DBP-1011-add-workflows-for-chart #2
Annotations
1 error and 10 warnings
|
Scan with kics
KICS scan failed with exit code 50
|
|
Scan with kics:
status/templates/deployment.yaml#L34
Containers should not run with allowPrivilegeEscalation in order to prevent them from gaining more privileges than their parent process
|
|
Scan with kics:
status/templates/deployment.yaml#L34
Check if containers are running with low UID, which might cause conflicts with the host's user table.
|
|
Scan with kics:
status/templates/deployment.yaml#L34
Containers should drop 'ALL' or at least 'NET_RAW' capabilities
|
|
Scan with kics:
status/templates/deployment.yaml#L34
Containers should be configured with a secure Seccomp profile to restrict potentially dangerous syscalls
|
|
Scan with kics:
status/templates/deployment.yaml#L26
Service Account Tokens are automatically mounted even if not necessary
|
|
Scan with kics:
status/templates/service.yaml#L3
Namespaces like 'default', 'kube-system' or 'kube-public' should not be used
|
|
Scan with kics:
status/templates/configmap.yaml#L4
Namespaces like 'default', 'kube-system' or 'kube-public' should not be used
|
|
Scan with kics:
status/templates/configmap-files.yaml#L4
Namespaces like 'default', 'kube-system' or 'kube-public' should not be used
|
|
Scan with kics:
status/templates/secret.yaml#L5
Namespaces like 'default', 'kube-system' or 'kube-public' should not be used
|
|
Scan with kics:
status/templates/deployment.yaml#L112
Containers can mount sensitive folders from the hosts, giving them potentially dangerous access to critical host configurations and binaries.
|
Loading