github.com/argoproj/argo-cd/v2@v2.10.5/docs/snyk/v2.7.14/argocd-iac-install.html (about) 1 <!DOCTYPE html> 2 <html lang="en"> 3 4 <head> 5 <meta http-equiv="Content-type" content="text/html; charset=utf-8"> 6 <meta http-equiv="Content-Language" content="en-us"> 7 <meta name="viewport" content="width=device-width, initial-scale=1.0"> 8 <meta http-equiv="X-UA-Compatible" content="IE=edge"> 9 <title>Snyk test report</title> 10 <meta name="description" content=" known vulnerabilities found in ."> 11 <base target="_blank"> 12 <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png" 13 sizes="194x194"> 14 <link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico"> 15 <style type="text/css"> 16 17 body { 18 -moz-font-feature-settings: "pnum"; 19 -webkit-font-feature-settings: "pnum"; 20 font-variant-numeric: proportional-nums; 21 display: flex; 22 flex-direction: column; 23 font-feature-settings: "pnum"; 24 font-size: 100%; 25 line-height: 1.5; 26 min-height: 100vh; 27 -webkit-text-size-adjust: 100%; 28 margin: 0; 29 padding: 0; 30 background-color: #F5F5F5; 31 font-family: 'Arial', 'Helvetica', Calibri, sans-serif; 32 } 33 34 h1, 35 h2, 36 h3, 37 h4, 38 h5, 39 h6 { 40 font-weight: 500; 41 } 42 43 a, 44 a:link, 45 a:visited { 46 border-bottom: 1px solid #4b45a9; 47 text-decoration: none; 48 color: #4b45a9; 49 } 50 51 a:hover, 52 a:focus, 53 a:active { 54 border-bottom: 1px solid #4b45a9; 55 } 56 57 hr { 58 border: none; 59 margin: 1em 0; 60 border-top: 1px solid #c5c5c5; 61 } 62 63 ul { 64 padding: 0 1em; 65 margin: 1em 0; 66 } 67 68 code { 69 background-color: #EEE; 70 color: #333; 71 padding: 0.25em 0.5em; 72 border-radius: 0.25em; 73 } 74 75 pre { 76 background-color: #333; 77 font-family: monospace; 78 padding: 0.5em 1em 0.75em; 79 border-radius: 0.25em; 80 font-size: 14px; 81 } 82 83 pre code { 84 padding: 0; 85 background-color: transparent; 86 color: #fff; 87 } 88 89 a code { 90 border-radius: .125rem .125rem 0 0; 91 padding-bottom: 0; 92 color: #4b45a9; 93 } 94 95 a[href^="http://"]:after, 96 a[href^="https://"]:after { 97 background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E"); 98 background-repeat: no-repeat; 99 background-size: .75rem; 100 content: ""; 101 display: inline-block; 102 height: .75rem; 103 margin-left: .25rem; 104 width: .75rem; 105 } 106 107 108 /* Layout */ 109 110 [class*=layout-container] { 111 margin: 0 auto; 112 max-width: 71.25em; 113 padding: 1.9em 1.3em; 114 position: relative; 115 } 116 .layout-container--short { 117 padding-top: 0; 118 padding-bottom: 0; 119 max-width: 48.75em; 120 } 121 122 .layout-container--short:after { 123 display: block; 124 content: ""; 125 clear: both; 126 } 127 128 /* Header */ 129 130 .header { 131 padding-bottom: 1px; 132 } 133 134 .paths { 135 margin-left: 8px; 136 } 137 .header-wrap { 138 display: flex; 139 flex-direction: row; 140 justify-content: space-between; 141 padding-top: 2em; 142 } 143 .project__header { 144 background-color: #4b45a9; 145 color: #fff; 146 margin-bottom: -1px; 147 padding-top: 1em; 148 padding-bottom: 0.25em; 149 border-bottom: 2px solid #BBB; 150 } 151 152 .project__header__title { 153 overflow-wrap: break-word; 154 word-wrap: break-word; 155 word-break: break-all; 156 margin-bottom: .1em; 157 margin-top: 0; 158 } 159 160 .timestamp { 161 float: right; 162 clear: none; 163 margin-bottom: 0; 164 } 165 166 .meta-counts { 167 clear: both; 168 display: block; 169 flex-wrap: wrap; 170 justify-content: space-between; 171 margin: 0 0 1.5em; 172 color: #fff; 173 clear: both; 174 font-size: 1.1em; 175 } 176 177 .meta-count { 178 display: block; 179 flex-basis: 100%; 180 margin: 0 1em 1em 0; 181 float: left; 182 padding-right: 1em; 183 border-right: 2px solid #fff; 184 } 185 186 .meta-count:last-child { 187 border-right: 0; 188 padding-right: 0; 189 margin-right: 0; 190 } 191 192 /* Card */ 193 194 .card { 195 background-color: #fff; 196 border: 1px solid #c5c5c5; 197 border-radius: .25rem; 198 margin: 0 0 2em 0; 199 position: relative; 200 min-height: 40px; 201 padding: 1.5em; 202 } 203 204 .card .label { 205 background-color: #767676; 206 border: 2px solid #767676; 207 color: white; 208 padding: 0.25rem 0.75rem; 209 font-size: 0.875rem; 210 text-transform: uppercase; 211 display: inline-block; 212 margin: 0; 213 border-radius: 0.25rem; 214 } 215 216 .card .label__text { 217 vertical-align: text-top; 218 font-weight: bold; 219 } 220 221 .card .label--critical { 222 background-color: #AB1A1A; 223 border-color: #AB1A1A; 224 } 225 226 .card .label--high { 227 background-color: #CE5019; 228 border-color: #CE5019; 229 } 230 231 .card .label--medium { 232 background-color: #D68000; 233 border-color: #D68000; 234 } 235 236 .card .label--low { 237 background-color: #88879E; 238 border-color: #88879E; 239 } 240 241 .severity--low { 242 border-color: #88879E; 243 } 244 245 .severity--medium { 246 border-color: #D68000; 247 } 248 249 .severity--high { 250 border-color: #CE5019; 251 } 252 253 .severity--critical { 254 border-color: #AB1A1A; 255 } 256 257 .card--vuln { 258 padding-top: 4em; 259 } 260 261 .card--vuln .label { 262 left: 0; 263 position: absolute; 264 top: 1.1em; 265 padding-left: 1.9em; 266 padding-right: 1.9em; 267 border-radius: 0 0.25rem 0.25rem 0; 268 } 269 270 .card--vuln .card__section h2 { 271 font-size: 22px; 272 margin-bottom: 0.5em; 273 } 274 275 .card--vuln .card__section p { 276 margin: 0 0 0.5em 0; 277 } 278 279 .card--vuln .card__meta { 280 padding: 0 0 0 1em; 281 margin: 0; 282 font-size: 1.1em; 283 } 284 285 .card .card__meta__paths { 286 font-size: 0.9em; 287 } 288 289 .card--vuln .card__title { 290 font-size: 28px; 291 margin-top: 0; 292 } 293 294 .card--vuln .card__cta p { 295 margin: 0; 296 text-align: right; 297 } 298 299 .source-panel { 300 clear: both; 301 display: flex; 302 justify-content: flex-start; 303 flex-direction: column; 304 align-items: flex-start; 305 padding: 0.5em 0; 306 width: fit-content; 307 } 308 309 310 311 </style> 312 <style type="text/css"> 313 .metatable { 314 text-size-adjust: 100%; 315 -webkit-font-smoothing: antialiased; 316 -webkit-box-direction: normal; 317 color: inherit; 318 font-feature-settings: "pnum"; 319 box-sizing: border-box; 320 background: transparent; 321 border: 0; 322 font: inherit; 323 font-size: 100%; 324 margin: 0; 325 outline: none; 326 padding: 0; 327 text-align: left; 328 text-decoration: none; 329 vertical-align: baseline; 330 z-index: auto; 331 margin-top: 12px; 332 border-collapse: collapse; 333 border-spacing: 0; 334 font-variant-numeric: tabular-nums; 335 max-width: 51.75em; 336 } 337 338 tbody { 339 text-size-adjust: 100%; 340 -webkit-font-smoothing: antialiased; 341 -webkit-box-direction: normal; 342 color: inherit; 343 font-feature-settings: "pnum"; 344 border-collapse: collapse; 345 border-spacing: 0; 346 box-sizing: border-box; 347 background: transparent; 348 border: 0; 349 font: inherit; 350 font-size: 100%; 351 margin: 0; 352 outline: none; 353 padding: 0; 354 text-align: left; 355 text-decoration: none; 356 vertical-align: baseline; 357 z-index: auto; 358 display: flex; 359 flex-wrap: wrap; 360 } 361 362 .meta-row { 363 text-size-adjust: 100%; 364 -webkit-font-smoothing: antialiased; 365 -webkit-box-direction: normal; 366 color: inherit; 367 font-feature-settings: "pnum"; 368 border-collapse: collapse; 369 border-spacing: 0; 370 box-sizing: border-box; 371 background: transparent; 372 border: 0; 373 font: inherit; 374 font-size: 100%; 375 outline: none; 376 text-align: left; 377 text-decoration: none; 378 vertical-align: baseline; 379 z-index: auto; 380 display: flex; 381 align-items: start; 382 border-top: 1px solid #d3d3d9; 383 padding: 8px 0 0 0; 384 border-bottom: none; 385 margin: 8px; 386 width: 47.75%; 387 } 388 389 .meta-row-label { 390 text-size-adjust: 100%; 391 -webkit-font-smoothing: antialiased; 392 -webkit-box-direction: normal; 393 font-feature-settings: "pnum"; 394 border-collapse: collapse; 395 border-spacing: 0; 396 color: #4c4a73; 397 box-sizing: border-box; 398 background: transparent; 399 border: 0; 400 font: inherit; 401 margin: 0; 402 outline: none; 403 text-decoration: none; 404 z-index: auto; 405 align-self: start; 406 flex: 1; 407 font-size: 1rem; 408 line-height: 1.5rem; 409 padding: 0; 410 text-align: left; 411 vertical-align: top; 412 text-transform: none; 413 letter-spacing: 0; 414 } 415 416 .meta-row-value { 417 text-size-adjust: 100%; 418 -webkit-font-smoothing: antialiased; 419 -webkit-box-direction: normal; 420 color: inherit; 421 font-feature-settings: "pnum"; 422 border-collapse: collapse; 423 border-spacing: 0; 424 word-break: break-word; 425 box-sizing: border-box; 426 background: transparent; 427 border: 0; 428 font: inherit; 429 font-size: 100%; 430 margin: 0; 431 outline: none; 432 padding: 0; 433 text-align: right; 434 text-decoration: none; 435 vertical-align: baseline; 436 z-index: auto; 437 } 438 </style> 439 </head> 440 441 <body class="section-projects"> 442 <main class="layout-stacked"> 443 <div class="layout-stacked__header header"> 444 <header class="project__header"> 445 <div class="layout-container"> 446 <a class="brand" href="https://snyk.io" title="Snyk"> 447 <svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img"> 448 <title>Snyk - Open Source Security</title> 449 <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd"> 450 <g fill="#fff"> 451 <path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path> 452 </g> 453 </g> 454 </svg> 455 </a> 456 <div class="header-wrap"> 457 <h1 class="project__header__title">Snyk test report</h1> 458 459 <p class="timestamp">October 29th 2023, 12:27:04 am (UTC+00:00)</p> 460 </div> 461 <div class="source-panel"> 462 <span>Scanned the following path:</span> 463 <ul> 464 <li class="paths">/argo-cd/manifests/install.yaml (Kubernetes)</li> 465 </ul> 466 </div> 467 468 <div class="meta-counts"> 469 <div class="meta-count"><span>41</span> <span>total issues</span></div> 470 </div><!-- .meta-counts --> 471 </div><!-- .layout-container--short --> 472 </header><!-- .project__header --> 473 </div><!-- .layout-stacked__header --> 474 475 <section class="layout-container"> 476 <table class="metatable"> 477 <tbody> 478 <tr class="meta-row"><th class="meta-row-label">Project</th> <td class="meta-row-value">manifests/install.yaml</td></tr> 479 <tr class="meta-row"><th class="meta-row-label">Path</th> <td class="meta-row-value">/argo-cd/manifests/install.yaml</td></tr> 480 <tr class="meta-row"><th class="meta-row-label">Project Type</th> <td class="meta-row-value">Kubernetes</td></tr> 481 </tbody> 482 </table> 483 </section> <div class="layout-container" style="padding-top: 35px;"> 484 <div class="cards--vuln filter--patch filter--ignore"> 485 <div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium"> 486 <h2 class="card__title">Role with dangerous permissions</h2> 487 <div class="card__section"> 488 489 <div class="label label--medium"> 490 <span class="label__text">medium severity</span> 491 </div> 492 493 <hr/> 494 495 <ul class="card__meta"> 496 <li class="card__meta__item"> 497 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 498 </li> 499 500 <li class="card__meta__item">Introduced through: 501 [DocId: 10] 502 <span class="list-paths__item__arrow">›</span> 503 rules[0] 504 <span class="list-paths__item__arrow">›</span> 505 resources 506 507 </li> 508 509 <li class="card__meta__item"> 510 Line number: 16324 511 </li> 512 </ul> 513 514 <hr/> 515 516 <h2>Impact</h2> 517 <p>Using this role grants dangerous permissions</p> 518 519 <h2>Remediation</h2> 520 <p>Consider removing this permissions</p> 521 522 523 <hr/> 524 </div><!-- .card__section --> 525 526 <div class="cta card__cta"> 527 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p> 528 </div> 529 530 </div><!-- .card --> 531 <div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium"> 532 <h2 class="card__title">Role with dangerous permissions</h2> 533 <div class="card__section"> 534 535 <div class="label label--medium"> 536 <span class="label__text">medium severity</span> 537 </div> 538 539 <hr/> 540 541 <ul class="card__meta"> 542 <li class="card__meta__item"> 543 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 544 </li> 545 546 <li class="card__meta__item">Introduced through: 547 [DocId: 11] 548 <span class="list-paths__item__arrow">›</span> 549 rules[4] 550 <span class="list-paths__item__arrow">›</span> 551 resources 552 553 </li> 554 555 <li class="card__meta__item"> 556 Line number: 16401 557 </li> 558 </ul> 559 560 <hr/> 561 562 <h2>Impact</h2> 563 <p>Using this role grants dangerous permissions</p> 564 565 <h2>Remediation</h2> 566 <p>Consider removing this permissions</p> 567 568 569 <hr/> 570 </div><!-- .card__section --> 571 572 <div class="cta card__cta"> 573 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p> 574 </div> 575 576 </div><!-- .card --> 577 <div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium"> 578 <h2 class="card__title">Role with dangerous permissions</h2> 579 <div class="card__section"> 580 581 <div class="label label--medium"> 582 <span class="label__text">medium severity</span> 583 </div> 584 585 <hr/> 586 587 <ul class="card__meta"> 588 <li class="card__meta__item"> 589 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 590 </li> 591 592 <li class="card__meta__item">Introduced through: 593 [DocId: 12] 594 <span class="list-paths__item__arrow">›</span> 595 rules[0] 596 <span class="list-paths__item__arrow">›</span> 597 resources 598 599 </li> 600 601 <li class="card__meta__item"> 602 Line number: 16429 603 </li> 604 </ul> 605 606 <hr/> 607 608 <h2>Impact</h2> 609 <p>Using this role grants dangerous permissions</p> 610 611 <h2>Remediation</h2> 612 <p>Consider removing this permissions</p> 613 614 615 <hr/> 616 </div><!