rotation-daemonset.yaml",
        "services/logging/oauth2-proxy.yaml",
        "services/logging/oneoffs/opensearch-dashboards-setup-job.yaml",
        "services/logging/oneoffs/opensearch-ism-job.yaml",
        "services/logging/oneoffs/opensearch-observability-setup-job.yaml",
        "services/logging/opensearch-prune-cronjob.yaml",
        "services/logging/vault-sync-deployment.yaml",
        "services/mailu/mailu-sync-cronjob.yaml",
        "services/mailu/mailu-sync-listener.yaml",
        "services/mailu/oneoffs/mailu-sync-job.yaml",
        "services/mailu/vault-sync-deployment.yaml",
        "services/mailu/vip-controller.yaml",
        "services/maintenance/ariadne-deployment.yaml",
        "services/maintenance/disable-k3s-traefik-daemonset.yaml",
        "services/maintenance/image-sweeper-cronjob.yaml",
        "services/maintenance/k3s-agent-restart-daemonset.yaml",
        "services/maintenance/metis-deployment.yaml",
        "services/maintenance/metis-k3s-token-sync-cronjob.yaml",
        "services/maintenance/metis-sentinel-amd64-daemonset.yaml",
        "services/maintenance/metis-sentinel-arm64-daemonset.yaml",
        "services/maintenance/node-image-sweeper-daemonset.yaml",
        "services/maintenance/node-nofile-daemonset.yaml",
        "services/maintenance/oauth2-proxy-metis.yaml",
        "services/maintenance/oauth2-proxy-soteria.yaml",
        "services/maintenance/oneoffs/ariadne-migrate-job.yaml",
        "services/maintenance/oneoffs/k3s-traefik-cleanup-job.yaml",
        "services/maintenance/oneoffs/titan-24-rootfs-sweep-job.yaml",
        "services/maintenance/pod-cleaner-cronjob.yaml",
        "services/maintenance/soteria-deployment.yaml",
        "services/maintenance/vault-sync-deployment.yaml",
        "services/monitoring/dcgm-exporter.yaml",
        "services/monitoring/jetson-tegrastats-exporter.yaml",
        "services/monitoring/oneoffs/grafana-org-bootstrap.yaml",
        "services/monitoring/oneoffs/grafana-user-dedupe-job.yaml",
        "services/monitoring/platform-quality-gateway-deployment.yaml",
        "services/monitoring/platform-quality-suite-probe-cronjob.yaml",
        "services/monitoring/postmark-exporter-deployment.yaml",
        "services/monitoring/vault-sync-deployment.yaml",
        "services/nextcloud-mail-sync/cronjob.yaml",
        "services/nextcloud/collabora.yaml",
        "services/nextcloud/cronjob.yaml",
        "services/nextcloud/deployment.yaml",
        "services/nextcloud/maintenance-cronjob.yaml",
        "services/oauth2-proxy/deployment.yaml",
        "services/openldap/statefulset.yaml",
        "services/outline/deployment.yaml",
        "services/outline/redis-deployment.yaml",
        "services/pegasus/deployment.yaml",
        "services/pegasus/vault-sync-deployment.yaml",
        "services/planka/deployment.yaml",
        "services/quality/oauth2-proxy-sonarqube.yaml",
        "services/quality/sonarqube-deployment.yaml",
        "services/quality/sonarqube-exporter-deployment.yaml",
        "services/sui-metrics/base/deployment.yaml",
        "services/typhon/vault-sync-deployment.yaml",
        "services/vault/k8s-auth-config-cronjob.yaml",
        "services/vault/oidc-config-cronjob.yaml",
        "services/vault/statefulset.yaml",
        "services/vaultwarden/deployment.yaml"
      ]
    },
    {
      "id": "KSV-0017",
      "targets": [
        "infrastructure/modules/profiles/components/device-plugin-jetson/daemonset.yaml",
        "infrastructure/modules/profiles/components/device-plugin-minipc/daemonset.yaml",
        "infrastructure/modules/profiles/components/device-plugin-tethys/daemonset.yaml",
        "services/logging/node-image-gc-rpi4-daemonset.yaml",
        "services/logging/node-image-prune-rpi5-daemonset.yaml",
        "services/logging/node-log-rotation-daemonset.yaml",
        "services/maintenance/disable-k3s-traefik-daemonset.yaml",
        "services/maintenance/image-sweeper-cronjob.yaml",
        "services/maintenance/k3s-agent-restart-daemonset.yaml",
        "services/maintenance/metis-deployment.yaml",
        "services/maintenance/metis-sentinel-amd64-daemonset.yaml",
        "services/maintenance/metis-sentinel-arm64-daemonset.yaml",
        "services/maintenance/node-image-sweeper-daemonset.yaml",
        "services/maintenance/node-nofile-daemonset.yaml",
        "services/maintenance/oneoffs/titan-24-rootfs-sweep-job.yaml",
