Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added a new section to the deployments docs #1462

Open
wants to merge 2 commits into
base: main
Choose a base branch
from

Merge branch 'main' into docs-contribution-deanonymization-best-pract…

9ca1f77
Select commit
Loading
Failed to load commit list.
Open

Added a new section to the deployments docs #1462

Merge branch 'main' into docs-contribution-deanonymization-best-pract…
9ca1f77
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / checkov failed Oct 9, 2024 in 6s

88 new alerts including 18 errors

New alerts in code changed by this pull request

  • 18 errors
  • 70 notes

See annotations below for details.

View all branch alerts.

Annotations

Check failure on line 22 in docs/samples/deployments/openai-anonymaztion-and-deanonymaztion-best-practices/.github/workflows/build_and_push_api.yml

See this annotation in the file changed.

Code scanning / checkov

Ensure top-level permissions are not set to write-all Error documentation

Ensure top-level permissions are not set to write-all

Check failure on line 22 in docs/samples/deployments/openai-anonymaztion-and-deanonymaztion-best-practices/.github/workflows/build_and_push_client.yml

See this annotation in the file changed.

Code scanning / checkov

Ensure top-level permissions are not set to write-all Error documentation

Ensure top-level permissions are not set to write-all

Check notice on line 8 in docs/samples/deployments/openai-anonymaztion-and-deanonymaztion-best-practices/deployments/api/configmap.yaml

See this annotation in the file changed.

Code scanning / checkov

The default namespace should not be used Note documentation

The default namespace should not be used

Check failure on line 30 in docs/samples/deployments/openai-anonymaztion-and-deanonymaztion-best-practices/deployments/api/deployment.yaml

See this annotation in the file changed.

Code scanning / checkov

Containers should not run with allowPrivilegeEscalation Error documentation

Containers should not run with allowPrivilegeEscalation

Check notice on line 30 in docs/samples/deployments/openai-anonymaztion-and-deanonymaztion-best-practices/deployments/api/deployment.yaml

See this annotation in the file changed.

Code scanning / checkov

Apply security context to your containers Note documentation

Apply security context to your containers

Check notice on line 30 in docs/samples/deployments/openai-anonymaztion-and-deanonymaztion-best-practices/deployments/api/deployment.yaml

See this annotation in the file changed.

Code scanning / checkov

CPU limits should be set Note documentation

CPU limits should be set

Check notice on line 30 in docs/samples/deployments/openai-anonymaztion-and-deanonymaztion-best-practices/deployments/api/deployment.yaml

See this annotation in the file changed.

Code scanning / checkov

CPU requests should be set Note documentation

CPU requests should be set

Check notice on line 30 in docs/samples/deployments/openai-anonymaztion-and-deanonymaztion-best-practices/deployments/api/deployment.yaml

See this annotation in the file changed.

Code scanning / checkov

The default namespace should not be used Note documentation

The default namespace should not be used

Check notice on line 30 in docs/samples/deployments/openai-anonymaztion-and-deanonymaztion-best-practices/deployments/api/deployment.yaml

See this annotation in the file changed.

Code scanning / checkov

Minimize the admission of containers with the NET_RAW capability Note documentation

Minimize the admission of containers with the NET_RAW capability

Check notice on line 30 in docs/samples/deployments/openai-anonymaztion-and-deanonymaztion-best-practices/deployments/api/deployment.yaml

See this annotation in the file changed.

Code scanning / checkov

Image should use digest Note documentation

Image should use digest

Check notice on line 30 in docs/samples/deployments/openai-anonymaztion-and-deanonymaztion-best-practices/deployments/api/deployment.yaml

See this annotation in the file changed.

Code scanning / checkov

Image Tag should be fixed - not latest or blank Note documentation

Image Tag should be fixed - not latest or blank

Check notice on line 30 in docs/samples/deployments/openai-anonymaztion-and-deanonymaztion-best-practices/deployments/api/deployment.yaml

See this annotation in the file changed.

