Release Image and Helm Chart

SPSH-983 Send attributes to keycloak (#624) #16

Sign in to view logs

Triggered via push August 29, 2024 09:32

aimee-889

0.0.10

Status Success

Total duration 13m 54s

Artifacts 1

create-release.yml

on: push

scan_helm / Kics Helm Chart Scan

CodeQL / Analyze CodeQL

Linting / Nest Lint

Tests and Sonarcloud / Tests and Sonarcloud

release_helm / release

Publish image and scan with trivy / Publish image

Publish image and scan with trivy / pre_scan

Publish image and scan with trivy / ... / Trivy Scan

Annotations

11 warnings

[MEDIUM] Container Running As Root: charts/dbildungs-iam-server/templates/redis-deployment.yaml#L22

Containers should only run as non-root user. This limits the exploitability of security misconfigurations and restricts an attacker's possibilities in case of compromise

[MEDIUM] Container Running With Low UID: charts/dbildungs-iam-server/templates/backend-deployment.yaml#L22

Check if containers are running with low UID, which might cause conflicts with the host's user table.

[MEDIUM] Container Running With Low UID: charts/dbildungs-iam-server/templates/backend-deployment.yaml#L53

Check if containers are running with low UID, which might cause conflicts with the host's user table.

[MEDIUM] Container Running With Low UID: charts/dbildungs-iam-server/templates/backend-deployment.yaml#L22

Check if containers are running with low UID, which might cause conflicts with the host's user table.

[MEDIUM] Container Running With Low UID: charts/dbildungs-iam-server/templates/redis-deployment.yaml#L34

Check if containers are running with low UID, which might cause conflicts with the host's user table.

[MEDIUM] Container Running With Low UID: charts/dbildungs-iam-server/templates/redis-deployment.yaml#L38

Check if containers are running with low UID, which might cause conflicts with the host's user table.

[MEDIUM] NET_RAW Capabilities Not Being Dropped: charts/dbildungs-iam-server/templates/redis-deployment.yaml#L22

Containers should drop 'ALL' or at least 'NET_RAW' capabilities

[MEDIUM] Seccomp Profile Is Not Configured: charts/dbildungs-iam-server/templates/redis-deployment.yaml#L38

Containers should be configured with a secure Seccomp profile to restrict potentially dangerous syscalls

[MEDIUM] Service Account Token Automount Not Disabled: charts/dbildungs-iam-server/templates/redis-deployment.yaml#L20

Service Account Tokens are automatically mounted even if not necessary

[LOW] Container Requests Not Equal To It's Limits: charts/dbildungs-iam-server/templates/backend-deployment.yaml#L22

Containers must have the same resource requests set as limits. This is recommended to avoid resource DDoS of the node during spikes and means that 'requests.memory' and 'requests.cpu' must equal 'limits.memory' and 'limits.cpu', respectively

release_helm / release

The following actions use a deprecated Node.js version and will be forced to run on node20: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/

Artifacts

Produced during runtime

Name	Size
test-artifacts Expired	1.23 MB