        "services/monitoring/dcgm-exporter.yaml",
        "services/monitoring/jetson-tegrastats-exporter.yaml"
      ]
    },
    {
      "id": "KSV-0041",
      "targets": [
        "infrastructure/cert-manager/cleanup/cert-manager-cleanup-rbac.yaml",
        "infrastructure/longhorn/adopt/longhorn-adopt-rbac.yaml",
        "infrastructure/traefik/clusterrole.yaml",
        "services/bstein-dev-home/rbac.yaml",
        "services/comms/comms-secrets-ensure-rbac.yaml",
        "services/comms/mas-db-ensure-rbac.yaml",
        "services/comms/mas-secrets-ensure-rbac.yaml",
        "services/maintenance/soteria-rbac.yaml"
      ]
    },
    {
      "id": "KSV-0047",
      "targets": [
        "services/monitoring/rbac.yaml"
      ]
    },
    {
      "id": "KSV-0053",
      "targets": [
        "services/comms/comms-secrets-ensure-rbac.yaml",
        "services/comms/mas-db-ensure-rbac.yaml",
        "services/jenkins/serviceaccount.yaml",
        "services/maintenance/ariadne-rbac.yaml"
      ]
    },
    {
      "id": "KSV-0056",
      "targets": [
        "infrastructure/cert-manager/cleanup/cert-manager-cleanup-rbac.yaml",
        "infrastructure/longhorn/adopt/longhorn-adopt-rbac.yaml",
        "services/jenkins/serviceaccount.yaml",
        "services/maintenance/disable-k3s-traefik-rbac.yaml",
        "services/maintenance/k3s-traefik-cleanup-rbac.yaml"
      ]
    },
    {
      "id": "KSV-0114",
      "targets": [
        "infrastructure/cert-manager/cleanup/cert-manager-cleanup-rbac.yaml"
      ]
    },
    {
      "id": "KSV-0118",
      "targets": [
        "infrastructure/cert-manager/cleanup/cert-manager-cleanup-job.yaml",
        "infrastructure/core/coredns-deployment.yaml",
        "infrastructure/core/ntp-sync-daemonset.yaml",
        "infrastructure/longhorn/adopt/longhorn-helm-adopt-job.yaml",
        "infrastructure/longhorn/core/longhorn-disk-tags-ensure-job.yaml",
        "infrastructure/longhorn/core/longhorn-settings-ensure-job.yaml",
        "infrastructure/longhorn/core/vault-sync-deployment.yaml",
        "infrastructure/longhorn/ui-ingress/oauth2-proxy-longhorn.yaml",
        "infrastructure/modules/profiles/components/device-plugin-jetson/daemonset.yaml",
        "infrastructure/modules/profiles/components/device-plugin-minipc/daemonset.yaml",
        "infrastructure/modules/profiles/components/device-plugin-tethys/daemonset.yaml",
        "infrastructure/postgres/statefulset.yaml",
        "infrastructure/vault-csi/vault-csi-provider.yaml",
        "services/ai-llm/deployment.yaml",
        "services/bstein-dev-home/backend-deployment.yaml",
        "services/bstein-dev-home/chat-ai-gateway-deployment.yaml",
        "services/bstein-dev-home/frontend-deployment.yaml",
        "services/bstein-dev-home/oneoffs/migrations/portal-migrate-job.yaml",
        "services/bstein-dev-home/oneoffs/portal-onboarding-e2e-test-job.yaml",
        "services/bstein-dev-home/vault-sync-deployment.yaml",
        "services/bstein-dev-home/vaultwarden-cred-sync-cronjob.yaml",
        "services/comms/atlasbot-deployment.yaml",
        "services/comms/coturn.yaml",
        "services/comms/element-call-deployment.yaml",
        "services/comms/guest-name-job.yaml",
        "services/comms/livekit-token-deployment.yaml",
        "services/comms/livekit.yaml",
        "services/comms/mas-deployment.yaml",
        "services/comms/oneoffs/bstein-force-leave-job.yaml",
        "services/comms/oneoffs/comms-secrets-ensure-job.yaml",
        "services/comms/oneoffs/mas-admin-client-secret-ensure-job.yaml",
        "services/comms/oneoffs/mas-db-ensure-job.yaml",
        "services/comms/oneoffs/mas-local-users-ensure-job.yaml",
        "services/comms/oneoffs/othrys-kick-numeric-job.yaml",
        "services/comms/oneoffs/synapse-admin-ensure-job.yaml",
        "services/comms/oneoffs/synapse-seeder-admin-ensure-job.yaml",
        "services/comms/oneoffs/synapse-signingkey-ensure-job.yaml",
        "services/comms/oneoffs/synapse-user-seed-job.yaml",
        "services/comms/pin-othrys-job.yaml",
        "services/comms/reset-othrys-room-job.yaml",
        "services/comms/seed-othrys-room.yaml",
        "services/comms/vault-sync-deployment.yaml",
        "services/comms/wellknown.yaml",
        "services/crypto/monerod/deployment.yaml",
        "services/crypto/wallet-monero-temp/deployment.yaml",
        "services/crypto/xmr-miner/deployment.yaml",
