test GHA 16 #42
Annotations
11 warnings
The following actions use a deprecated Node.js version and will be forced to run on node20: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/
|
Scan with kics:
charts/schulportal-load-tests/templates/cronjob.yaml#L56
CPU limits should be set because if the system has CPU time free, a container is guaranteed to be allocated as much CPU as it requests
|
Scan with kics:
charts/schulportal-load-tests/templates/cronjob.yaml#L56
CPU requests should be set to ensure the sum of the resource requests of the scheduled Containers is less than the capacity of the node
|
Scan with kics:
charts/schulportal-load-tests/templates/cronjob.yaml#L56
Containers should only run as non-root user. This limits the exploitability of security misconfigurations and restricts an attacker's possibilities in case of compromise
|
Scan with kics:
charts/schulportal-load-tests/templates/cronjob.yaml#L56
Check if containers are running with low UID, which might cause conflicts with the host's user table.
|
Scan with kics:
charts/schulportal-load-tests/templates/cronjob.yaml#L56
Memory limits should be defined for each container. This prevents potential resource exhaustion by ensuring that containers consume not more than the designated amount of memory
|
Scan with kics:
charts/schulportal-load-tests/templates/cronjob.yaml#L56
Memory requests should be defined for each container. This allows the kubelet to reserve the requested amount of system resources and prevents over-provisioning on individual nodes
|
Scan with kics:
charts/schulportal-load-tests/templates/cronjob.yaml#L56
Containers should drop 'ALL' or at least 'NET_RAW' capabilities
|
Scan with kics:
charts/schulportal-load-tests/templates/cronjob.yaml#L56
Containers should be configured with a secure Seccomp profile to restrict potentially dangerous syscalls
|
Scan with kics:
charts/schulportal-load-tests/templates/cronjob.yaml#L56
Images should be specified together with their digests to ensure integrity
|
Scan with kics:
charts/schulportal-load-tests/templates/cronjob.yaml#L17
Containers should be configured with an AppArmor profile to enforce fine-grained access control over low-level system resources
|
Set up job
1s
1s
Error:
This step has been truncated due to its large size. Download the full logs from the menu
once the workflow run has completed.
Build checkmarx/kics-github-action@8a44970e3d2eca668be41abe9d4e06709c3b3609
13s
13s
Error:
This step has been truncated due to its large size. Download the full logs from the menu
once the workflow run has completed.
Checkout repository
0s
0s
Error:
This step has been truncated due to its large size. Download the full logs from the menu
once the workflow run has completed.
Scan with kics
12s
12s
Error:
This step has been truncated due to its large size. Download the full logs from the menu
once the workflow run has completed.
Post Checkout repository
0s
0s
Error:
This step has been truncated due to its large size. Download the full logs from the menu
once the workflow run has completed.
Complete job
0s
0s
Error:
This step has been truncated due to its large size. Download the full logs from the menu
once the workflow run has completed.
Loading