-- .card__section --> 617 618 <div class="cta card__cta"> 619 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p> 620 </div> 621 622 </div><!-- .card --> 623 <div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium"> 624 <h2 class="card__title">Role with dangerous permissions</h2> 625 <div class="card__section"> 626 627 <div class="label label--medium"> 628 <span class="label__text">medium severity</span> 629 </div> 630 631 <hr/> 632 633 <ul class="card__meta"> 634 <li class="card__meta__item"> 635 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 636 </li> 637 638 <li class="card__meta__item">Introduced through: 639 [DocId: 13] 640 <span class="list-paths__item__arrow">›</span> 641 rules[3] 642 <span class="list-paths__item__arrow">›</span> 643 resources 644 645 </li> 646 647 <li class="card__meta__item"> 648 Line number: 16477 649 </li> 650 </ul> 651 652 <hr/> 653 654 <h2>Impact</h2> 655 <p>Using this role grants dangerous permissions</p> 656 657 <h2>Remediation</h2> 658 <p>Consider removing this permissions</p> 659 660 661 <hr/> 662 </div><!-- .card__section --> 663 664 <div class="cta card__cta"> 665 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p> 666 </div> 667 668 </div><!-- .card --> 669 <div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium"> 670 <h2 class="card__title">Role with dangerous permissions</h2> 671 <div class="card__section"> 672 673 <div class="label label--medium"> 674 <span class="label__text">medium severity</span> 675 </div> 676 677 <hr/> 678 679 <ul class="card__meta"> 680 <li class="card__meta__item"> 681 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 682 </li> 683 684 <li class="card__meta__item">Introduced through: 685 [DocId: 13] 686 <span class="list-paths__item__arrow">›</span> 687 rules[1] 688 <span class="list-paths__item__arrow">›</span> 689 resources 690 691 </li> 692 693 <li class="card__meta__item"> 694 Line number: 16459 695 </li> 696 </ul> 697 698 <hr/> 699 700 <h2>Impact</h2> 701 <p>Using this role grants dangerous permissions</p> 702 703 <h2>Remediation</h2> 704 <p>Consider removing this permissions</p> 705 706 707 <hr/> 708 </div><!-- .card__section --> 709 710 <div class="cta card__cta"> 711 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p> 712 </div> 713 714 </div><!-- .card --> 715 <div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium"> 716 <h2 class="card__title">Role with dangerous permissions</h2> 717 <div class="card__section"> 718 719 <div class="label label--medium"> 720 <span class="label__text">medium severity</span> 721 </div> 722 723 <hr/> 724 725 <ul class="card__meta"> 726 <li class="card__meta__item"> 727 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 728 </li> 729 730 <li class="card__meta__item">Introduced through: 731 [DocId: 14] 732 <span class="list-paths__item__arrow">›</span> 733 rules[0] 734 <span class="list-paths__item__arrow">›</span> 735 resources 736 737 </li> 738 739 <li class="card__meta__item"> 740 Line number: 16493 741 </li> 742 </ul> 743 744 <hr/> 745 746 <h2>Impact</h2> 747 <p>Using this role grants dangerous permissions</p> 748 749 <h2>Remediation</h2> 750 <p>Consider removing this permissions</p> 751 752 753 <hr/> 754 </div><!-- .card__section --> 755 756 <div class="cta card__cta"> 757 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p> 758 </div> 759 760 </div><!-- .card --> 761 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 762 <h2 class="card__title">Container could be running with outdated image</h2> 763 <div class="card__section"> 764 765 <div class="label label--low"> 766 <span class="label__text">low severity</span> 767 </div> 768 769 <hr/> 770 771 <ul class="card__meta"> 772 <li class="card__meta__item"> 773 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-42">SNYK-CC-K8S-42</a> 774 </li> 775 776 <li class="card__meta__item">Introduced through: 777 [DocId: 46] 778 <span class="list-paths__item__arrow">›</span> 779 spec 780 <span class="list-paths__item__arrow">›</span> 781 template 782 <span class="list-paths__item__arrow">›</span> 783 spec 784 <span class="list-paths__item__arrow">›</span> 785 initContainers[copyutil] 786 <span class="list-paths__item__arrow">›</span> 787 imagePullPolicy 788 789 </li> 790 791 <li class="card__meta__item"> 792 Line number: 17530 793 </li> 794 </ul> 795 796 <hr/> 797 798 <h2>Impact</h2> 799 <p>The container may run with outdated or unauthorized image</p> 800 801 <h2>Remediation</h2> 802 <p>Set `imagePullPolicy` attribute to `Always`</p> 803 804 805 <hr/> 806 </div><!-- .card__section --> 807 808 <div class="cta card__cta"> 809 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-42">More about this issue</a></p> 810 </div> 811 812 </div><!-- .card --> 813 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 814 <h2 class="card__title">Container has no CPU limit</h2> 815 <div class="card__section"> 816 817 <div class="label label--low"> 818 <span class="label__text">low severity</span> 819 </div> 820 821 <hr/> 822 823 <ul class="card__meta"> 824 <li class="card__meta__item"> 825 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 826 </li> 827 828 <li class="card__meta__item">Introduced through: 829 [DocId: 42] 830 <span class="list-paths__item__arrow">›</span> 831 input 832 <span class="list-paths__item__arrow">›</span> 833 spec 834 <span class="list-paths__item__arrow">›</span> 835 template 836 <span class="list-paths__item__arrow">›</span> 837 spec 838 <span class="list-paths__item__arrow">›</span> 839 containers[argocd-applicationset-controller] 840 <span class="list-paths__item__arrow">›</span> 841 resources 842 <span class="list-paths__item__arrow">›</span> 843 limits 844 <span class="list-paths__item__arrow">›</span> 845 cpu 846 847 </li> 848 849 <li class="card__meta__item"> 850 Line number: 16980 851 </li> 852 </ul> 853 854 <hr/> 855 856 <h2>Impact</h2> 857 <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p> 858 859 <h2>Remediation</h2> 860 <p>Add `resources.limits.cpu` field with required CPU limit value</p> 861 862 863 <hr/> 864 </div><!-- .card__section --> 865 866 <div class="cta card__cta"> 867 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p> 868 </div> 869 870 </div><!