The following actions use a deprecated Node.js version and will be forced to run on node20: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/

Containers should only run as non-root user. This limits the exploitability of security misconfigurations and restricts an attacker's possibilities in case of compromise

Containers should only run as non-root user. This limits the exploitability of security misconfigurations and restricts an attacker's possibilities in case of compromise

Check if containers are running with low UID, which might cause conflicts with the host's user table.

Check if containers are running with low UID, which might cause conflicts with the host's user table.

Containers should drop 'ALL' or at least 'NET_RAW' capabilities

Containers should drop 'ALL' or at least 'NET_RAW' capabilities

Containers should be configured with a secure Seccomp profile to restrict potentially dangerous syscalls

Containers should be configured with a secure Seccomp profile to restrict potentially dangerous syscalls

Containers must have the same resource requests set as limits. This is recommended to avoid resource DDoS of the node during spikes and means that 'requests.memory' and 'requests.cpu' must equal 'limits.memory' and 'limits.cpu', respectively