Add SAST Kubesec scanner workflow and related manifests #22
36 new alerts including 6 errors
New alerts in code changed by this pull request
- 6 errors
- 30 notes
See annotations below for details.
Annotations
Check failure on line 11 in manifests/critical-double.yaml
Code scanning / checkov
Containers should not run with allowPrivilegeEscalation Error
Check notice on line 11 in manifests/critical-double.yaml
Code scanning / checkov
CPU limits should be set Note
Check notice on line 11 in manifests/critical-double.yaml
Code scanning / checkov
CPU requests should be set Note
Check notice on line 11 in manifests/critical-double.yaml
Code scanning / checkov
The default namespace should not be used Note
Check notice on line 11 in manifests/critical-double.yaml
Code scanning / checkov
Minimize the admission of containers with the NET_RAW capability Note
Check notice on line 11 in manifests/critical-double.yaml
Code scanning / checkov
Image should use digest Note
Check notice on line 11 in manifests/critical-double.yaml
Code scanning / checkov
Image Pull Policy should be Always Note
Check notice on line 11 in manifests/critical-double.yaml
Code scanning / checkov
Liveness Probe Should be Configured Note
Check notice on line 11 in manifests/critical-double.yaml
Code scanning / checkov
Memory limits should be set Note
Check notice on line 11 in manifests/critical-double.yaml
Code scanning / checkov
Memory requests should be set Note
Check notice on line 11 in manifests/critical-double.yaml
Code scanning / checkov
Minimize the admission of containers with capabilities assigned Note
Check notice on line 11 in manifests/critical-double.yaml
Code scanning / checkov
Apply security context to your pods and containers Note
Check failure on line 11 in manifests/critical-double.yaml
Code scanning / checkov
Container should not be privileged Error
Check notice on line 11 in manifests/critical-double.yaml
Code scanning / checkov
Readiness Probe Should be Configured Note
Check notice on line 11 in manifests/critical-double.yaml
Code scanning / checkov
Use read-only filesystem for containers where possible Note
Check failure on line 11 in manifests/critical-double.yaml
Code scanning / checkov
Minimize the admission of root containers Error
Check notice on line 11 in manifests/critical-double.yaml
Code scanning / checkov
Containers should run as a high UID to avoid host conflict Note
Check notice on line 11 in manifests/critical-double.yaml
Code scanning / checkov
Ensure that the seccomp profile is set to docker/default or runtime/default Note
Check notice on line 11 in manifests/critical-double.yaml
Code scanning / checkov
Ensure that Service Account Tokens are only mounted where necessary Note
Check failure on line 11 in manifests/critical-double.yaml
Code scanning / checkov
Minimize the admission of pods which lack an associated NetworkPolicy Error
Check failure on line 15 in manifests/score-5-pod-serviceaccount.yaml
Code scanning / checkov
Containers should not run with allowPrivilegeEscalation Error
Check notice on line 15 in manifests/score-5-pod-serviceaccount.yaml
Code scanning / checkov
CPU limits should be set Note
Check notice on line 15 in manifests/score-5-pod-serviceaccount.yaml
Code scanning / checkov
CPU requests should be set Note
Check notice on line 15 in manifests/score-5-pod-serviceaccount.yaml
Code scanning / checkov
The default namespace should not be used Note
Check notice on line 15 in manifests/score-5-pod-serviceaccount.yaml
Code scanning / checkov
Minimize the admission of containers with the NET_RAW capability Note