Skip to content
Scan Helm on push

DBP-380 Add Ionos token auth to autoscaler (#21) #67

Sign in to view logs

DBP-380 Add Ionos token auth to autoscaler (#21)

DBP-380 Add Ionos token auth to autoscaler (#21) #67

Triggered via push August 9, 2024 09:46
@MWesterholzMWesterholz
pushed c6bf5b9
DBP-857-Publish-branch-Helm-charts
Status Success
Total duration 32s
Artifacts

scan-helm-on-push.yml

on: push
scan_helm  /  Kics Helm Chart Scan
23s
scan_helm / Kics Helm Chart Scan
Fit to window
Zoom out
Zoom in

Annotations

11 warnings
scan_helm / Kics Helm Chart Scan
The following actions uses Node.js version which is deprecated and will be forced to run on node20: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/
[MEDIUM] CPU Limits Not Set: charts/infra-autoscaler/templates/deployment.yaml#L63
CPU limits should be set because if the system has CPU time free, a container is guaranteed to be allocated as much CPU as it requests
[MEDIUM] CPU Requests Not Set: charts/infra-autoscaler/templates/deployment.yaml#L63
CPU requests should be set to ensure the sum of the resource requests of the scheduled Containers is less than the capacity of the node
[MEDIUM] Memory Limits Not Defined: charts/infra-autoscaler/templates/deployment.yaml#L63
Memory limits should be defined for each container. This prevents potential resource exhaustion by ensuring that containers consume not more than the designated amount of memory
[MEDIUM] Memory Requests Not Defined: charts/infra-autoscaler/templates/deployment.yaml#L63
Memory requests should be defined for each container. This allows the kubelet to reserve the requested amount of system resources and prevents over-provisioning on individual nodes
[MEDIUM] Seccomp Profile Is Not Configured: charts/infra-autoscaler/templates/deployment.yaml#L63
Containers should be configured with a secure Seccomp profile to restrict potentially dangerous syscalls
[MEDIUM] Using Unrecommended Namespace: charts/infra-autoscaler/templates/serviceaccount.yaml#L5
Namespaces like 'default', 'kube-system' or 'kube-public' should not be used
[MEDIUM] Using Unrecommended Namespace: charts/infra-autoscaler/templates/configmap.yaml#L4
Namespaces like 'default', 'kube-system' or 'kube-public' should not be used
[LOW] Missing AppArmor Profile: charts/infra-autoscaler/templates/deployment.yaml#L13
Containers should be configured with an AppArmor profile to enforce fine-grained access control over low-level system resources
[LOW] Pod or Container Without LimitRange: charts/infra-autoscaler/templates/deployment.yaml#L1
Each namespace should have a LimitRange policy associated to ensure that resource allocations of Pods, Containers and PersistentVolumeClaims do not exceed the defined boundaries
[LOW] Pod or Container Without ResourceQuota: charts/infra-autoscaler/templates/deployment.yaml#L1
Each namespace should have a ResourceQuota policy associated to limit the total amount of resources Pods, Containers and PersistentVolumeClaims can consume