        "services/crypto/xmr-miner/vault-sync-deployment.yaml",
        "services/crypto/xmr-miner/xmrig-daemonset.yaml",
        "services/finance/firefly-cronjob.yaml",
        "services/finance/firefly-deployment.yaml",
        "services/finance/firefly-user-sync-cronjob.yaml",
        "services/finance/oneoffs/finance-secrets-ensure-job.yaml",
        "services/gitea/deployment.yaml",
        "services/harbor/vault-sync-deployment.yaml",
        "services/health/wger-admin-ensure-cronjob.yaml",
        "services/health/wger-deployment.yaml",
        "services/health/wger-user-sync-cronjob.yaml",
        "services/jellyfin/loader.yaml",
        "services/jenkins/deployment.yaml",
        "services/jenkins/vault-sync-deployment.yaml",
        "services/keycloak/oneoffs/actual-oidc-secret-ensure-job.yaml",
        "services/keycloak/oneoffs/harbor-oidc-secret-ensure-job.yaml",
        "services/keycloak/oneoffs/ldap-federation-job.yaml",
        "services/keycloak/oneoffs/logs-oidc-secret-ensure-job.yaml",
        "services/keycloak/oneoffs/mas-secrets-ensure-job.yaml",
        "services/keycloak/oneoffs/metis-oidc-secret-ensure-job.yaml",
        "services/keycloak/oneoffs/metis-ssh-keys-secret-ensure-job.yaml",
        "services/keycloak/oneoffs/portal-admin-client-secret-ensure-job.yaml",
        "services/keycloak/oneoffs/portal-e2e-client-job.yaml",
        "services/keycloak/oneoffs/portal-e2e-execute-actions-email-test-job.yaml",
        "services/keycloak/oneoffs/portal-e2e-target-client-job.yaml",
        "services/keycloak/oneoffs/portal-e2e-token-exchange-permissions-job.yaml",
        "services/keycloak/oneoffs/portal-e2e-token-exchange-test-job.yaml",
        "services/keycloak/oneoffs/quality-oidc-secret-ensure-job.yaml",
        "services/keycloak/oneoffs/realm-settings-job.yaml",
        "services/keycloak/oneoffs/soteria-oidc-secret-ensure-job.yaml",
        "services/keycloak/oneoffs/synapse-oidc-secret-ensure-job.yaml",
        "services/keycloak/oneoffs/user-overrides-job.yaml",
        "services/keycloak/oneoffs/vault-oidc-secret-ensure-job.yaml",
        "services/keycloak/vault-sync-deployment.yaml",
        "services/logging/node-image-gc-rpi4-daemonset.yaml",
        "services/logging/node-image-prune-rpi5-daemonset.yaml",
        "services/logging/node-log-rotation-daemonset.yaml",
        "services/logging/oauth2-proxy.yaml",
        "services/logging/oneoffs/opensearch-dashboards-setup-job.yaml",
        "services/logging/oneoffs/opensearch-ism-job.yaml",
        "services/logging/oneoffs/opensearch-observability-setup-job.yaml",
        "services/logging/opensearch-prune-cronjob.yaml",
        "services/logging/vault-sync-deployment.yaml",
        "services/mailu/mailu-sync-cronjob.yaml",
        "services/mailu/mailu-sync-listener.yaml",
        "services/mailu/oneoffs/mailu-sync-job.yaml",
        "services/mailu/vault-sync-deployment.yaml",
        "services/mailu/vip-controller.yaml",
        "services/maintenance/ariadne-deployment.yaml",
        "services/maintenance/disable-k3s-traefik-daemonset.yaml",
        "services/maintenance/image-sweeper-cronjob.yaml",
        "services/maintenance/k3s-agent-restart-daemonset.yaml",
        "services/maintenance/metis-deployment.yaml",
        "services/maintenance/metis-k3s-token-sync-cronjob.yaml",
        "services/maintenance/metis-sentinel-amd64-daemonset.yaml",
        "services/maintenance/metis-sentinel-arm64-daemonset.yaml",
        "services/maintenance/node-image-sweeper-daemonset.yaml",
        "services/maintenance/node-nofile-daemonset.yaml",
        "services/maintenance/oauth2-proxy-metis.yaml",
        "services/maintenance/oauth2-proxy-soteria.yaml",
        "services/maintenance/oneoffs/ariadne-migrate-job.yaml",
        "services/maintenance/oneoffs/k3s-traefik-cleanup-job.yaml",
        "services/maintenance/oneoffs/titan-24-rootfs-sweep-job.yaml",
        "services/maintenance/pod-cleaner-cronjob.yaml",
        "services/maintenance/soteria-deployment.yaml",
        "services/maintenance/vault-sync-deployment.yaml",
        "services/monitoring/dcgm-exporter.yaml",
        "services/monitoring/jetson-tegrastats-exporter.yaml",
        "services/monitoring/oneoffs/grafana-org-bootstrap.yaml",
        "services/monitoring/oneoffs/grafana-user-dedupe-job.yaml",
        "services/monitoring/platform-quality-gateway-deployment.yaml",
