KICS security and vulnerability scanner

Chore/upstream contribution #2119

Sign in to view logs

Summary
Jobs
- Analyze
Run details
- Usage
- Workflow file

Triggered via pull request January 13, 2025 14:30

opened #906

Cofinity-X:chore/upstream-contribution

Status Success

Total duration 55s

Artifacts 1

kics.yml

on: pull_request

Annotations

11 warnings

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

[MEDIUM] Using Unrecommended Namespace: charts/item-relationship-service/templates/deployment.yaml#L24

Namespaces like 'default', 'kube-system' or 'kube-public' should not be used

[MEDIUM] Using Unrecommended Namespace: charts/item-relationship-service/templates/configmap-spring-app-config.yaml#L26

Namespaces like 'default', 'kube-system' or 'kube-public' should not be used

[MEDIUM] Using Unrecommended Namespace: charts/item-relationship-service/templates/service.yaml#L25

Namespaces like 'default', 'kube-system' or 'kube-public' should not be used

[LOW] Image Pull Policy Of The Container Is Not Set To Always: charts/item-relationship-service/templates/deployment.yaml#L58

Image Pull Policy of the container must be defined and set to Always

[LOW] Image Without Digest: charts/item-relationship-service/templates/deployment.yaml#L58

Images should be specified together with their digests to ensure integrity

[LOW] Missing AppArmor Profile: charts/item-relationship-service/templates/deployment.yaml#L40

Containers should be configured with an AppArmor profile to enforce fine-grained access control over low-level system resources

[LOW] Pod or Container Without LimitRange: charts/item-relationship-service/templates/deployment.yaml#L23

Each namespace should have a LimitRange policy associated to ensure that resource allocations of Pods, Containers and PersistentVolumeClaims do not exceed the defined boundaries

[LOW] Pod or Container Without ResourceQuota: charts/item-relationship-service/templates/deployment.yaml#L23

Each namespace should have a ResourceQuota policy associated to limit the total amount of resources Pods, Containers and PersistentVolumeClaims can consume

[LOW] Secrets As Environment Variables: charts/item-relationship-service/templates/deployment.yaml#L73

Container should not use secrets as environment variables

[LOW] Secrets As Environment Variables: charts/item-relationship-service/templates/deployment.yaml#L73

Container should not use secrets as environment variables

Artifacts

Produced during runtime

Name	Size
kicsResults.json	6.73 KB