Merge pull request #28 from eclipse-tractusx/docs/consultation #288
evegufyAnnotations
1 error and 10 warnings
|
Analyze
KICS scan failed with exit code 50
|
|
[HIGH] Privilege Escalation Allowed:
docs/consultation/environments/sharedidp/blue/postgresql-db-shared-blue-statefulset.yaml#L49
Containers should not run with allowPrivilegeEscalation in order to prevent them from gaining more privileges than their parent process
|
|
[HIGH] Privilege Escalation Allowed:
docs/consultation/environments/centralidp/blue/postgresql-db-central-blue-statefulset.yaml#L49
Containers should not run with allowPrivilegeEscalation in order to prevent them from gaining more privileges than their parent process
|
|
[MEDIUM] CPU Limits Not Set:
docs/consultation/environments/sharedidp/blue/postgresql-db-shared-blue-statefulset.yaml#L49
CPU limits should be set because if the system has CPU time free, a container is guaranteed to be allocated as much CPU as it requests
|
|
[MEDIUM] CPU Limits Not Set:
docs/consultation/environments/centralidp/blue/postgresql-db-central-blue-statefulset.yaml#L49
CPU limits should be set because if the system has CPU time free, a container is guaranteed to be allocated as much CPU as it requests
|
|
[MEDIUM] CPU Requests Not Set:
docs/consultation/environments/centralidp/blue/postgresql-db-central-blue-statefulset.yaml#L49
CPU requests should be set to ensure the sum of the resource requests of the scheduled Containers is less than the capacity of the node
|
|
[MEDIUM] CPU Requests Not Set:
docs/consultation/environments/sharedidp/blue/postgresql-db-shared-blue-statefulset.yaml#L49
CPU requests should be set to ensure the sum of the resource requests of the scheduled Containers is less than the capacity of the node
|
|
[MEDIUM] Container Running As Root:
docs/consultation/environments/centralidp/blue/postgresql-db-central-blue-statefulset.yaml#L49
Containers should only run as non-root user. This limits the exploitability of security misconfigurations and restricts an attacker's possibilities in case of compromise
|
|
[MEDIUM] Container Running As Root:
docs/consultation/environments/sharedidp/blue/postgresql-db-shared-blue-statefulset.yaml#L49
Containers should only run as non-root user. This limits the exploitability of security misconfigurations and restricts an attacker's possibilities in case of compromise
|
|
[MEDIUM] Container Running With Low UID:
docs/consultation/environments/sharedidp/blue/postgresql-db-shared-blue-statefulset.yaml#L49
Check if containers are running with low UID, which might cause conflicts with the host's user table.
|
|
[MEDIUM] Container Running With Low UID:
docs/consultation/environments/centralidp/blue/postgresql-db-central-blue-statefulset.yaml#L49
Check if containers are running with low UID, which might cause conflicts with the host's user table.
|