From edc9e4b527250edf861c41ef6bf011b19ad28ec7 Mon Sep 17 00:00:00 2001
From: Thomas Stromberg <t+github@chainguard.dev>
Date: Fri, 13 Jan 2023 13:54:28 -0500
Subject: [PATCH] Exclude _darwin_x paths in home

---
 detection/execution/unexpected-gatekeeper-approvals-macos.sql | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/detection/execution/unexpected-gatekeeper-approvals-macos.sql b/detection/execution/unexpected-gatekeeper-approvals-macos.sql
index 029dd8f..9d5112a 100644
--- a/detection/execution/unexpected-gatekeeper-approvals-macos.sql
+++ b/detection/execution/unexpected-gatekeeper-approvals-macos.sql
@@ -31,6 +31,8 @@ WHERE
   AND gap.path NOT LIKE '/usr/local/bin/%'
   AND gap.path NOT LIKE '/Users/%/%-darwin-amd64'
   AND gap.path NOT LIKE '/Users/%/%-darwin-arm64'
+  AND gap.path NOT LIKE '/Users/%/%_darwin_amd64'
+  AND gap.path NOT LIKE '/Users/%/%_darwin_arm64'
   AND gap.path NOT LIKE '/Users/%/configure'
   AND gap.path NOT LIKE '/Users/%/trivy'
 GROUP BY