Skip to content

DBP-1011-add-workflows-for-chart #3

DBP-1011-add-workflows-for-chart

DBP-1011-add-workflows-for-chart #3

Triggered via pull request October 18, 2024 08:08
Status Failure
Total duration 41s
Artifacts

check-helm-kics-on-pr.yaml

on: pull_request
scan  /  Kics Helm Chart Scan
29s
scan / Kics Helm Chart Scan
Fit to window
Zoom out
Zoom in

Annotations

1 error and 10 warnings
scan / Kics Helm Chart Scan
KICS scan failed with exit code 50
[HIGH] Privilege Escalation Allowed: status/templates/deployment.yaml#L34
Containers should not run with allowPrivilegeEscalation in order to prevent them from gaining more privileges than their parent process
[MEDIUM] Container Running With Low UID: status/templates/deployment.yaml#L34
Check if containers are running with low UID, which might cause conflicts with the host's user table.
[MEDIUM] NET_RAW Capabilities Not Being Dropped: status/templates/deployment.yaml#L34
Containers should drop 'ALL' or at least 'NET_RAW' capabilities
[MEDIUM] Seccomp Profile Is Not Configured: status/templates/deployment.yaml#L34
Containers should be configured with a secure Seccomp profile to restrict potentially dangerous syscalls
[MEDIUM] Service Account Token Automount Not Disabled: status/templates/deployment.yaml#L26
Service Account Tokens are automatically mounted even if not necessary
[MEDIUM] Using Unrecommended Namespace: status/templates/service.yaml#L3
Namespaces like 'default', 'kube-system' or 'kube-public' should not be used
[MEDIUM] Using Unrecommended Namespace: status/templates/configmap.yaml#L4
Namespaces like 'default', 'kube-system' or 'kube-public' should not be used
[MEDIUM] Using Unrecommended Namespace: status/templates/secret.yaml#L5
Namespaces like 'default', 'kube-system' or 'kube-public' should not be used
[MEDIUM] Using Unrecommended Namespace: status/templates/configmap-files.yaml#L4
Namespaces like 'default', 'kube-system' or 'kube-public' should not be used
[MEDIUM] Volume Mount With OS Directory Write Permissions: status/templates/deployment.yaml#L112
Containers can mount sensitive folders from the hosts, giving them potentially dangerous access to critical host configurations and binaries.