        "services/monitoring/platform-quality-suite-probe-cronjob.yaml",
        "services/monitoring/postmark-exporter-deployment.yaml",
        "services/monitoring/vault-sync-deployment.yaml",
        "services/nextcloud/collabora.yaml",
        "services/oauth2-proxy/deployment.yaml",
        "services/openldap/statefulset.yaml",
        "services/outline/deployment.yaml",
        "services/outline/redis-deployment.yaml",
        "services/pegasus/vault-sync-deployment.yaml",
        "services/quality/oauth2-proxy-sonarqube.yaml",
        "services/quality/sonarqube-deployment.yaml",
        "services/quality/sonarqube-exporter-deployment.yaml",
        "services/sui-metrics/base/deployment.yaml",
        "services/sui-metrics/overlays/atlas/patch-node-selector.yaml",
        "services/typhon/deployment.yaml",
        "services/typhon/vault-sync-deployment.yaml",
        "services/vault/k8s-auth-config-cronjob.yaml",
        "services/vault/oidc-config-cronjob.yaml",
        "services/vaultwarden/deployment.yaml"
      ]
    },
    {
      "id": "KSV-0121",
      "targets": [
        "services/logging/node-image-gc-rpi4-daemonset.yaml",
        "services/logging/node-image-prune-rpi5-daemonset.yaml",
        "services/logging/node-log-rotation-daemonset.yaml",
        "services/maintenance/disable-k3s-traefik-daemonset.yaml",
        "services/maintenance/image-sweeper-cronjob.yaml",
        "services/maintenance/metis-deployment.yaml",
        "services/maintenance/node-image-sweeper-daemonset.yaml",
        "services/maintenance/node-nofile-daemonset.yaml",
        "services/maintenance/oneoffs/titan-24-rootfs-sweep-job.yaml"
      ]
    }
  ]
}
ci(titan-iac): apply supply-chain waiver ledger 2026-04-22 00:41:40 -03:00			`{`
			`"version": 1,`
			`"generated_from": "Jenkins titan-iac build 225 Trivy filesystem scan",`
			`"default_expires_at": "2026-05-22",`
			`"ticket": "atlas-quality-wave-k8s-hardening",`
			`"default_reason": "Existing Kubernetes manifest hardening baseline accepted only for the first quality-gate rollout; fix or renew explicitly before expiry.",`
			`"misconfigurations": [`
			`{`
			`"id": "DS-0002",`
			`"targets": [`
			`"dockerfiles/Dockerfile.ananke-node-helper"`
			`]`
			`},`
			`{`
			`"id": "KSV-0009",`
			`"targets": [`
			`"services/mailu/vip-controller.yaml",`
			`"services/maintenance/k3s-agent-restart-daemonset.yaml"`
			`]`
			`},`
			`{`
			`"id": "KSV-0010",`
			`"targets": [`
			`"services/maintenance/k3s-agent-restart-daemonset.yaml",`
			`"services/maintenance/metis-sentinel-amd64-daemonset.yaml",`
			`"services/maintenance/metis-sentinel-arm64-daemonset.yaml",`
			`"services/monitoring/jetson-tegrastats-exporter.yaml"`
			`]`
			`},`
			`{`
			`"id": "KSV-0014",`
			`"targets": [`
			`"infrastructure/cert-manager/cleanup/cert-manager-cleanup-job.yaml",`
			`"infrastructure/core/ntp-sync-daemonset.yaml",`
			`"infrastructure/longhorn/adopt/longhorn-helm-adopt-job.yaml",`
			`"infrastructure/longhorn/core/longhorn-disk-tags-ensure-job.yaml",`
			`"infrastructure/longhorn/core/longhorn-settings-ensure-job.yaml",`
			`"infrastructure/longhorn/core/vault-sync-deployment.yaml",`
			`"infrastructure/longhorn/ui-ingress/oauth2-proxy-longhorn.yaml",`
			`"infrastructure/modules/profiles/components/device-plugin-jetson/daemonset.yaml",`
			`"infrastructure/modules/profiles/components/device-plugin-minipc/daemonset.yaml",`
			`"infrastructure/modules/profiles/components/device-plugin-tethys/daemonset.yaml",`
			`"infrastructure/postgres/statefulset.yaml",`
			`"infrastructure/vault-csi/vault-csi-provider.yaml",`
			`"services/ai-llm/deployment.yaml",`
			`"services/bstein-dev-home/backend-deployment.yaml",`
			`"services/bstein-dev-home/chat-ai-gateway-deployment.yaml",`
			`"services/bstein-dev-home/frontend-deployment.yaml",`
			`"services/bstein-dev-home/oneoffs/migrations/portal-migrate-job.yaml",`
			`"services/bstein-dev-home/oneoffs/portal-onboarding-e2e-test-job.yaml",`
			`"services/bstein-dev-home/vault-sync-deployment.yaml",`
			`"services/bstein-dev-home/vaultwarden-cred-sync-cronjob.yaml",`
			`"services/comms/atlasbot-deployment.yaml",`
			`"services/comms/coturn.yaml",`
			`"services/comms/element-call-deployment.yaml",`
			`"services/comms/guest-name-job.yaml",`
			`"services/comms/guest-register-deployment.yaml",`
			`"services/comms/livekit-token-deployment.yaml",`
