changed cronjob values #14
scan-helm-on-push.yml
on: push
scan_helm
/
Kics Helm Chart Scan
29s
Annotations
7 warnings
scan_helm / Kics Helm Chart Scan
The following actions use a deprecated Node.js version and will be forced to run on node20: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/
|
[MEDIUM] Service Account Token Automount Not Disabled:
charts/schulportal-load-tests/templates/cronjob.yaml#L19
Service Account Tokens are automatically mounted even if not necessary
|
[LOW] CronJob Deadline Not Configured:
charts/schulportal-load-tests/templates/cronjob.yaml#L2
Cronjobs must have a configured deadline, which means the attribute 'startingDeadlineSeconds' must be defined
|
[LOW] Missing AppArmor Profile:
charts/schulportal-load-tests/templates/cronjob.yaml#L15
Containers should be configured with an AppArmor profile to enforce fine-grained access control over low-level system resources
|
[LOW] Pod or Container Without LimitRange:
charts/schulportal-load-tests/templates/cronjob.yaml#L2
Each namespace should have a LimitRange policy associated to ensure that resource allocations of Pods, Containers and PersistentVolumeClaims do not exceed the defined boundaries
|
[LOW] Pod or Container Without ResourceQuota:
charts/schulportal-load-tests/templates/cronjob.yaml#L2
Each namespace should have a ResourceQuota policy associated to limit the total amount of resources Pods, Containers and PersistentVolumeClaims can consume
|
[INFO] Ensure Administrative Boundaries Between Resources:
charts/schulportal-load-tests/templates/cronjob.yaml#L6
As a best practice, ensure that is made the correct use of namespaces to adequately administer your resources. Kubernetes Authorization plugins can also be used to create policies that segregate user access to namespaces.
|