-- .card --> 871 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 872 <h2 class="card__title">Container has no CPU limit</h2> 873 <div class="card__section"> 874 875 <div class="label label--low"> 876 <span class="label__text">low severity</span> 877 </div> 878 879 <hr/> 880 881 <ul class="card__meta"> 882 <li class="card__meta__item"> 883 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 884 </li> 885 886 <li class="card__meta__item">Introduced through: 887 [DocId: 43] 888 <span class="list-paths__item__arrow">›</span> 889 input 890 <span class="list-paths__item__arrow">›</span> 891 spec 892 <span class="list-paths__item__arrow">›</span> 893 template 894 <span class="list-paths__item__arrow">›</span> 895 spec 896 <span class="list-paths__item__arrow">›</span> 897 initContainers[copyutil] 898 <span class="list-paths__item__arrow">›</span> 899 resources 900 <span class="list-paths__item__arrow">›</span> 901 limits 902 <span class="list-paths__item__arrow">›</span> 903 cpu 904 905 </li> 906 907 <li class="card__meta__item"> 908 Line number: 17152 909 </li> 910 </ul> 911 912 <hr/> 913 914 <h2>Impact</h2> 915 <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p> 916 917 <h2>Remediation</h2> 918 <p>Add `resources.limits.cpu` field with required CPU limit value</p> 919 920 921 <hr/> 922 </div><!-- .card__section --> 923 924 <div class="cta card__cta"> 925 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p> 926 </div> 927 928 </div><!-- .card --> 929 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 930 <h2 class="card__title">Container has no CPU limit</h2> 931 <div class="card__section"> 932 933 <div class="label label--low"> 934 <span class="label__text">low severity</span> 935 </div> 936 937 <hr/> 938 939 <ul class="card__meta"> 940 <li class="card__meta__item"> 941 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 942 </li> 943 944 <li class="card__meta__item">Introduced through: 945 [DocId: 43] 946 <span class="list-paths__item__arrow">›</span> 947 input 948 <span class="list-paths__item__arrow">›</span> 949 spec 950 <span class="list-paths__item__arrow">›</span> 951 template 952 <span class="list-paths__item__arrow">›</span> 953 spec 954 <span class="list-paths__item__arrow">›</span> 955 containers[dex] 956 <span class="list-paths__item__arrow">›</span> 957 resources 958 <span class="list-paths__item__arrow">›</span> 959 limits 960 <span class="list-paths__item__arrow">›</span> 961 cpu 962 963 </li> 964 965 <li class="card__meta__item"> 966 Line number: 17118 967 </li> 968 </ul> 969 970 <hr/> 971 972 <h2>Impact</h2> 973 <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p> 974 975 <h2>Remediation</h2> 976 <p>Add `resources.limits.cpu` field with required CPU limit value</p> 977 978 979 <hr/> 980 </div><!-- .card__section --> 981 982 <div class="cta card__cta"> 983 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p> 984 </div> 985 986 </div><!-- .card --> 987 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 988 <h2 class="card__title">Container has no CPU limit</h2> 989 <div class="card__section"> 990 991 <div class="label label--low"> 992 <span class="label__text">low severity</span> 993 </div> 994 995 <hr/> 996 997 <ul class="card__meta"> 998 <li class="card__meta__item"> 999 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 1000 </li> 1001 1002 <li class="card__meta__item">Introduced through: 1003 [DocId: 44] 1004 <span class="list-paths__item__arrow">›</span> 1005 input 1006 <span class="list-paths__item__arrow">›</span> 1007 spec 1008 <span class="list-paths__item__arrow">›</span> 1009 template 1010 <span class="list-paths__item__arrow">›</span> 1011 spec 1012 <span class="list-paths__item__arrow">›</span> 1013 containers[argocd-notifications-controller] 1014 <span class="list-paths__item__arrow">›</span> 1015 resources 1016 <span class="list-paths__item__arrow">›</span> 1017 limits 1018 <span class="list-paths__item__arrow">›</span> 1019 cpu 1020 1021 </li> 1022 1023 <li class="card__meta__item"> 1024 Line number: 17212 1025 </li> 1026 </ul> 1027 1028 <hr/> 1029 1030 <h2>Impact</h2> 1031 <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p> 1032 1033 <h2>Remediation</h2> 1034 <p>Add `resources.limits.cpu` field with required CPU limit value</p> 1035 1036 1037 <hr/> 1038 </div><!-- .card__section --> 1039 1040 <div class="cta card__cta"> 1041 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p> 1042 </div> 1043 1044 </div><!-- .card --> 1045 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1046 <h2 class="card__title">Container has no CPU limit</h2> 1047 <div class="card__section"> 1048 1049 <div class="label label--low"> 1050 <span class="label__text">low severity</span> 1051 </div> 1052 1053 <hr/> 1054 1055 <ul class="card__meta"> 1056 <li class="card__meta__item"> 1057 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 1058 </li> 1059 1060 <li class="card__meta__item">Introduced through: 1061 [DocId: 45] 1062 <span class="list-paths__item__arrow">›</span> 1063 input 1064 <span class="list-paths__item__arrow">›</span> 1065 spec 1066 <span class="list-paths__item__arrow">›</span> 1067 template 1068 <span class="list-paths__item__arrow">›</span> 1069 spec 1070 <span class="list-paths__item__arrow">›</span> 1071 containers[redis] 1072 <span class="list-paths__item__arrow">›</span> 1073 resources 1074 <span class="list-paths__item__arrow">›</span> 1075 limits 1076 <span class="list-paths__item__arrow">›</span> 1077 cpu 1078 1079 </li> 1080 1081 <li class="card__meta__item"> 1082 Line number: 17286 1083 </li> 1084 </ul> 1085 1086 <hr/> 1087 1088 <h2>Impact</h2> 1089 <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p> 1090 1091 <h2>Remediation</h2> 1092 <p>Add `resources.limits.cpu` field with required CPU limit value</p> 1093 1094 1095 <hr/> 1096 </div><!-- .card__section --> 1097 1098 <div class="cta card__cta"> 1099 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p> 1100 </div> 1101 1102 </div><!-- .card --> 1103 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1104 <h2 class="card__title">Container has no CPU limit</h2> 1105 <div class="card__section"> 1106 1107 <div class="label label--low"> 1108 <span class="label__text">low severity</span> 1109 </div> 1110 1111 <hr/> 1112 1113 <ul class="card__meta"> 1114 <li class="card__meta__item"> 1115 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 1116 </li> 1117 1118 <li class="card__meta__item">Introduced through: 1119 [DocId: 46] 1120 <span class="list-paths__item__arrow">›</span> 1121 input 1122 <span class="list-paths__item__arrow">›</span> 1123 spec 1124 <span class="list-paths__item__arrow">›</span> 1125 template 1126 <span class="list-paths__item__arrow">›</span> 1127 spec 1128 <span class="list-paths__item__arrow">›</span> 1129 initContainers[copyutil] 1130 <span class="list-paths__item__arrow">›</span> 1131 resources 1132 <span class="list-paths__item__arrow">›</span> 1133 limits 1134 <span class="list-paths__item__arrow">›</span> 1135 cpu 1136 1137 </li> 1138 1139 <li class="card__meta__item"> 1140 Line number: 17530 1141 </li> 1142 </ul> 1143 1144 <hr/> 1145 1146 <h2>Impact</h2> 1147 <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p> 1148 1149 <h2>Remediation</h2> 1150 <p>Add `resources.limits.cpu` field with required CPU limit value</p> 1151 1152 1153 <hr/> 1154 </div><!