			`"services/comms/livekit.yaml",`
			`"services/comms/mas-deployment.yaml",`
			`"services/comms/oneoffs/bstein-force-leave-job.yaml",`
			`"services/comms/oneoffs/comms-secrets-ensure-job.yaml",`
			`"services/comms/oneoffs/mas-admin-client-secret-ensure-job.yaml",`
			`"services/comms/oneoffs/mas-db-ensure-job.yaml",`
			`"services/comms/oneoffs/mas-local-users-ensure-job.yaml",`
			`"services/comms/oneoffs/othrys-kick-numeric-job.yaml",`
			`"services/comms/oneoffs/synapse-admin-ensure-job.yaml",`
			`"services/comms/oneoffs/synapse-seeder-admin-ensure-job.yaml",`
			`"services/comms/oneoffs/synapse-signingkey-ensure-job.yaml",`
			`"services/comms/oneoffs/synapse-user-seed-job.yaml",`
			`"services/comms/pin-othrys-job.yaml",`
			`"services/comms/reset-othrys-room-job.yaml",`
			`"services/comms/seed-othrys-room.yaml",`
			`"services/comms/vault-sync-deployment.yaml",`
			`"services/comms/wellknown.yaml",`
			`"services/crypto/monerod/deployment.yaml",`
			`"services/crypto/wallet-monero-temp/deployment.yaml",`
			`"services/crypto/xmr-miner/deployment.yaml",`
			`"services/crypto/xmr-miner/vault-sync-deployment.yaml",`
			`"services/crypto/xmr-miner/xmrig-daemonset.yaml",`
			`"services/finance/actual-budget-deployment.yaml",`
			`"services/finance/firefly-cronjob.yaml",`
			`"services/finance/firefly-deployment.yaml",`
			`"services/finance/firefly-user-sync-cronjob.yaml",`
			`"services/finance/oneoffs/finance-secrets-ensure-job.yaml",`
			`"services/gitea/deployment.yaml",`
			`"services/harbor/vault-sync-deployment.yaml",`
			`"services/health/wger-admin-ensure-cronjob.yaml",`
			`"services/health/wger-deployment.yaml",`
			`"services/health/wger-user-sync-cronjob.yaml",`
			`"services/jellyfin/deployment.yaml",`
			`"services/jellyfin/loader.yaml",`
			`"services/jenkins/deployment.yaml",`
			`"services/jenkins/vault-sync-deployment.yaml",`
			`"services/keycloak/deployment.yaml",`
			`"services/keycloak/oneoffs/actual-oidc-secret-ensure-job.yaml",`
			`"services/keycloak/oneoffs/harbor-oidc-secret-ensure-job.yaml",`
			`"services/keycloak/oneoffs/ldap-federation-job.yaml",`
			`"services/keycloak/oneoffs/logs-oidc-secret-ensure-job.yaml",`
			`"services/keycloak/oneoffs/mas-secrets-ensure-job.yaml",`
			`"services/keycloak/oneoffs/metis-oidc-secret-ensure-job.yaml",`
			`"services/keycloak/oneoffs/metis-ssh-keys-secret-ensure-job.yaml",`
			`"services/keycloak/oneoffs/portal-admin-client-secret-ensure-job.yaml",`
			`"services/keycloak/oneoffs/portal-e2e-client-job.yaml",`
			`"services/keycloak/oneoffs/portal-e2e-execute-actions-email-test-job.yaml",`
			`"services/keycloak/oneoffs/portal-e2e-target-client-job.yaml",`
			`"services/keycloak/oneoffs/portal-e2e-token-exchange-permissions-job.yaml",`
			`"services/keycloak/oneoffs/portal-e2e-token-exchange-test-job.yaml",`
			`"services/keycloak/oneoffs/quality-oidc-secret-ensure-job.yaml",`
			`"services/keycloak/oneoffs/realm-settings-job.yaml",`
			`"services/keycloak/oneoffs/soteria-oidc-secret-ensure-job.yaml",`
			`"services/keycloak/oneoffs/synapse-oidc-secret-ensure-job.yaml",`
			`"services/keycloak/oneoffs/user-overrides-job.yaml",`
			`"services/keycloak/oneoffs/vault-oidc-secret-ensure-job.yaml",`
			`"services/keycloak/vault-sync-deployment.yaml",`
			`"services/logging/node-image-gc-rpi4-daemonset.yaml",`
			`"services/logging/node-image-prune-rpi5-daemonset.yaml",`
			`"services/logging/node-log-rotation-daemonset.yaml",`
			`"services/logging/oauth2-proxy.yaml",`
			`"services/logging/oneoffs/opensearch-dashboards-setup-job.yaml",`
			`"services/logging/oneoffs/opensearch-ism-job.yaml",`
			`"services/logging/oneoffs/opensearch-observability-setup-job.yaml",`
			`"services/logging/opensearch-prune-cronjob.yaml",`
			`"services/logging/vault-sync-deployment.yaml",`
			`"services/mailu/mailu-sync-cronjob.yaml",`
			`"services/mailu/mailu-sync-listener.yaml",`
			`"services/mailu/oneoffs/mailu-sync-job.yaml",`
			`"services/mailu/vault-sync-deployment.yaml",`
			`"services/mailu/vip-controller.yaml",`
			`"services/maintenance/ariadne-deployment.yaml",`
			`"services/maintenance/disable-k3s-traefik-daemonset.yaml",`
			`"services/maintenance/image-sweeper-cronjob.yaml",`
			`"services/maintenance/k3s-agent-restart-daemonset.yaml",`
			`"services/maintenance/metis-deployment.yaml",`
			`"services/maintenance/metis-k3s-token-sync-cronjob.yaml",`
