Back to pull request #327

Merge branch 'main' into SPSH-444 #2173

Sign in to view logs

Triggered via push March 18, 2024 10:32

DPDS93CT

SPSH-444

Status Failure

Total duration 11m 20s

Artifacts 1

image-and-helm-publish-check-deploy-on-push-scheduled.yml

on: push

branch_meta / branch_meta

create_branch_identifier_for_deletion / convert_branch_name

CodeQL / Analyze CodeQL

Linting / Nest Lint

Tests and Sonarcloud / Tests and Sonarcloud

scan_helm / Kics Helm Chart Scan

Scheduled trivy scan of latest image / Trivy Scan

create_branch_identifier / convert_branch_name

delete_namespace / create_keycloak_db_name

delete_namespace / create_spsh_app_db_name

delete_namespace / create_ticket_nr_variable

Publish image and scan with trivy / Publish image to ghcr.io

select_helm_version_generation_and_image_tag_generation

delete_namespace / delete_namespace

Publish image and scan with trivy / ... / Trivy Scan

release_helm / release

delete_successful

deploy / ... / branch_meta

deploy / ... / search_for_helm_tagname

deploy / ... / search_for_helm_tagname

deploy / ... / search_for_helm_tagname

deploy / create_dbildungs_iam_keycloak_db_name

deploy / create_dbildungs_iam_server_db_name

deploy / ... / convert_branch_name

deploy / deployment

deploy / ... / run_playwright_end2end_tests

Annotations

1 error and 16 warnings

deploy / deployment

Process completed with exit code 1.

[MEDIUM] Container Running As Root: charts/dbildungs-iam-server/templates/redis-deployment.yaml#L21

Containers should only run as non-root user. This limits the exploitability of security misconfigurations and restricts an attacker's possibilities in case of compromise

[MEDIUM] Container Running With Low UID: charts/dbildungs-iam-server/templates/redis-deployment.yaml#L43

Check if containers are running with low UID, which might cause conflicts with the host's user table.

[MEDIUM] Container Running With Low UID: charts/dbildungs-iam-server/templates/redis-deployment.yaml#L43

Check if containers are running with low UID, which might cause conflicts with the host's user table.

[MEDIUM] Container Running With Low UID: charts/dbildungs-iam-server/templates/deployment-backend.yaml#L71

Check if containers are running with low UID, which might cause conflicts with the host's user table.

[MEDIUM] Container Running With Low UID: charts/dbildungs-iam-server/templates/deployment-backend.yaml#L21

Check if containers are running with low UID, which might cause conflicts with the host's user table.

[MEDIUM] Container Running With Low UID: charts/dbildungs-iam-server/templates/deployment-backend.yaml#L21

Check if containers are running with low UID, which might cause conflicts with the host's user table.

[MEDIUM] NET_RAW Capabilities Not Being Dropped: charts/dbildungs-iam-server/templates/redis-deployment.yaml#L21

Containers should drop 'ALL' or at least 'NET_RAW' capabilities

[MEDIUM] Seccomp Profile Is Not Configured: charts/dbildungs-iam-server/templates/redis-deployment.yaml#L43

Containers should be configured with a secure Seccomp profile to restrict potentially dangerous syscalls

[MEDIUM] Service Account Token Automount Not Disabled: charts/dbildungs-iam-server/templates/redis-deployment.yaml#L19

Service Account Tokens are automatically mounted even if not necessary

[MEDIUM] Service Account Token Automount Not Disabled: charts/dbildungs-iam-server/templates/deployment-backend.yaml#L19

Service Account Tokens are automatically mounted even if not necessary

release_helm / release

Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.

deploy / find_dbildungs_iam_server_helm_chart_tag / search_for_helm_tagname

Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: cardinalby/git-get-release-action@cedef2faf69cb7c55b285bad07688d04430b7ada. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.

deploy / find_dbildungs_iam_keycloak_helm_chart_tag / search_for_helm_tagname

Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: cardinalby/git-get-release-action@cedef2faf69cb7c55b285bad07688d04430b7ada. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.

deploy / find_dbildungs_iam_keycloak_helm_chart_tag / search_for_helm_tagname

Release not found

deploy / find_schulportal_client_helm_chart_tag / search_for_helm_tagname

Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: cardinalby/git-get-release-action@cedef2faf69cb7c55b285bad07688d04430b7ada. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.

deploy / find_schulportal_client_helm_chart_tag / search_for_helm_tagname

Release not found

Artifacts

Produced during runtime

Name	Size
test-artifacts Expired	683 KB