-- .card__section --> 1155 1156 <div class="cta card__cta"> 1157 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p> 1158 </div> 1159 1160 </div><!-- .card --> 1161 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1162 <h2 class="card__title">Container has no CPU limit</h2> 1163 <div class="card__section"> 1164 1165 <div class="label label--low"> 1166 <span class="label__text">low severity</span> 1167 </div> 1168 1169 <hr/> 1170 1171 <ul class="card__meta"> 1172 <li class="card__meta__item"> 1173 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 1174 </li> 1175 1176 <li class="card__meta__item">Introduced through: 1177 [DocId: 46] 1178 <span class="list-paths__item__arrow">›</span> 1179 input 1180 <span class="list-paths__item__arrow">›</span> 1181 spec 1182 <span class="list-paths__item__arrow">›</span> 1183 template 1184 <span class="list-paths__item__arrow">›</span> 1185 spec 1186 <span class="list-paths__item__arrow">›</span> 1187 containers[argocd-repo-server] 1188 <span class="list-paths__item__arrow">›</span> 1189 resources 1190 <span class="list-paths__item__arrow">›</span> 1191 limits 1192 <span class="list-paths__item__arrow">›</span> 1193 cpu 1194 1195 </li> 1196 1197 <li class="card__meta__item"> 1198 Line number: 17342 1199 </li> 1200 </ul> 1201 1202 <hr/> 1203 1204 <h2>Impact</h2> 1205 <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p> 1206 1207 <h2>Remediation</h2> 1208 <p>Add `resources.limits.cpu` field with required CPU limit value</p> 1209 1210 1211 <hr/> 1212 </div><!-- .card__section --> 1213 1214 <div class="cta card__cta"> 1215 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p> 1216 </div> 1217 1218 </div><!-- .card --> 1219 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1220 <h2 class="card__title">Container has no CPU limit</h2> 1221 <div class="card__section"> 1222 1223 <div class="label label--low"> 1224 <span class="label__text">low severity</span> 1225 </div> 1226 1227 <hr/> 1228 1229 <ul class="card__meta"> 1230 <li class="card__meta__item"> 1231 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 1232 </li> 1233 1234 <li class="card__meta__item">Introduced through: 1235 [DocId: 47] 1236 <span class="list-paths__item__arrow">›</span> 1237 input 1238 <span class="list-paths__item__arrow">›</span> 1239 spec 1240 <span class="list-paths__item__arrow">›</span> 1241 template 1242 <span class="list-paths__item__arrow">›</span> 1243 spec 1244 <span class="list-paths__item__arrow">›</span> 1245 containers[argocd-server] 1246 <span class="list-paths__item__arrow">›</span> 1247 resources 1248 <span class="list-paths__item__arrow">›</span> 1249 limits 1250 <span class="list-paths__item__arrow">›</span> 1251 cpu 1252 1253 </li> 1254 1255 <li class="card__meta__item"> 1256 Line number: 17615 1257 </li> 1258 </ul> 1259 1260 <hr/> 1261 1262 <h2>Impact</h2> 1263 <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p> 1264 1265 <h2>Remediation</h2> 1266 <p>Add `resources.limits.cpu` field with required CPU limit value</p> 1267 1268 1269 <hr/> 1270 </div><!-- .card__section --> 1271 1272 <div class="cta card__cta"> 1273 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p> 1274 </div> 1275 1276 </div><!-- .card --> 1277 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1278 <h2 class="card__title">Container has no CPU limit</h2> 1279 <div class="card__section"> 1280 1281 <div class="label label--low"> 1282 <span class="label__text">low severity</span> 1283 </div> 1284 1285 <hr/> 1286 1287 <ul class="card__meta"> 1288 <li class="card__meta__item"> 1289 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 1290 </li> 1291 1292 <li class="card__meta__item">Introduced through: 1293 [DocId: 48] 1294 <span class="list-paths__item__arrow">›</span> 1295 input 1296 <span class="list-paths__item__arrow">›</span> 1297 spec 1298 <span class="list-paths__item__arrow">›</span> 1299 template 1300 <span class="list-paths__item__arrow">›</span> 1301 spec 1302 <span class="list-paths__item__arrow">›</span> 1303 containers[argocd-application-controller] 1304 <span class="list-paths__item__arrow">›</span> 1305 resources 1306 <span class="list-paths__item__arrow">›</span> 1307 limits 1308 <span class="list-paths__item__arrow">›</span> 1309 cpu 1310 1311 </li> 1312 1313 <li class="card__meta__item"> 1314 Line number: 17919 1315 </li> 1316 </ul> 1317 1318 <hr/> 1319 1320 <h2>Impact</h2> 1321 <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p> 1322 1323 <h2>Remediation</h2> 1324 <p>Add `resources.limits.cpu` field with required CPU limit value</p> 1325 1326 1327 <hr/> 1328 </div><!-- .card__section --> 1329 1330 <div class="cta card__cta"> 1331 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p> 1332 </div> 1333 1334 </div><!-- .card --> 1335 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1336 <h2 class="card__title">Container is running with multiple open ports</h2> 1337 <div class="card__section"> 1338 1339 <div class="label label--low"> 1340 <span class="label__text">low severity</span> 1341 </div> 1342 1343 <hr/> 1344 1345 <ul class="card__meta"> 1346 <li class="card__meta__item"> 1347 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-36">SNYK-CC-K8S-36</a> 1348 </li> 1349 1350 <li class="card__meta__item">Introduced through: 1351 [DocId: 43] 1352 <span class="list-paths__item__arrow">›</span> 1353 spec 1354 <span class="list-paths__item__arrow">›</span> 1355 template 1356 <span class="list-paths__item__arrow">›</span> 1357 spec 1358 <span class="list-paths__item__arrow">›</span> 1359 containers[dex] 1360 <span class="list-paths__item__arrow">›</span> 1361 ports 1362 1363 </li> 1364 1365 <li class="card__meta__item"> 1366 Line number: 17132 1367 </li> 1368 </ul> 1369 1370 <hr/> 1371 1372 <h2>Impact</h2> 1373 <p>Increases the attack surface of the application and the container.</p> 1374 1375 <h2>Remediation</h2> 1376 <p>Reduce `ports` count to 2</p> 1377 1378 1379 <hr/> 1380 </div><!-- .card__section --> 1381 1382 <div class="cta card__cta"> 1383 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-36">More about this issue</a></p> 1384 </div> 1385 1386 </div><!