			`"services/maintenance/metis-sentinel-amd64-daemonset.yaml",`
			`"services/maintenance/metis-sentinel-arm64-daemonset.yaml",`
			`"services/maintenance/node-image-sweeper-daemonset.yaml",`
			`"services/maintenance/node-nofile-daemonset.yaml",`
			`"services/maintenance/oauth2-proxy-metis.yaml",`
			`"services/maintenance/oauth2-proxy-soteria.yaml",`
			`"services/maintenance/oneoffs/ariadne-migrate-job.yaml",`
			`"services/maintenance/oneoffs/k3s-traefik-cleanup-job.yaml",`
			`"services/maintenance/oneoffs/titan-24-rootfs-sweep-job.yaml",`
			`"services/maintenance/pod-cleaner-cronjob.yaml",`
			`"services/maintenance/soteria-deployment.yaml",`
			`"services/maintenance/vault-sync-deployment.yaml",`
			`"services/monitoring/dcgm-exporter.yaml",`
			`"services/monitoring/jetson-tegrastats-exporter.yaml",`
			`"services/monitoring/oneoffs/grafana-org-bootstrap.yaml",`
			`"services/monitoring/oneoffs/grafana-user-dedupe-job.yaml",`
			`"services/monitoring/platform-quality-gateway-deployment.yaml",`
			`"services/monitoring/platform-quality-suite-probe-cronjob.yaml",`
			`"services/monitoring/postmark-exporter-deployment.yaml",`
			`"services/monitoring/vault-sync-deployment.yaml",`
			`"services/nextcloud-mail-sync/cronjob.yaml",`
			`"services/nextcloud/collabora.yaml",`
			`"services/nextcloud/cronjob.yaml",`
			`"services/nextcloud/deployment.yaml",`
			`"services/nextcloud/maintenance-cronjob.yaml",`
			`"services/oauth2-proxy/deployment.yaml",`
			`"services/openldap/statefulset.yaml",`
			`"services/outline/deployment.yaml",`
			`"services/outline/redis-deployment.yaml",`
			`"services/pegasus/deployment.yaml",`
			`"services/pegasus/vault-sync-deployment.yaml",`
			`"services/planka/deployment.yaml",`
			`"services/quality/oauth2-proxy-sonarqube.yaml",`
			`"services/quality/sonarqube-deployment.yaml",`
			`"services/quality/sonarqube-exporter-deployment.yaml",`
			`"services/sui-metrics/base/deployment.yaml",`
			`"services/typhon/vault-sync-deployment.yaml",`
			`"services/vault/k8s-auth-config-cronjob.yaml",`
			`"services/vault/oidc-config-cronjob.yaml",`
			`"services/vault/statefulset.yaml",`
			`"services/vaultwarden/deployment.yaml"`
			`]`
			`},`
			`{`
			`"id": "KSV-0017",`
			`"targets": [`
			`"infrastructure/modules/profiles/components/device-plugin-jetson/daemonset.yaml",`
			`"infrastructure/modules/profiles/components/device-plugin-minipc/daemonset.yaml",`
			`"infrastructure/modules/profiles/components/device-plugin-tethys/daemonset.yaml",`
			`"services/logging/node-image-gc-rpi4-daemonset.yaml",`
			`"services/logging/node-image-prune-rpi5-daemonset.yaml",`
			`"services/logging/node-log-rotation-daemonset.yaml",`
			`"services/maintenance/disable-k3s-traefik-daemonset.yaml",`
			`"services/maintenance/image-sweeper-cronjob.yaml",`
			`"services/maintenance/k3s-agent-restart-daemonset.yaml",`
			`"services/maintenance/metis-deployment.yaml",`
			`"services/maintenance/metis-sentinel-amd64-daemonset.yaml",`
			`"services/maintenance/metis-sentinel-arm64-daemonset.yaml",`
			`"services/maintenance/node-image-sweeper-daemonset.yaml",`
			`"services/maintenance/node-nofile-daemonset.yaml",`
			`"services/maintenance/oneoffs/titan-24-rootfs-sweep-job.yaml",`
			`"services/monitoring/dcgm-exporter.yaml",`
			`"services/monitoring/jetson-tegrastats-exporter.yaml"`
			`]`
			`},`
			`{`
			`"id": "KSV-0041",`
			`"targets": [`
			`"infrastructure/cert-manager/cleanup/cert-manager-cleanup-rbac.yaml",`
			`"infrastructure/longhorn/adopt/longhorn-adopt-rbac.yaml",`
			`"infrastructure/traefik/clusterrole.yaml",`
			`"services/bstein-dev-home/rbac.yaml",`
			`"services/comms/comms-secrets-ensure-rbac.yaml",`
			`"services/comms/mas-db-ensure-rbac.yaml",`
			`"services/comms/mas-secrets-ensure-rbac.yaml",`
			`"services/maintenance/soteria-rbac.yaml"`
			`]`
			`},`
			`{`
			`"id": "KSV-0047",`
			`"targets": [`
			`"services/monitoring/rbac.yaml"`
			`]`
			`},`
			`{`
			`"id": "KSV-0053",`
			`"targets": [`
			`"services/comms/comms-secrets-ensure-rbac.yaml",`
			`"services/comms/mas-db-ensure-rbac.yaml",`
			`"services/jenkins/serviceaccount.yaml",`
			`"services/maintenance/ariadne-rbac.yaml"`
			`]`
			`},`
			`{`
			`"id": "KSV-0056",`
			`"targets": [`
			`"infrastructure/cert-manager/cleanup/cert-manager-cleanup-rbac.yaml",`
			`"infrastructure/longhorn/adopt/longhorn-adopt-rbac.yaml",`
			`"services/jenkins/serviceaccount.yaml",`
