add privacyIDEA OTP Plugin to steupupflow #5404
branch_meta
/
branch_meta
0s
create_branch_identifier_for_deletion
/
convert_branch_name
CodeQL
/
Analyze CodeQL
1m 33s
Linting
/
Nest Lint
1m 15s
Tests and Sonarcloud
/
Tests and Sonarcloud
10m 13s
scan_helm
/
Kics Helm Chart Scan
25s
Scheduled trivy scan of latest image
/
Trivy Scan
delete_namespace
/
create_keycloak_db_name
delete_namespace
/
create_spsh_app_db_name
delete_namespace
/
create_ticket_nr_variable
select_helm_version_generation_and_image_tag_generation
0s
delete_successful
0s
Publish image and scan with trivy
/
...
/
Trivy Scan
deploy
/
create_dbildungs_iam_keycloak_db_name
deploy
/
create_dbildungs_iam_server_db_name
deploy
/
...
/
search_for_helm_tagname
deploy
/
...
/
search_for_helm_tagname
deploy
/
...
/
search_for_helm_tagname
deploy
/
...
/
search_for_helm_tagname
deploy
/
...
/
run_playwright_end2end_tests
Annotations
1 error and 11 warnings
Tests and Sonarcloud / Tests and Sonarcloud
Process completed with exit code 1.
|
[MEDIUM] Container Running As Root:
charts/dbildungs-iam-server/templates/redis-deployment.yaml#L22
Containers should only run as non-root user. This limits the exploitability of security misconfigurations and restricts an attacker's possibilities in case of compromise
|
[MEDIUM] Container Running With Low UID:
charts/dbildungs-iam-server/templates/redis-deployment.yaml#L38
Check if containers are running with low UID, which might cause conflicts with the host's user table.
|
[MEDIUM] Container Running With Low UID:
charts/dbildungs-iam-server/templates/backend-deployment.yaml#L22
Check if containers are running with low UID, which might cause conflicts with the host's user table.
|
[MEDIUM] Container Running With Low UID:
charts/dbildungs-iam-server/templates/backend-deployment.yaml#L22
Check if containers are running with low UID, which might cause conflicts with the host's user table.
|
[MEDIUM] Container Running With Low UID:
charts/dbildungs-iam-server/templates/redis-deployment.yaml#L34
Check if containers are running with low UID, which might cause conflicts with the host's user table.
|
[MEDIUM] Container Running With Low UID:
charts/dbildungs-iam-server/templates/backend-deployment.yaml#L53
Check if containers are running with low UID, which might cause conflicts with the host's user table.
|
[MEDIUM] NET_RAW Capabilities Not Being Dropped:
charts/dbildungs-iam-server/templates/redis-deployment.yaml#L22
Containers should drop 'ALL' or at least 'NET_RAW' capabilities
|
[MEDIUM] Seccomp Profile Is Not Configured:
charts/dbildungs-iam-server/templates/redis-deployment.yaml#L38
Containers should be configured with a secure Seccomp profile to restrict potentially dangerous syscalls
|
[MEDIUM] Service Account Token Automount Not Disabled:
charts/dbildungs-iam-server/templates/redis-deployment.yaml#L20
Service Account Tokens are automatically mounted even if not necessary
|
[LOW] Container Requests Not Equal To It's Limits:
charts/dbildungs-iam-server/templates/redis-deployment.yaml#L22
Containers must have the same resource requests set as limits. This is recommended to avoid resource DDoS of the node during spikes and means that 'requests.memory' and 'requests.cpu' must equal 'limits.memory' and 'limits.cpu', respectively
|
release_helm / release
The following actions use a deprecated Node.js version and will be forced to run on node20: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/
|