-- .card --> 1387 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1388 <h2 class="card__title">Container is running with writable root filesystem</h2> 1389 <div class="card__section"> 1390 1391 <div class="label label--low"> 1392 <span class="label__text">low severity</span> 1393 </div> 1394 1395 <hr/> 1396 1397 <ul class="card__meta"> 1398 <li class="card__meta__item"> 1399 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-8">SNYK-CC-K8S-8</a> 1400 </li> 1401 1402 <li class="card__meta__item">Introduced through: 1403 [DocId: 45] 1404 <span class="list-paths__item__arrow">›</span> 1405 spec 1406 <span class="list-paths__item__arrow">›</span> 1407 template 1408 <span class="list-paths__item__arrow">›</span> 1409 spec 1410 <span class="list-paths__item__arrow">›</span> 1411 containers[redis] 1412 <span class="list-paths__item__arrow">›</span> 1413 securityContext 1414 <span class="list-paths__item__arrow">›</span> 1415 readOnlyRootFilesystem 1416 1417 </li> 1418 1419 <li class="card__meta__item"> 1420 Line number: 17296 1421 </li> 1422 </ul> 1423 1424 <hr/> 1425 1426 <h2>Impact</h2> 1427 <p>Compromised process could abuse writable root filesystem to elevate privileges</p> 1428 1429 <h2>Remediation</h2> 1430 <p>Set `spec.{containers, initContainers}.securityContext.readOnlyRootFilesystem` to `true`</p> 1431 1432 1433 <hr/> 1434 </div><!-- .card__section --> 1435 1436 <div class="cta card__cta"> 1437 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-8">More about this issue</a></p> 1438 </div> 1439 1440 </div><!-- .card --> 1441 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1442 <h2 class="card__title">Container is running without liveness probe</h2> 1443 <div class="card__section"> 1444 1445 <div class="label label--low"> 1446 <span class="label__text">low severity</span> 1447 </div> 1448 1449 <hr/> 1450 1451 <ul class="card__meta"> 1452 <li class="card__meta__item"> 1453 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">SNYK-CC-K8S-41</a> 1454 </li> 1455 1456 <li class="card__meta__item">Introduced through: 1457 [DocId: 42] 1458 <span class="list-paths__item__arrow">›</span> 1459 spec 1460 <span class="list-paths__item__arrow">›</span> 1461 template 1462 <span class="list-paths__item__arrow">›</span> 1463 spec 1464 <span class="list-paths__item__arrow">›</span> 1465 containers[argocd-applicationset-controller] 1466 <span class="list-paths__item__arrow">›</span> 1467 livenessProbe 1468 1469 </li> 1470 1471 <li class="card__meta__item"> 1472 Line number: 16980 1473 </li> 1474 </ul> 1475 1476 <hr/> 1477 1478 <h2>Impact</h2> 1479 <p>Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods</p> 1480 1481 <h2>Remediation</h2> 1482 <p>Add `livenessProbe` attribute</p> 1483 1484 1485 <hr/> 1486 </div><!-- .card__section --> 1487 1488 <div class="cta card__cta"> 1489 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">More about this issue</a></p> 1490 </div> 1491 1492 </div><!-- .card --> 1493 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1494 <h2 class="card__title">Container is running without liveness probe</h2> 1495 <div class="card__section"> 1496 1497 <div class="label label--low"> 1498 <span class="label__text">low severity</span> 1499 </div> 1500 1501 <hr/> 1502 1503 <ul class="card__meta"> 1504 <li class="card__meta__item"> 1505 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">SNYK-CC-K8S-41</a> 1506 </li> 1507 1508 <li class="card__meta__item">Introduced through: 1509 [DocId: 43] 1510 <span class="list-paths__item__arrow">›</span> 1511 spec 1512 <span class="list-paths__item__arrow">›</span> 1513 template 1514 <span class="list-paths__item__arrow">›</span> 1515 spec 1516 <span class="list-paths__item__arrow">›</span> 1517 initContainers[copyutil] 1518 <span class="list-paths__item__arrow">›</span> 1519 livenessProbe 1520 1521 </li> 1522 1523 <li class="card__meta__item"> 1524 Line number: 17152 1525 </li> 1526 </ul> 1527 1528 <hr/> 1529 1530 <h2>Impact</h2> 1531 <p>Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods</p> 1532 1533 <h2>Remediation</h2> 1534 <p>Add `livenessProbe` attribute</p> 1535 1536 1537 <hr/> 1538 </div><!-- .card__section --> 1539 1540 <div class="cta card__cta"> 1541 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">More about this issue</a></p> 1542 </div> 1543 1544 </div><!-- .card --> 1545 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1546 <h2 class="card__title">Container is running without liveness probe</h2> 1547 <div class="card__section"> 1548 1549 <div class="label label--low"> 1550 <span class="label__text">low severity</span> 1551 </div> 1552 1553 <hr/> 1554 1555 <ul class="card__meta"> 1556 <li class="card__meta__item"> 1557 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">SNYK-CC-K8S-41</a> 1558 </li> 1559 1560 <li class="card__meta__item">Introduced through: 1561 [DocId: 43] 1562 <span class="list-paths__item__arrow">›</span> 1563 spec 1564 <span class="list-paths__item__arrow">›</span> 1565 template 1566 <span class="list-paths__item__arrow">›</span> 1567 spec 1568 <span class="list-paths__item__arrow">›</span> 1569 containers[dex] 1570 <span class="list-paths__item__arrow">›</span> 1571 livenessProbe 1572 1573 </li> 1574 1575 <li class="card__meta__item"> 1576 Line number: 17118 1577 </li> 1578 </ul> 1579 1580 <hr/> 1581 1582 <h2>Impact</h2> 1583 <p>Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods</p> 1584 1585 <h2>Remediation</h2> 1586 <p>Add `livenessProbe` attribute</p> 1587 1588 1589 <hr/> 1590 </div><!-- .card__section --> 1591 1592 <div class="cta card__cta"> 1593 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">More about this issue</a></p> 1594 </div> 1595 1596 </div><!-- .card --> 1597 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1598 <h2 class="card__title">Container is running without liveness probe</h2> 1599 <div class="card__section"> 1600 1601 <div class="label label--low"> 1602 <span class="label__text">low severity</span> 1603 </div> 1604 1605 <hr/> 1606 1607 <ul class="card__meta"> 1608 <li class="card__meta__item"> 1609 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">SNYK-CC-K8S-41</a> 1610 </li> 1611 1612 <li class="card__meta__item">Introduced through: 1613 [DocId: 45] 1614 <span class="list-paths__item__arrow">›</span> 1615 spec 1616 <span class="list-paths__item__arrow">›</span> 1617 template 1618 <span class="list-paths__item__arrow">›</span> 1619 spec 1620 <span class="list-paths__item__arrow">›</span> 1621 containers[redis] 1622 <span class="list-paths__item__arrow">›</span> 1623 livenessProbe 1624 1625 </li> 1626 1627 <li class="card__meta__item"> 1628 Line number: 17286 1629 </li> 1630 </ul> 1631 1632 <hr/> 1633 1634 <h2>Impact</h2> 1635 <p>Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods</p> 1636 1637 <h2>Remediation</h2> 1638 <p>Add `livenessProbe` attribute</p> 1639 1640 1641 <hr/> 1642 </div><!