Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feat/update helm charts #44

Merged
merged 2 commits into from
Oct 26, 2023

Merge branch 'main' into feat/update-helm-charts

acff237
Select commit
Loading
Failed to load commit list.
Merged

Feat/update helm charts #44

Merge branch 'main' into feat/update-helm-charts
acff237
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / Trivy succeeded Oct 24, 2023 in 4s

16 new alerts including 2 medium severity security vulnerabilities

New alerts in code changed by this pull request

Security Alerts:

  • 2 medium
  • 14 low

See annotations below for details.

View all branch alerts.

Annotations

Check notice on line 110 in charts/puris/charts/backend/templates/deployment.yaml

See this annotation in the file changed.

Code scanning / Trivy

Default capabilities: some containers do not drop all Low

Artifact: charts/puris/charts/backend/templates/deployment.yaml
Type: helm
Vulnerability KSV003
Severity: LOW
Message: Container 'backend' of Deployment 'backend' should add 'ALL' to 'securityContext.capabilities.drop'
Link: KSV003

Check notice on line 110 in charts/puris/charts/backend/templates/deployment.yaml

See this annotation in the file changed.

Code scanning / Trivy

Default capabilities: some containers do not drop all Low

Artifact: charts/puris/charts/backend/templates/deployment.yaml
Type: helm
Vulnerability KSV003
Severity: LOW
Message: Container 'backend' of Deployment 'puris-backend' should add 'ALL' to 'securityContext.capabilities.drop'
Link: KSV003

Check notice on line 110 in charts/puris/charts/backend/templates/deployment.yaml

See this annotation in the file changed.

Code scanning / Trivy

Root file system is not read-only Low

Artifact: charts/puris/charts/backend/templates/deployment.yaml
Type: helm
Vulnerability KSV014
Severity: LOW
Message: Container 'backend' of Deployment 'backend' should set 'securityContext.readOnlyRootFilesystem' to true
Link: KSV014

Check notice on line 110 in charts/puris/charts/backend/templates/deployment.yaml

See this annotation in the file changed.

Code scanning / Trivy

Root file system is not read-only Low

Artifact: charts/puris/charts/backend/templates/deployment.yaml
Type: helm
Vulnerability KSV014
Severity: LOW
Message: Container 'backend' of Deployment 'puris-backend' should set 'securityContext.readOnlyRootFilesystem' to true
Link: KSV014

Check notice on line 110 in charts/puris/charts/backend/templates/deployment.yaml

See this annotation in the file changed.

Code scanning / Trivy

Runs with UID <= 10000 Low

Artifact: charts/puris/charts/backend/templates/deployment.yaml
Type: helm
Vulnerability KSV020
Severity: LOW
Message: Container 'backend' of Deployment 'backend' should set 'securityContext.runAsUser' > 10000
Link: KSV020

Check notice on line 110 in charts/puris/charts/backend/templates/deployment.yaml

See this annotation in the file changed.

Code scanning / Trivy

Runs with UID <= 10000 Low

Artifact: charts/puris/charts/backend/templates/deployment.yaml
Type: helm
Vulnerability KSV020
Severity: LOW
Message: Container 'backend' of Deployment 'puris-backend' should set 'securityContext.runAsUser' > 10000
Link: KSV020

Check notice on line 110 in charts/puris/charts/backend/templates/deployment.yaml

See this annotation in the file changed.

Code scanning / Trivy

Runs with GID <= 10000 Low

Artifact: charts/puris/charts/backend/templates/deployment.yaml
Type: helm
Vulnerability KSV021
Severity: LOW
Message: Container 'backend' of Deployment 'backend' should set 'securityContext.runAsGroup' > 10000
Link: KSV021

Check notice on line 110 in charts/puris/charts/backend/templates/deployment.yaml

See this annotation in the file changed.

Code scanning / Trivy

Runs with GID <= 10000 Low

Artifact: charts/puris/charts/backend/templates/deployment.yaml
Type: helm
Vulnerability KSV021
Severity: LOW
Message: Container 'backend' of Deployment 'puris-backend' should set 'securityContext.runAsGroup' > 10000
Link: KSV021

Check notice on line 110 in charts/puris/charts/backend/templates/deployment.yaml

See this annotation in the file changed.

Code scanning / Trivy

Runtime/Default Seccomp profile not set Low

Artifact: charts/puris/charts/backend/templates/deployment.yaml
Type: helm
Vulnerability KSV030
Severity: LOW
Message: Either Pod or Container should set 'securityContext.seccompProfile.type' to 'RuntimeDefault'
Link: KSV030

Check notice on line 110 in charts/puris/charts/backend/templates/deployment.yaml

See this annotation in the file changed.

Code scanning / Trivy

Runtime/Default Seccomp profile not set Low

Artifact: charts/puris/charts/backend/templates/deployment.yaml
Type: helm
Vulnerability KSV030
Severity: LOW
Message: Either Pod or Container should set 'securityContext.seccompProfile.type' to 'RuntimeDefault'
Link: KSV030

Check warning on line 1 in charts/puris/charts/backend/templates/deployment.yaml

See this annotation in the file changed.

Code scanning / Trivy

Seccomp policies disabled Medium

Artifact: charts/puris/charts/backend/templates/deployment.yaml
Type: helm
Vulnerability KSV104
Severity: MEDIUM
Message: container backend of deployment backend in default namespace should specify a seccomp profile
Link: KSV104

Check warning on line 1 in charts/puris/charts/backend/templates/deployment.yaml

See this annotation in the file changed.

Code scanning / Trivy

Seccomp policies disabled Medium

Artifact: charts/puris/charts/backend/templates/deployment.yaml
Type: helm
Vulnerability KSV104
Severity: MEDIUM
Message: container backend of deployment puris-backend in default namespace should specify a seccomp profile
Link: KSV104

Check notice on line 110 in charts/puris/charts/backend/templates/deployment.yaml

See this annotation in the file changed.

Code scanning / Trivy

Container capabilities must only include NET_BIND_SERVICE Low

Artifact: charts/puris/charts/backend/templates/deployment.yaml
Type: helm
Vulnerability KSV106
Severity: LOW
Message: container should drop all
Link: KSV106

Check notice on line 110 in charts/puris/charts/backend/templates/deployment.yaml

See this annotation in the file changed.

Code scanning / Trivy

Container capabilities must only include NET_BIND_SERVICE Low

Artifact: charts/puris/charts/backend/templates/deployment.yaml
Type: helm
Vulnerability KSV106
Severity: LOW
Message: container should drop all
Link: KSV106

Check notice on line 1 in charts/puris/charts/backend/templates/deployment.yaml

See this annotation in the file changed.

Code scanning / Trivy

Runs with a root primary or supplementary GID Low

Artifact: charts/puris/charts/backend/templates/deployment.yaml
Type: helm
Vulnerability KSV116
Severity: LOW
Message: deployment backend in default namespace should set spec.securityContext.runAsGroup, spec.securityContext.supplementalGroups[*] and spec.securityContext.fsGroup to integer greater than 0
Link: KSV116

Check notice on line 1 in charts/puris/charts/backend/templates/deployment.yaml

See this annotation in the file changed.

Code scanning / Trivy

Runs with a root primary or supplementary GID Low

Artifact: charts/puris/charts/backend/templates/deployment.yaml
Type: helm
Vulnerability KSV116
Severity: LOW
Message: deployment puris-backend in default namespace should set spec.securityContext.runAsGroup, spec.securityContext.supplementalGroups[*] and spec.securityContext.fsGroup to integer greater than 0
Link: KSV116