Skip to content
Release Status Chart on branch

Fix kics finding: Remove free option for securityContext #3

Sign in to view logs

Fix kics finding: Remove free option for securityContext

Fix kics finding: Remove free option for securityContext #3

Triggered via push October 18, 2024 08:08
@YannickEversYannickEvers
pushed 2f08381
DBP-1011-add-workflows-for-chart
Status Failure
Total duration 53s
Artifacts

helm-chart-release-on-push-status.yaml

on: push
scan  /  Kics Helm Chart Scan
25s
scan / Kics Helm Chart Scan
release_helm  /  release
42s
release_helm / release
Fit to window
Zoom out
Zoom in

Annotations

1 error and 11 warnings
scan / Kics Helm Chart Scan
KICS scan failed with exit code 50
[HIGH] Privilege Escalation Allowed: status/templates/deployment.yaml#L34
Containers should not run with allowPrivilegeEscalation in order to prevent them from gaining more privileges than their parent process
[MEDIUM] Container Running With Low UID: status/templates/deployment.yaml#L34
Check if containers are running with low UID, which might cause conflicts with the host's user table.
[MEDIUM] NET_RAW Capabilities Not Being Dropped: status/templates/deployment.yaml#L34
Containers should drop 'ALL' or at least 'NET_RAW' capabilities
[MEDIUM] Seccomp Profile Is Not Configured: status/templates/deployment.yaml#L34
Containers should be configured with a secure Seccomp profile to restrict potentially dangerous syscalls
[MEDIUM] Service Account Token Automount Not Disabled: status/templates/deployment.yaml#L26
Service Account Tokens are automatically mounted even if not necessary
[MEDIUM] Using Unrecommended Namespace: status/templates/configmap.yaml#L4
Namespaces like 'default', 'kube-system' or 'kube-public' should not be used
[MEDIUM] Using Unrecommended Namespace: status/templates/service.yaml#L3
Namespaces like 'default', 'kube-system' or 'kube-public' should not be used
[MEDIUM] Using Unrecommended Namespace: status/templates/configmap-files.yaml#L4
Namespaces like 'default', 'kube-system' or 'kube-public' should not be used
[MEDIUM] Using Unrecommended Namespace: status/templates/secret.yaml#L5
Namespaces like 'default', 'kube-system' or 'kube-public' should not be used
[MEDIUM] Volume Mount With OS Directory Write Permissions: status/templates/deployment.yaml#L112
Containers can mount sensitive folders from the hosts, giving them potentially dangerous access to critical host configurations and binaries.
release_helm / release
The following actions use a deprecated Node.js version and will be forced to run on node20: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/