prevent privilege escalation #130
on_push_or_pr.yml
on: push
codeql_analyze
/
Analyze CodeQL
2m 19s
nest_lint
/
Nest Lint
1m 14s
kics_helm
/
Run kics Helm Chart Scan
35s
Annotations
10 warnings
[MEDIUM] CPU Requests Not Set:
charts/dbildungs-iam/templates/dbildungs-iam-deployment-backend.yaml#L1
CPU requests should be set to ensure the sum of the resource requests of the scheduled Containers is less than the capacity of the node
|
[MEDIUM] CPU Requests Not Set:
charts/dbildungs-iam/templates/dbildungs-iam-deployment-bff.yaml#L1
CPU requests should be set to ensure the sum of the resource requests of the scheduled Containers is less than the capacity of the node
|
[MEDIUM] Container Running As Root:
charts/dbildungs-iam/templates/dbildungs-iam-deployment-bff.yaml#L1
Containers should only run as non-root user. This limits the exploitability of security misconfigurations and restricts an attacker's possibilities in case of compromise
|
[MEDIUM] Container Running As Root:
charts/dbildungs-iam/templates/dbildungs-iam-deployment-backend.yaml#L1
Containers should only run as non-root user. This limits the exploitability of security misconfigurations and restricts an attacker's possibilities in case of compromise
|
[MEDIUM] Container Running With Low UID:
charts/dbildungs-iam/templates/dbildungs-iam-deployment-backend.yaml#L34
Check if containers are running with low UID, which might cause conflicts with the host's user table.
|
[MEDIUM] Container Running With Low UID:
charts/dbildungs-iam/templates/dbildungs-iam-deployment-bff.yaml#L35
Check if containers are running with low UID, which might cause conflicts with the host's user table.
|
[MEDIUM] Memory Requests Not Defined:
charts/dbildungs-iam/templates/dbildungs-iam-deployment-bff.yaml#L1
Memory requests should be defined for each container. This allows the kubelet to reserve the requested amount of system resources and prevents over-provisioning on individual nodes
|
[MEDIUM] Memory Requests Not Defined:
charts/dbildungs-iam/templates/dbildungs-iam-deployment-backend.yaml#L1
Memory requests should be defined for each container. This allows the kubelet to reserve the requested amount of system resources and prevents over-provisioning on individual nodes
|
[MEDIUM] NET_RAW Capabilities Not Being Dropped:
charts/dbildungs-iam/templates/dbildungs-iam-deployment-backend.yaml#L1
Containers should drop 'ALL' or at least 'NET_RAW' capabilities
|
[MEDIUM] NET_RAW Capabilities Not Being Dropped:
charts/dbildungs-iam/templates/dbildungs-iam-deployment-bff.yaml#L1
Containers should drop 'ALL' or at least 'NET_RAW' capabilities
|