Dbp 714 change dev pipeline postgres user from spshdeveloper to name … #7
simoncolincapcreate-release.yml
on: push
scan_helm
/
Kics Helm Chart Scan
34s
CodeQL
/
Analyze CodeQL
2m 7s
Linting
/
Nest Lint
1m 36s
Tests and Sonarcloud
/
Tests and Sonarcloud
6m 39s
release_helm
/
release
13s
Publish image and scan with trivy
/
build_and_upload_image
Publish image and scan with trivy
/
...
/
Trivy Scan
Annotations
1 error and 11 warnings
|
Tests and Sonarcloud / Tests and Sonarcloud
Process completed with exit code 1.
|
|
[MEDIUM] Container Running As Root:
charts/dbildungs-iam-server/templates/redis-deployment.yaml#L22
Containers should only run as non-root user. This limits the exploitability of security misconfigurations and restricts an attacker's possibilities in case of compromise
|
|
[MEDIUM] Container Running With Low UID:
charts/dbildungs-iam-server/templates/backend-deployment.yaml#L23
Check if containers are running with low UID, which might cause conflicts with the host's user table.
|
|
[MEDIUM] Container Running With Low UID:
charts/dbildungs-iam-server/templates/redis-deployment.yaml#L38
Check if containers are running with low UID, which might cause conflicts with the host's user table.
|
|
[MEDIUM] Container Running With Low UID:
charts/dbildungs-iam-server/templates/backend-deployment.yaml#L23
Check if containers are running with low UID, which might cause conflicts with the host's user table.
|
|
[MEDIUM] Container Running With Low UID:
charts/dbildungs-iam-server/templates/redis-deployment.yaml#L34
Check if containers are running with low UID, which might cause conflicts with the host's user table.
|
|
[MEDIUM] Container Running With Low UID:
charts/dbildungs-iam-server/templates/backend-deployment.yaml#L59
Check if containers are running with low UID, which might cause conflicts with the host's user table.
|
|
[MEDIUM] NET_RAW Capabilities Not Being Dropped:
charts/dbildungs-iam-server/templates/redis-deployment.yaml#L22
Containers should drop 'ALL' or at least 'NET_RAW' capabilities
|
|
[MEDIUM] Seccomp Profile Is Not Configured:
charts/dbildungs-iam-server/templates/redis-deployment.yaml#L38
Containers should be configured with a secure Seccomp profile to restrict potentially dangerous syscalls
|
|
[MEDIUM] Service Account Token Automount Not Disabled:
charts/dbildungs-iam-server/templates/redis-deployment.yaml#L20
Service Account Tokens are automatically mounted even if not necessary
|
|
[LOW] Container Requests Not Equal To It's Limits:
charts/dbildungs-iam-server/templates/redis-deployment.yaml#L53
Containers must have the same resource requests set as limits. This is recommended to avoid resource DDoS of the node during spikes and means that 'requests.memory' and 'requests.cpu' must equal 'limits.memory' and 'limits.cpu', respectively
|
|
release_helm / release
Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.
|