DBP-1011-fix-tag-pattern (#2) #3
YannickEvershelm-chart-release-on-tag.yaml
on: push
get_tag
4s
scan
/
Kics Helm Chart Scan
24s
release_helm
/
release
39s
Annotations
16 warnings
|
get_tag
The following actions uses node12 which is deprecated and will be forced to run on node16: olegtarasov/[email protected]. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
|
|
get_tag
The following actions use a deprecated Node.js version and will be forced to run on node20: olegtarasov/[email protected]. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/
|
|
get_tag
The `set-output` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
|
|
get_tag
The `set-output` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
|
|
get_tag
The `set-output` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
|
|
release_helm / release
The following actions use a deprecated Node.js version and will be forced to run on node20: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/
|
|
[MEDIUM] Container Running With Low UID:
status/templates/deployment.yaml#L34
Check if containers are running with low UID, which might cause conflicts with the host's user table.
|
|
[MEDIUM] NET_RAW Capabilities Not Being Dropped:
status/templates/deployment.yaml#L34
Containers should drop 'ALL' or at least 'NET_RAW' capabilities
|
|
[MEDIUM] Seccomp Profile Is Not Configured:
status/templates/deployment.yaml#L34
Containers should be configured with a secure Seccomp profile to restrict potentially dangerous syscalls
|
|
[MEDIUM] Service Account Token Automount Not Disabled:
status/templates/deployment.yaml#L26
Service Account Tokens are automatically mounted even if not necessary
|
|
[MEDIUM] Using Unrecommended Namespace:
status/templates/secret.yaml#L5
Namespaces like 'default', 'kube-system' or 'kube-public' should not be used
|
|
[MEDIUM] Using Unrecommended Namespace:
status/templates/configmap-files.yaml#L4
Namespaces like 'default', 'kube-system' or 'kube-public' should not be used
|
|
[MEDIUM] Using Unrecommended Namespace:
status/templates/configmap.yaml#L4
Namespaces like 'default', 'kube-system' or 'kube-public' should not be used
|
|
[MEDIUM] Using Unrecommended Namespace:
status/templates/service.yaml#L3
Namespaces like 'default', 'kube-system' or 'kube-public' should not be used
|
|
[MEDIUM] Volume Mount With OS Directory Write Permissions:
status/templates/deployment.yaml#L113
Containers can mount sensitive folders from the hosts, giving them potentially dangerous access to critical host configurations and binaries.
|
|
[LOW] Container Requests Not Equal To It's Limits:
status/templates/deployment.yaml#L96
Containers must have the same resource requests set as limits. This is recommended to avoid resource DDoS of the node during spikes and means that 'requests.memory' and 'requests.cpu' must equal 'limits.memory' and 'limits.cpu', respectively
|