Code scanning / checkov

Liveness Probe Should be Configured Note documentation

Liveness Probe Should be Configured

Check notice on line 30 in docs/samples/deployments/openai-anonymaztion-and-deanonymaztion-best-practices/deployments/api/deployment.yaml

See this annotation in the file changed.

Code scanning / checkov

Memory limits should be set Note documentation

Memory limits should be set

Check notice on line 30 in docs/samples/deployments/openai-anonymaztion-and-deanonymaztion-best-practices/deployments/api/deployment.yaml

See this annotation in the file changed.

Code scanning / checkov

Memory requests should be set Note documentation

Memory requests should be set

Check notice on line 30 in docs/samples/deployments/openai-anonymaztion-and-deanonymaztion-best-practices/deployments/api/deployment.yaml

See this annotation in the file changed.

Code scanning / checkov

Minimize the admission of containers with capabilities assigned Note documentation

Minimize the admission of containers with capabilities assigned

Check notice on line 30 in docs/samples/deployments/openai-anonymaztion-and-deanonymaztion-best-practices/deployments/api/deployment.yaml

See this annotation in the file changed.

Code scanning / checkov

Apply security context to your pods and containers Note documentation

Apply security context to your pods and containers

Check notice on line 30 in docs/samples/deployments/openai-anonymaztion-and-deanonymaztion-best-practices/deployments/api/deployment.yaml

See this annotation in the file changed.

Code scanning / checkov

Readiness Probe Should be Configured Note documentation

Readiness Probe Should be Configured

Check notice on line 30 in docs/samples/deployments/openai-anonymaztion-and-deanonymaztion-best-practices/deployments/api/deployment.yaml

See this annotation in the file changed.

Code scanning / checkov

Use read-only filesystem for containers where possible Note documentation

Use read-only filesystem for containers where possible

Check failure on line 30 in docs/samples/deployments/openai-anonymaztion-and-deanonymaztion-best-practices/deployments/api/deployment.yaml

See this annotation in the file changed.

Code scanning / checkov

Minimize the admission of root containers Error documentation

Minimize the admission of root containers

Check notice on line 30 in docs/samples/deployments/openai-anonymaztion-and-deanonymaztion-best-practices/deployments/api/deployment.yaml

See this annotation in the file changed.

Code scanning / checkov

Containers should run as a high UID to avoid host conflict Note documentation

Containers should run as a high UID to avoid host conflict

Check notice on line 30 in docs/samples/deployments/openai-anonymaztion-and-deanonymaztion-best-practices/deployments/api/deployment.yaml

See this annotation in the file changed.

Code scanning / checkov

Ensure that the seccomp profile is set to docker/default or runtime/default Note documentation

Ensure that the seccomp profile is set to docker/default or runtime/default

Check notice on line 30 in docs/samples/deployments/openai-anonymaztion-and-deanonymaztion-best-practices/deployments/api/deployment.yaml

See this annotation in the file changed.

Code scanning / checkov

Prefer using secrets as files over secrets as environment variables Note documentation

Prefer using secrets as files over secrets as environment variables

Check notice on line 30 in docs/samples/deployments/openai-anonymaztion-and-deanonymaztion-best-practices/deployments/api/deployment.yaml

See this annotation in the file changed.

Code scanning / checkov

Ensure that Service Account Tokens are only mounted where necessary Note documentation

Ensure that Service Account Tokens are only mounted where necessary

Check failure on line 30 in docs/samples/deployments/openai-anonymaztion-and-deanonymaztion-best-practices/deployments/api/deployment.yaml

See this annotation in the file changed.

Code scanning / checkov

Minimize the admission of pods which lack an associated NetworkPolicy Error documentation

Minimize the admission of pods which lack an associated NetworkPolicy

Check notice on line 12 in docs/samples/deployments/openai-anonymaztion-and-deanonymaztion-best-practices/deployments/api/service.yaml

See this annotation in the file changed.

Code scanning / checkov

The default namespace should not be used Note documentation

The default namespace should not be used