Update Terraform terraform-aws-modules/iam/aws to v5 #1040
Annotations
10 warnings
[HIGH] NET_RAW Capabilities Not Being Dropped:
charts/kubernetes-cost-report/templates/deployment.yaml#L1
Containers should drop 'ALL' or at least 'NET_RAW' capabilities
|
[HIGH] Privilege Escalation Allowed:
charts/kubernetes-cost-report/templates/deployment.yaml#L1
Containers should not run with allowPrivilegeEscalation in order to prevent them from gaining more privileges than their parent process
|
[MEDIUM] CPU Limits Not Set:
charts/kubernetes-cost-report/templates/deployment.yaml#L1
CPU limits should be set because if the system has CPU time free, a container is guaranteed to be allocated as much CPU as it requests
|
[MEDIUM] CPU Requests Not Set:
charts/kubernetes-cost-report/templates/deployment.yaml#L1
CPU requests should be set to ensure the sum of the resource requests of the scheduled Containers is less than the capacity of the node
|
[MEDIUM] Container Running As Root:
charts/kubernetes-cost-report/templates/deployment.yaml#L1
Containers should only run as non-root user. This limits the exploitability of security misconfigurations and restricts an attacker's possibilities in case of compromise
|
[MEDIUM] Container Running With Low UID:
charts/kubernetes-cost-report/templates/deployment.yaml#L30
Check if containers are running with low UID, which might cause conflicts with the host's user table.
|
[MEDIUM] Memory Limits Not Defined:
charts/kubernetes-cost-report/templates/deployment.yaml#L1
Memory limits should be defined for each container. This prevents potential resource exhaustion by ensuring that containers consume not more than the designated amount of memory
|
[MEDIUM] Memory Requests Not Defined:
charts/kubernetes-cost-report/templates/deployment.yaml#L1
Memory requests should be defined for each container. This allows the kubelet to reserve the requested amount of system resources and prevents over-provisioning on individual nodes
|
[MEDIUM] Seccomp Profile Is Not Configured:
charts/kubernetes-cost-report/templates/deployment.yaml#L1
Containers should be configured with a secure Seccomp profile to restrict potentially dangerous syscalls
|
[MEDIUM] Service Account Token Automount Not Disabled:
charts/kubernetes-cost-report/templates/deployment.yaml#L1
Service Account Tokens are automatically mounted even if not necessary
|