Skip to content
Release Status Chart on branch

Explicitly setting allowPrivilegeEscalation false #4

Sign in to view logs

Explicitly setting allowPrivilegeEscalation false

Explicitly setting allowPrivilegeEscalation false #4

Triggered via push October 18, 2024 08:24
@YannickEversYannickEvers
pushed 0e7e59e
DBP-1011-add-workflows-for-chart
Status Success
Total duration 57s
Artifacts

helm-chart-release-on-push-status.yaml

on: push
scan  /  Kics Helm Chart Scan
25s
scan / Kics Helm Chart Scan
release_helm  /  release
45s
release_helm / release
Fit to window
Zoom out
Zoom in

Annotations

11 warnings
[MEDIUM] Container Running With Low UID: status/templates/deployment.yaml#L34
Check if containers are running with low UID, which might cause conflicts with the host's user table.
[MEDIUM] NET_RAW Capabilities Not Being Dropped: status/templates/deployment.yaml#L34
Containers should drop 'ALL' or at least 'NET_RAW' capabilities
[MEDIUM] Seccomp Profile Is Not Configured: status/templates/deployment.yaml#L34
Containers should be configured with a secure Seccomp profile to restrict potentially dangerous syscalls
[MEDIUM] Service Account Token Automount Not Disabled: status/templates/deployment.yaml#L26
Service Account Tokens are automatically mounted even if not necessary
[MEDIUM] Using Unrecommended Namespace: status/templates/configmap.yaml#L4
Namespaces like 'default', 'kube-system' or 'kube-public' should not be used
[MEDIUM] Using Unrecommended Namespace: status/templates/secret.yaml#L5
Namespaces like 'default', 'kube-system' or 'kube-public' should not be used
[MEDIUM] Using Unrecommended Namespace: status/templates/configmap-files.yaml#L4
Namespaces like 'default', 'kube-system' or 'kube-public' should not be used
[MEDIUM] Using Unrecommended Namespace: status/templates/service.yaml#L3
Namespaces like 'default', 'kube-system' or 'kube-public' should not be used
[MEDIUM] Volume Mount With OS Directory Write Permissions: status/templates/deployment.yaml#L113
Containers can mount sensitive folders from the hosts, giving them potentially dangerous access to critical host configurations and binaries.
[LOW] Container Requests Not Equal To It's Limits: status/templates/deployment.yaml#L96
Containers must have the same resource requests set as limits. This is recommended to avoid resource DDoS of the node during spikes and means that 'requests.memory' and 'requests.cpu' must equal 'limits.memory' and 'limits.cpu', respectively
release_helm / release
The following actions use a deprecated Node.js version and will be forced to run on node20: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/