KICS #28
Phil91Annotations
1 error and 14 warnings
|
Analyze
Advanced Security must be enabled for this repository to use code scanning.
|
|
Analyze
Advanced Security must be enabled for this repository to use code scanning.
|
|
Analyze
This run of the CodeQL Action does not have permission to access Code Scanning API endpoints. As a result, it will not be opted into any experimental features. This could be because the Action is running on a pull request from a fork. If not, please ensure the Action has the 'security-events: write' permission. Details: Advanced Security must be enabled for this repository to use code scanning.
|
|
Analyze
Advanced Security must be enabled for this repository to use code scanning.
|
|
Analyze
Advanced Security must be enabled for this repository to use code scanning.
|
|
[MEDIUM] Container Running With Low UID:
charts/dim/templates/cronjob-processes.yaml#L37
Check if containers are running with low UID, which might cause conflicts with the host's user table.
|
|
[MEDIUM] Container Running With Low UID:
charts/dim/templates/deployment.yaml#L39
Check if containers are running with low UID, which might cause conflicts with the host's user table.
|
|
[MEDIUM] Seccomp Profile Is Not Configured:
charts/dim/templates/cronjob-processes.yaml#L37
Containers should be configured with a secure Seccomp profile to restrict potentially dangerous syscalls
|
|
[MEDIUM] Seccomp Profile Is Not Configured:
charts/dim/templates/deployment.yaml#L39
Containers should be configured with a secure Seccomp profile to restrict potentially dangerous syscalls
|
|
[MEDIUM] Service Account Token Automount Not Disabled:
charts/dim/templates/deployment.yaml#L38
Service Account Tokens are automatically mounted even if not necessary
|
|
[MEDIUM] Service Account Token Automount Not Disabled:
charts/dim/templates/cronjob-processes.yaml#L35
Service Account Tokens are automatically mounted even if not necessary
|
|
[LOW] CronJob Deadline Not Configured:
charts/dim/templates/cronjob-processes.yaml#L20
Cronjobs must have a configured deadline, which means the attribute 'startingDeadlineSeconds' must be defined
|
|
[LOW] Deployment Without PodDisruptionBudget:
charts/dim/templates/deployment.yaml#L32
Deployments should be assigned with a PodDisruptionBudget to ensure high availability
|
|
[LOW] Image Pull Policy Of The Container Is Not Set To Always:
charts/dim/templates/cronjob-processes.yaml#L37
Image Pull Policy of the container must be defined and set to Always
|
|
[LOW] Image Pull Policy Of The Container Is Not Set To Always:
charts/dim/templates/deployment.yaml#L39
Image Pull Policy of the container must be defined and set to Always
|