			`"services/maintenance/disable-k3s-traefik-rbac.yaml",`
			`"services/maintenance/k3s-traefik-cleanup-rbac.yaml"`
			`]`
			`},`
			`{`
			`"id": "KSV-0114",`
			`"targets": [`
			`"infrastructure/cert-manager/cleanup/cert-manager-cleanup-rbac.yaml"`
			`]`
			`},`
			`{`
			`"id": "KSV-0118",`
			`"targets": [`
			`"infrastructure/cert-manager/cleanup/cert-manager-cleanup-job.yaml",`
			`"infrastructure/core/coredns-deployment.yaml",`
			`"infrastructure/core/ntp-sync-daemonset.yaml",`
			`"infrastructure/longhorn/adopt/longhorn-helm-adopt-job.yaml",`
			`"infrastructure/longhorn/core/longhorn-disk-tags-ensure-job.yaml",`
			`"infrastructure/longhorn/core/longhorn-settings-ensure-job.yaml",`
			`"infrastructure/longhorn/core/vault-sync-deployment.yaml",`
			`"infrastructure/longhorn/ui-ingress/oauth2-proxy-longhorn.yaml",`
			`"infrastructure/modules/profiles/components/device-plugin-jetson/daemonset.yaml",`
			`"infrastructure/modules/profiles/components/device-plugin-minipc/daemonset.yaml",`
			`"infrastructure/modules/profiles/components/device-plugin-tethys/daemonset.yaml",`
			`"infrastructure/postgres/statefulset.yaml",`
			`"infrastructure/vault-csi/vault-csi-provider.yaml",`
			`"services/ai-llm/deployment.yaml",`
			`"services/bstein-dev-home/backend-deployment.yaml",`
			`"services/bstein-dev-home/chat-ai-gateway-deployment.yaml",`
			`"services/bstein-dev-home/frontend-deployment.yaml",`
			`"services/bstein-dev-home/oneoffs/migrations/portal-migrate-job.yaml",`
			`"services/bstein-dev-home/oneoffs/portal-onboarding-e2e-test-job.yaml",`
			`"services/bstein-dev-home/vault-sync-deployment.yaml",`
			`"services/bstein-dev-home/vaultwarden-cred-sync-cronjob.yaml",`
			`"services/comms/atlasbot-deployment.yaml",`
			`"services/comms/coturn.yaml",`
			`"services/comms/element-call-deployment.yaml",`
			`"services/comms/guest-name-job.yaml",`
			`"services/comms/livekit-token-deployment.yaml",`
			`"services/comms/livekit.yaml",`
			`"services/comms/mas-deployment.yaml",`
			`"services/comms/oneoffs/bstein-force-leave-job.yaml",`
			`"services/comms/oneoffs/comms-secrets-ensure-job.yaml",`
			`"services/comms/oneoffs/mas-admin-client-secret-ensure-job.yaml",`
			`"services/comms/oneoffs/mas-db-ensure-job.yaml",`
			`"services/comms/oneoffs/mas-local-users-ensure-job.yaml",`
			`"services/comms/oneoffs/othrys-kick-numeric-job.yaml",`
			`"services/comms/oneoffs/synapse-admin-ensure-job.yaml",`
			`"services/comms/oneoffs/synapse-seeder-admin-ensure-job.yaml",`
			`"services/comms/oneoffs/synapse-signingkey-ensure-job.yaml",`
			`"services/comms/oneoffs/synapse-user-seed-job.yaml",`
			`"services/comms/pin-othrys-job.yaml",`
			`"services/comms/reset-othrys-room-job.yaml",`
			`"services/comms/seed-othrys-room.yaml",`
			`"services/comms/vault-sync-deployment.yaml",`
			`"services/comms/wellknown.yaml",`
			`"services/crypto/monerod/deployment.yaml",`
			`"services/crypto/wallet-monero-temp/deployment.yaml",`
			`"services/crypto/xmr-miner/deployment.yaml",`
			`"services/crypto/xmr-miner/vault-sync-deployment.yaml",`
			`"services/crypto/xmr-miner/xmrig-daemonset.yaml",`
			`"services/finance/firefly-cronjob.yaml",`
			`"services/finance/firefly-deployment.yaml",`
			`"services/finance/firefly-user-sync-cronjob.yaml",`
			`"services/finance/oneoffs/finance-secrets-ensure-job.yaml",`
			`"services/gitea/deployment.yaml",`
			`"services/harbor/vault-sync-deployment.yaml",`
			`"services/health/wger-admin-ensure-cronjob.yaml",`
			`"services/health/wger-deployment.yaml",`
			`"services/health/wger-user-sync-cronjob.yaml",`
			`"services/jellyfin/loader.yaml",`
			`"services/jenkins/deployment.yaml",`
			`"services/jenkins/vault-sync-deployment.yaml",`
			`"services/keycloak/oneoffs/actual-oidc-secret-ensure-job.yaml",`
			`"services/keycloak/oneoffs/harbor-oidc-secret-ensure-job.yaml",`
			`"services/keycloak/oneoffs/ldap-federation-job.yaml",`
			`"services/keycloak/oneoffs/logs-oidc-secret-ensure-job.yaml",`
			`"services/keycloak/oneoffs/mas-secrets-ensure-job.yaml",`
			`"services/keycloak/oneoffs/metis-oidc-secret-ensure-job.yaml",`
			`"services/keycloak/oneoffs/metis-ssh-keys-secret-ensure-job.yaml",`
			`"services/keycloak/oneoffs/portal-admin-client-secret-ensure-job.yaml",`
			`"services/keycloak/oneoffs/portal-e2e-client-job.yaml",`
			`"services/keycloak/oneoffs/portal-e2e-execute-actions-email-test-job.yaml",`
