Skip to content

Commit

Permalink
Fix kics finding: Remove free option for securityContext
Browse files Browse the repository at this point in the history
  • Loading branch information
@YannickEvers
YannickEvers committed Oct 18, 2024
1 parent 8ba8097 commit 2f08381
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 8 deletions.
2 changes: 1 addition & 1 deletion status/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ spec:
containers:

Check warning on line 34 in status/templates/deployment.yaml

View workflow job for this annotation

GitHub Actions / scan / Kics Helm Chart Scan

[HIGH] Privilege Escalation Allowed 

Containers should not run with allowPrivilegeEscalation in order to prevent them from gaining more privileges than their parent process

Check warning on line 34 in status/templates/deployment.yaml

View workflow job for this annotation

GitHub Actions / scan / Kics Helm Chart Scan

[MEDIUM] Container Running With Low UID 

Check if containers are running with low UID, which might cause conflicts with the host's user table.

Check warning on line 34 in status/templates/deployment.yaml

View workflow job for this annotation

GitHub Actions / scan / Kics Helm Chart Scan

[MEDIUM] NET_RAW Capabilities Not Being Dropped 

Containers should drop 'ALL' or at least 'NET_RAW' capabilities

Check warning on line 34 in status/templates/deployment.yaml

View workflow job for this annotation

GitHub Actions / scan / Kics Helm Chart Scan

[MEDIUM] Seccomp Profile Is Not Configured 

Containers should be configured with a secure Seccomp profile to restrict potentially dangerous syscalls

Check warning on line 34 in status/templates/deployment.yaml

View workflow job for this annotation

GitHub Actions / scan / Kics Helm Chart Scan

[HIGH] Privilege Escalation Allowed 

Containers should not run with allowPrivilegeEscalation in order to prevent them from gaining more privileges than their parent process

Check warning on line 34 in status/templates/deployment.yaml

View workflow job for this annotation

GitHub Actions / scan / Kics Helm Chart Scan

[MEDIUM] Container Running With Low UID 

Check if containers are running with low UID, which might cause conflicts with the host's user table.

Check warning on line 34 in status/templates/deployment.yaml

View workflow job for this annotation

GitHub Actions / scan / Kics Helm Chart Scan

[MEDIUM] NET_RAW Capabilities Not Being Dropped 

Containers should drop 'ALL' or at least 'NET_RAW' capabilities

Check warning on line 34 in status/templates/deployment.yaml

View workflow job for this annotation

GitHub Actions / scan / Kics Helm Chart Scan

[MEDIUM] Seccomp Profile Is Not Configured 

Containers should be configured with a secure Seccomp profile to restrict potentially dangerous syscalls
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
runAsUser: {{ .Values.runAsUser }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
lifecycle:
Expand Down
8 changes: 1 addition & 7 deletions status/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,13 +26,7 @@ podAnnotations: {}
podSecurityContext: {}
# fsGroup: 2000
# -- Settings for security context of the container
securityContext:
runAsUser: 1001
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
runAsUser: 1001
service:
# -- Kubernetes Service type
type: ClusterIP
Expand Down

0 comments on commit 2f08381

Please sign in to comment.