CKV_K8S_35: "Prefer using secrets as files over secrets as environment variables"

CKV_K8S_15: "Image Pull Policy should be Always"

CKV_K8S_38: "Ensure that Service Account Tokens are only mounted where necessary"

CKV_K8S_40: "Containers should run as a high UID to avoid host conflict"

CKV_K8S_31: "Ensure that the seccomp profile is set to docker/default or runtime/default"

CKV_K8S_43: "Image should use digest"

CKV_K8S_28: "Minimize the admission of containers with the NET_RAW capability"

CKV_K8S_22: "Use read-only filesystem for containers where possible"

CKV_K8S_29: "Apply security context to your pods and containers"

CKV_K8S_8: "Liveness Probe Should be Configured"

The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-python@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/

The following actions use a deprecated Node.js version and will be forced to run on node20: actions/setup-python@v1, actions/checkout@v3, github/codeql-action/upload-sarif@v2. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/