KICS #9
Annotations
1 error and 13 warnings
Upload SARIF file for GitHub Advanced Security Dashboard
Advanced Security must be enabled for this repository to use code scanning.
|
Upload SARIF file for GitHub Advanced Security Dashboard
Advanced Security must be enabled for this repository to use code scanning.
|
Upload SARIF file for GitHub Advanced Security Dashboard
Advanced Security must be enabled for this repository to use code scanning.
|
Upload SARIF file for GitHub Advanced Security Dashboard
Advanced Security must be enabled for this repository to use code scanning.
|
KICS scan:
charts/dim/templates/deployment.yaml#L39
Check if containers are running with low UID, which might cause conflicts with the host's user table.
|
KICS scan:
charts/dim/templates/cronjob-processes.yaml#L37
Check if containers are running with low UID, which might cause conflicts with the host's user table.
|
KICS scan:
charts/dim/templates/deployment.yaml#L39
Containers should be configured with a secure Seccomp profile to restrict potentially dangerous syscalls
|
KICS scan:
charts/dim/templates/cronjob-processes.yaml#L37
Containers should be configured with a secure Seccomp profile to restrict potentially dangerous syscalls
|
KICS scan:
charts/dim/templates/deployment.yaml#L38
Service Account Tokens are automatically mounted even if not necessary
|
KICS scan:
charts/dim/templates/cronjob-processes.yaml#L35
Service Account Tokens are automatically mounted even if not necessary
|
KICS scan:
.github/workflows/release.yml#L61
Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
|
KICS scan:
.github/workflows/release-please.yml#L36
Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
|
KICS scan:
charts/dim/templates/cronjob-processes.yaml#L135
Containers must have the same resource requests set as limits. This is recommended to avoid resource DDoS of the node during spikes and means that 'requests.memory' and 'requests.cpu' must equal 'limits.memory' and 'limits.cpu', respectively
|
KICS scan:
charts/dim/templates/deployment.yaml#L143
Containers must have the same resource requests set as limits. This is recommended to avoid resource DDoS of the node during spikes and means that 'requests.memory' and 'requests.cpu' must equal 'limits.memory' and 'limits.cpu', respectively
|
Loading