-- .card__section --> 1643 1644 <div class="cta card__cta"> 1645 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">More about this issue</a></p> 1646 </div> 1647 1648 </div><!-- .card --> 1649 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1650 <h2 class="card__title">Container is running without liveness probe</h2> 1651 <div class="card__section"> 1652 1653 <div class="label label--low"> 1654 <span class="label__text">low severity</span> 1655 </div> 1656 1657 <hr/> 1658 1659 <ul class="card__meta"> 1660 <li class="card__meta__item"> 1661 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">SNYK-CC-K8S-41</a> 1662 </li> 1663 1664 <li class="card__meta__item">Introduced through: 1665 [DocId: 46] 1666 <span class="list-paths__item__arrow">›</span> 1667 spec 1668 <span class="list-paths__item__arrow">›</span> 1669 template 1670 <span class="list-paths__item__arrow">›</span> 1671 spec 1672 <span class="list-paths__item__arrow">›</span> 1673 initContainers[copyutil] 1674 <span class="list-paths__item__arrow">›</span> 1675 livenessProbe 1676 1677 </li> 1678 1679 <li class="card__meta__item"> 1680 Line number: 17530 1681 </li> 1682 </ul> 1683 1684 <hr/> 1685 1686 <h2>Impact</h2> 1687 <p>Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods</p> 1688 1689 <h2>Remediation</h2> 1690 <p>Add `livenessProbe` attribute</p> 1691 1692 1693 <hr/> 1694 </div><!-- .card__section --> 1695 1696 <div class="cta card__cta"> 1697 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">More about this issue</a></p> 1698 </div> 1699 1700 </div><!-- .card --> 1701 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1702 <h2 class="card__title">Container is running without memory limit</h2> 1703 <div class="card__section"> 1704 1705 <div class="label label--low"> 1706 <span class="label__text">low severity</span> 1707 </div> 1708 1709 <hr/> 1710 1711 <ul class="card__meta"> 1712 <li class="card__meta__item"> 1713 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 1714 </li> 1715 1716 <li class="card__meta__item">Introduced through: 1717 [DocId: 42] 1718 <span class="list-paths__item__arrow">›</span> 1719 input 1720 <span class="list-paths__item__arrow">›</span> 1721 spec 1722 <span class="list-paths__item__arrow">›</span> 1723 template 1724 <span class="list-paths__item__arrow">›</span> 1725 spec 1726 <span class="list-paths__item__arrow">›</span> 1727 containers[argocd-applicationset-controller] 1728 <span class="list-paths__item__arrow">›</span> 1729 resources 1730 <span class="list-paths__item__arrow">›</span> 1731 limits 1732 <span class="list-paths__item__arrow">›</span> 1733 memory 1734 1735 </li> 1736 1737 <li class="card__meta__item"> 1738 Line number: 16980 1739 </li> 1740 </ul> 1741 1742 <hr/> 1743 1744 <h2>Impact</h2> 1745 <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p> 1746 1747 <h2>Remediation</h2> 1748 <p>Set `resources.limits.memory` value</p> 1749 1750 1751 <hr/> 1752 </div><!-- .card__section --> 1753 1754 <div class="cta card__cta"> 1755 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p> 1756 </div> 1757 1758 </div><!-- .card --> 1759 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1760 <h2 class="card__title">Container is running without memory limit</h2> 1761 <div class="card__section"> 1762 1763 <div class="label label--low"> 1764 <span class="label__text">low severity</span> 1765 </div> 1766 1767 <hr/> 1768 1769 <ul class="card__meta"> 1770 <li class="card__meta__item"> 1771 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 1772 </li> 1773 1774 <li class="card__meta__item">Introduced through: 1775 [DocId: 43] 1776 <span class="list-paths__item__arrow">›</span> 1777 input 1778 <span class="list-paths__item__arrow">›</span> 1779 spec 1780 <span class="list-paths__item__arrow">›</span> 1781 template 1782 <span class="list-paths__item__arrow">›</span> 1783 spec 1784 <span class="list-paths__item__arrow">›</span> 1785 containers[dex] 1786 <span class="list-paths__item__arrow">›</span> 1787 resources 1788 <span class="list-paths__item__arrow">›</span> 1789 limits 1790 <span class="list-paths__item__arrow">›</span> 1791 memory 1792 1793 </li> 1794 1795 <li class="card__meta__item"> 1796 Line number: 17118 1797 </li> 1798 </ul> 1799 1800 <hr/> 1801 1802 <h2>Impact</h2> 1803 <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p> 1804 1805 <h2>Remediation</h2> 1806 <p>Set `resources.limits.memory` value</p> 1807 1808 1809 <hr/> 1810 </div><!-- .card__section --> 1811 1812 <div class="cta card__cta"> 1813 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p> 1814 </div> 1815 1816 </div><!-- .card --> 1817 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1818 <h2 class="card__title">Container is running without memory limit</h2> 1819 <div class="card__section"> 1820 1821 <div class="label label--low"> 1822 <span class="label__text">low severity</span> 1823 </div> 1824 1825 <hr/> 1826 1827 <ul class="card__meta"> 1828 <li class="card__meta__item"> 1829 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 1830 </li> 1831 1832 <li class="card__meta__item">Introduced through: 1833 [DocId: 43] 1834 <span class="list-paths__item__arrow">›</span> 1835 input 1836 <span class="list-paths__item__arrow">›</span> 1837 spec 1838 <span class="list-paths__item__arrow">›</span> 1839 template 1840 <span class="list-paths__item__arrow">›</span> 1841 spec 1842 <span class="list-paths__item__arrow">›</span> 1843 initContainers[copyutil] 1844 <span class="list-paths__item__arrow">›</span> 1845 resources 1846 <span class="list-paths__item__arrow">›</span> 1847 limits 1848 <span class="list-paths__item__arrow">›</span> 1849 memory 1850 1851 </li> 1852 1853 <li class="card__meta__item"> 1854 Line number: 17152 1855 </li> 1856 </ul> 1857 1858 <hr/> 1859 1860 <h2>Impact</h2> 1861 <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p> 1862 1863 <h2>Remediation</h2> 1864 <p>Set `resources.limits.memory` value</p> 1865 1866 1867 <hr/> 1868 </div><!-- .card__section --> 1869 1870 <div class="cta card__cta"> 1871 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p> 1872 </div> 1873 1874 </div><!