feat(osp): remove create role and assign configure role to cx admin (… #717
evegufyAnnotations
1 error and 10 warnings
|
Analyze
KICS scan failed with exit code 50
|
|
[HIGH] Privilege Escalation Allowed:
charts/centralidp/templates/job-seeding.yaml#L227
Containers should not run with allowPrivilegeEscalation in order to prevent them from gaining more privileges than their parent process
|
|
[HIGH] Privilege Escalation Allowed:
charts/centralidp/templates/job-seeding.yaml#L227
Containers should not run with allowPrivilegeEscalation in order to prevent them from gaining more privileges than their parent process
|
|
[MEDIUM] Container Running As Root:
charts/centralidp/templates/job-seeding.yaml#L227
Containers should only run as non-root user. This limits the exploitability of security misconfigurations and restricts an attacker's possibilities in case of compromise
|
|
[MEDIUM] Container Running As Root:
charts/centralidp/templates/job-seeding.yaml#L227
Containers should only run as non-root user. This limits the exploitability of security misconfigurations and restricts an attacker's possibilities in case of compromise
|
|
[MEDIUM] Container Running With Low UID:
charts/centralidp/templates/job-seeding.yaml#L32
Check if containers are running with low UID, which might cause conflicts with the host's user table.
|
|
[MEDIUM] Container Running With Low UID:
charts/centralidp/templates/job-seeding.yaml#L227
Check if containers are running with low UID, which might cause conflicts with the host's user table.
|
|
[MEDIUM] Container Running With Low UID:
charts/centralidp/templates/job-seeding.yaml#L227
Check if containers are running with low UID, which might cause conflicts with the host's user table.
|
|
[MEDIUM] Memory Limits Not Defined:
charts/centralidp/templates/job-seeding.yaml#L227
Memory limits should be defined for each container. This prevents potential resource exhaustion by ensuring that containers consume not more than the designated amount of memory
|
|
[MEDIUM] Memory Limits Not Defined:
charts/centralidp/templates/job-seeding.yaml#L227
Memory limits should be defined for each container. This prevents potential resource exhaustion by ensuring that containers consume not more than the designated amount of memory
|
|
[MEDIUM] Memory Requests Not Defined:
charts/centralidp/templates/job-seeding.yaml#L227
Memory requests should be defined for each container. This allows the kubelet to reserve the requested amount of system resources and prevents over-provisioning on individual nodes
|