			`"services/keycloak/oneoffs/portal-e2e-target-client-job.yaml",`
			`"services/keycloak/oneoffs/portal-e2e-token-exchange-permissions-job.yaml",`
			`"services/keycloak/oneoffs/portal-e2e-token-exchange-test-job.yaml",`
			`"services/keycloak/oneoffs/quality-oidc-secret-ensure-job.yaml",`
			`"services/keycloak/oneoffs/realm-settings-job.yaml",`
			`"services/keycloak/oneoffs/soteria-oidc-secret-ensure-job.yaml",`
			`"services/keycloak/oneoffs/synapse-oidc-secret-ensure-job.yaml",`
			`"services/keycloak/oneoffs/user-overrides-job.yaml",`
			`"services/keycloak/oneoffs/vault-oidc-secret-ensure-job.yaml",`
			`"services/keycloak/vault-sync-deployment.yaml",`
			`"services/logging/node-image-gc-rpi4-daemonset.yaml",`
			`"services/logging/node-image-prune-rpi5-daemonset.yaml",`
			`"services/logging/node-log-rotation-daemonset.yaml",`
			`"services/logging/oauth2-proxy.yaml",`
			`"services/logging/oneoffs/opensearch-dashboards-setup-job.yaml",`
			`"services/logging/oneoffs/opensearch-ism-job.yaml",`
			`"services/logging/oneoffs/opensearch-observability-setup-job.yaml",`
			`"services/logging/opensearch-prune-cronjob.yaml",`
			`"services/logging/vault-sync-deployment.yaml",`
			`"services/mailu/mailu-sync-cronjob.yaml",`
			`"services/mailu/mailu-sync-listener.yaml",`
			`"services/mailu/oneoffs/mailu-sync-job.yaml",`
			`"services/mailu/vault-sync-deployment.yaml",`
			`"services/mailu/vip-controller.yaml",`
			`"services/maintenance/ariadne-deployment.yaml",`
			`"services/maintenance/disable-k3s-traefik-daemonset.yaml",`
			`"services/maintenance/image-sweeper-cronjob.yaml",`
			`"services/maintenance/k3s-agent-restart-daemonset.yaml",`
			`"services/maintenance/metis-deployment.yaml",`
			`"services/maintenance/metis-k3s-token-sync-cronjob.yaml",`
			`"services/maintenance/metis-sentinel-amd64-daemonset.yaml",`
			`"services/maintenance/metis-sentinel-arm64-daemonset.yaml",`
			`"services/maintenance/node-image-sweeper-daemonset.yaml",`
			`"services/maintenance/node-nofile-daemonset.yaml",`
			`"services/maintenance/oauth2-proxy-metis.yaml",`
			`"services/maintenance/oauth2-proxy-soteria.yaml",`
			`"services/maintenance/oneoffs/ariadne-migrate-job.yaml",`
			`"services/maintenance/oneoffs/k3s-traefik-cleanup-job.yaml",`
			`"services/maintenance/oneoffs/titan-24-rootfs-sweep-job.yaml",`
			`"services/maintenance/pod-cleaner-cronjob.yaml",`
			`"services/maintenance/soteria-deployment.yaml",`
			`"services/maintenance/vault-sync-deployment.yaml",`
			`"services/monitoring/dcgm-exporter.yaml",`
			`"services/monitoring/jetson-tegrastats-exporter.yaml",`
			`"services/monitoring/oneoffs/grafana-org-bootstrap.yaml",`
			`"services/monitoring/oneoffs/grafana-user-dedupe-job.yaml",`
			`"services/monitoring/platform-quality-gateway-deployment.yaml",`
			`"services/monitoring/platform-quality-suite-probe-cronjob.yaml",`
			`"services/monitoring/postmark-exporter-deployment.yaml",`
			`"services/monitoring/vault-sync-deployment.yaml",`
			`"services/nextcloud/collabora.yaml",`
			`"services/oauth2-proxy/deployment.yaml",`
			`"services/openldap/statefulset.yaml",`
			`"services/outline/deployment.yaml",`
			`"services/outline/redis-deployment.yaml",`
			`"services/pegasus/vault-sync-deployment.yaml",`
			`"services/quality/oauth2-proxy-sonarqube.yaml",`
			`"services/quality/sonarqube-deployment.yaml",`
			`"services/quality/sonarqube-exporter-deployment.yaml",`
			`"services/sui-metrics/base/deployment.yaml",`
			`"services/sui-metrics/overlays/atlas/patch-node-selector.yaml",`
			`"services/typhon/deployment.yaml",`
			`"services/typhon/vault-sync-deployment.yaml",`
			`"services/vault/k8s-auth-config-cronjob.yaml",`
			`"services/vault/oidc-config-cronjob.yaml",`
			`"services/vaultwarden/deployment.yaml"`
			`]`
			`},`
			`{`
			`"id": "KSV-0121",`
			`"targets": [`
			`"services/logging/node-image-gc-rpi4-daemonset.yaml",`
			`"services/logging/node-image-prune-rpi5-daemonset.yaml",`
			`"services/logging/node-log-rotation-daemonset.yaml",`
			`"services/maintenance/disable-k3s-traefik-daemonset.yaml",`
			`"services/maintenance/image-sweeper-cronjob.yaml",`
			`"services/maintenance/metis-deployment.yaml",`
			`"services/maintenance/node-image-sweeper-daemonset.yaml",`
			`"services/maintenance/node-nofile-daemonset.yaml",`
			`"services/maintenance/oneoffs/titan-24-rootfs-sweep-job.yaml"`
			`]`
			`}`
			`]`
			`}`