DBP-1011-fix-tag-pattern #6
Annotations
10 warnings
Scan with kics:
status/templates/deployment.yaml#L34
Check if containers are running with low UID, which might cause conflicts with the host's user table.
|
Scan with kics:
status/templates/deployment.yaml#L34
Containers should drop 'ALL' or at least 'NET_RAW' capabilities
|
Scan with kics:
status/templates/deployment.yaml#L34
Containers should be configured with a secure Seccomp profile to restrict potentially dangerous syscalls
|
Scan with kics:
status/templates/deployment.yaml#L26
Service Account Tokens are automatically mounted even if not necessary
|
Scan with kics:
status/templates/secret.yaml#L5
Namespaces like 'default', 'kube-system' or 'kube-public' should not be used
|
Scan with kics:
status/templates/configmap-files.yaml#L4
Namespaces like 'default', 'kube-system' or 'kube-public' should not be used
|
Scan with kics:
status/templates/service.yaml#L3
Namespaces like 'default', 'kube-system' or 'kube-public' should not be used
|
Scan with kics:
status/templates/configmap.yaml#L4
Namespaces like 'default', 'kube-system' or 'kube-public' should not be used
|
Scan with kics:
status/templates/deployment.yaml#L113
Containers can mount sensitive folders from the hosts, giving them potentially dangerous access to critical host configurations and binaries.
|
Scan with kics:
status/templates/deployment.yaml#L96
Containers must have the same resource requests set as limits. This is recommended to avoid resource DDoS of the node during spikes and means that 'requests.memory' and 'requests.cpu' must equal 'limits.memory' and 'limits.cpu', respectively
|
Loading