debug 04 #99
MWesterholzscan-helm-on-push.yml
on: push
scan_helm
/
Kics Helm Chart Scan
25s
Annotations
11 warnings
|
scan_helm / Kics Helm Chart Scan
The following actions use a deprecated Node.js version and will be forced to run on node20: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/
|
|
[MEDIUM] Container Running As Root:
charts/schulportal-load-tests/templates/cronjob.yaml#L56
Containers should only run as non-root user. This limits the exploitability of security misconfigurations and restricts an attacker's possibilities in case of compromise
|
|
[MEDIUM] Container Running As Root:
charts/schulportal-load-tests/templates/cronjob.yaml#L56
Containers should only run as non-root user. This limits the exploitability of security misconfigurations and restricts an attacker's possibilities in case of compromise
|
|
[MEDIUM] Container Running With Low UID:
charts/schulportal-load-tests/templates/cronjob.yaml#L56
Check if containers are running with low UID, which might cause conflicts with the host's user table.
|
|
[MEDIUM] Container Running With Low UID:
charts/schulportal-load-tests/templates/cronjob.yaml#L56
Check if containers are running with low UID, which might cause conflicts with the host's user table.
|
|
[MEDIUM] NET_RAW Capabilities Not Being Dropped:
charts/schulportal-load-tests/templates/cronjob.yaml#L56
Containers should drop 'ALL' or at least 'NET_RAW' capabilities
|
|
[MEDIUM] NET_RAW Capabilities Not Being Dropped:
charts/schulportal-load-tests/templates/cronjob.yaml#L56
Containers should drop 'ALL' or at least 'NET_RAW' capabilities
|
|
[MEDIUM] Seccomp Profile Is Not Configured:
charts/schulportal-load-tests/templates/cronjob.yaml#L56
Containers should be configured with a secure Seccomp profile to restrict potentially dangerous syscalls
|
|
[MEDIUM] Seccomp Profile Is Not Configured:
charts/schulportal-load-tests/templates/cronjob.yaml#L56
Containers should be configured with a secure Seccomp profile to restrict potentially dangerous syscalls
|
|
[LOW] Container Requests Not Equal To It's Limits:
charts/schulportal-load-tests/templates/cronjob.yaml#L57
Containers must have the same resource requests set as limits. This is recommended to avoid resource DDoS of the node during spikes and means that 'requests.memory' and 'requests.cpu' must equal 'limits.memory' and 'limits.cpu', respectively
|
|
[LOW] Container Requests Not Equal To It's Limits:
charts/schulportal-load-tests/templates/cronjob.yaml#L57
Containers must have the same resource requests set as limits. This is recommended to avoid resource DDoS of the node during spikes and means that 'requests.memory' and 'requests.cpu' must equal 'limits.memory' and 'limits.cpu', respectively
|