-- .card --> 1875 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1876 <h2 class="card__title">Container is running without memory limit</h2> 1877 <div class="card__section"> 1878 1879 <div class="label label--low"> 1880 <span class="label__text">low severity</span> 1881 </div> 1882 1883 <hr/> 1884 1885 <ul class="card__meta"> 1886 <li class="card__meta__item"> 1887 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 1888 </li> 1889 1890 <li class="card__meta__item">Introduced through: 1891 [DocId: 44] 1892 <span class="list-paths__item__arrow">›</span> 1893 input 1894 <span class="list-paths__item__arrow">›</span> 1895 spec 1896 <span class="list-paths__item__arrow">›</span> 1897 template 1898 <span class="list-paths__item__arrow">›</span> 1899 spec 1900 <span class="list-paths__item__arrow">›</span> 1901 containers[argocd-notifications-controller] 1902 <span class="list-paths__item__arrow">›</span> 1903 resources 1904 <span class="list-paths__item__arrow">›</span> 1905 limits 1906 <span class="list-paths__item__arrow">›</span> 1907 memory 1908 1909 </li> 1910 1911 <li class="card__meta__item"> 1912 Line number: 17212 1913 </li> 1914 </ul> 1915 1916 <hr/> 1917 1918 <h2>Impact</h2> 1919 <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p> 1920 1921 <h2>Remediation</h2> 1922 <p>Set `resources.limits.memory` value</p> 1923 1924 1925 <hr/> 1926 </div><!-- .card__section --> 1927 1928 <div class="cta card__cta"> 1929 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p> 1930 </div> 1931 1932 </div><!-- .card --> 1933 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1934 <h2 class="card__title">Container is running without memory limit</h2> 1935 <div class="card__section"> 1936 1937 <div class="label label--low"> 1938 <span class="label__text">low severity</span> 1939 </div> 1940 1941 <hr/> 1942 1943 <ul class="card__meta"> 1944 <li class="card__meta__item"> 1945 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 1946 </li> 1947 1948 <li class="card__meta__item">Introduced through: 1949 [DocId: 45] 1950 <span class="list-paths__item__arrow">›</span> 1951 input 1952 <span class="list-paths__item__arrow">›</span> 1953 spec 1954 <span class="list-paths__item__arrow">›</span> 1955 template 1956 <span class="list-paths__item__arrow">›</span> 1957 spec 1958 <span class="list-paths__item__arrow">›</span> 1959 containers[redis] 1960 <span class="list-paths__item__arrow">›</span> 1961 resources 1962 <span class="list-paths__item__arrow">›</span> 1963 limits 1964 <span class="list-paths__item__arrow">›</span> 1965 memory 1966 1967 </li> 1968 1969 <li class="card__meta__item"> 1970 Line number: 17286 1971 </li> 1972 </ul> 1973 1974 <hr/> 1975 1976 <h2>Impact</h2> 1977 <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p> 1978 1979 <h2>Remediation</h2> 1980 <p>Set `resources.limits.memory` value</p> 1981 1982 1983 <hr/> 1984 </div><!-- .card__section --> 1985 1986 <div class="cta card__cta"> 1987 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p> 1988 </div> 1989 1990 </div><!-- .card --> 1991 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1992 <h2 class="card__title">Container is running without memory limit</h2> 1993 <div class="card__section"> 1994 1995 <div class="label label--low"> 1996 <span class="label__text">low severity</span> 1997 </div> 1998 1999 <hr/> 2000 2001 <ul class="card__meta"> 2002 <li class="card__meta__item"> 2003 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 2004 </li> 2005 2006 <li class="card__meta__item">Introduced through: 2007 [DocId: 46] 2008 <span class="list-paths__item__arrow">›</span> 2009 input 2010 <span class="list-paths__item__arrow">›</span> 2011 spec 2012 <span class="list-paths__item__arrow">›</span> 2013 template 2014 <span class="list-paths__item__arrow">›</span> 2015 spec 2016 <span class="list-paths__item__arrow">›</span> 2017 initContainers[copyutil] 2018 <span class="list-paths__item__arrow">›</span> 2019 resources 2020 <span class="list-paths__item__arrow">›</span> 2021 limits 2022 <span class="list-paths__item__arrow">›</span> 2023 memory 2024 2025 </li> 2026 2027 <li class="card__meta__item"> 2028 Line number: 17530 2029 </li> 2030 </ul> 2031 2032 <hr/> 2033 2034 <h2>Impact</h2> 2035 <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p> 2036 2037 <h2>Remediation</h2> 2038 <p>Set `resources.limits.memory` value</p> 2039 2040 2041 <hr/> 2042 </div><!-- .card__section --> 2043 2044 <div class="cta card__cta"> 2045 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p> 2046 </div> 2047 2048 </div><!-- .card --> 2049 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2050 <h2 class="card__title">Container is running without memory limit</h2> 2051 <div class="card__section"> 2052 2053 <div class="label label--low"> 2054 <span class="label__text">low severity</span> 2055 </div> 2056 2057 <hr/> 2058 2059 <ul class="card__meta"> 2060 <li class="card__meta__item"> 2061 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 2062 </li> 2063 2064 <li class="card__meta__item">Introduced through: 2065 [DocId: 46] 2066 <span class="list-paths__item__arrow">›</span> 2067 input 2068 <span class="list-paths__item__arrow">›</span> 2069 spec 2070 <span class="list-paths__item__arrow">›</span> 2071 template 2072 <span class="list-paths__item__arrow">›</span> 2073 spec 2074 <span class="list-paths__item__arrow">›</span> 2075 containers[argocd-repo-server] 2076 <span class="list-paths__item__arrow">›</span> 2077 resources 2078 <span class="list-paths__item__arrow">›</span> 2079 limits 2080 <span class="list-paths__item__arrow">›</span> 2081 memory 2082 2083 </li> 2084 2085 <li class="card__meta__item"> 2086 Line number: 17342 2087 </li> 2088 </ul> 2089 2090 <hr/> 2091 2092 <h2>Impact</h2> 2093 <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p> 2094 2095 <h2>Remediation</h2> 2096 <p>Set `resources.limits.memory` value</p> 2097 2098 2099 <hr/> 2100 </div><!-- .card__section --> 2101 2102 <div class="cta card__cta"> 2103 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p> 2104 </div> 2105 2106 </div><!-- .card --> 2107 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2108 <h2 class="card__title">Container is running without memory limit</h2> 2109 <div class="card__section"> 2110 2111 <div class="label label--low"> 2112 <span class="label__text">low severity</span> 2113 </div> 2114 2115 <hr/> 2116 2117 <ul class="card__meta"> 2118 <li class="card__meta__item"> 2119 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 2120 </li> 2121 2122 <li class="card__meta__item">Introduced through: 2123 [DocId: 47] 2124 <span class="list-paths__item__arrow">›</span> 2125 input 2126 <span class="list-paths__item__arrow">›</span> 2127 spec 2128 <span class="list-paths__item__arrow">›</span> 2129 template 2130 <span class="list-paths__item__arrow">›</span> 2131 spec 2132 <span class="list-paths__item__arrow">›</span> 2133 containers[argocd-server] 2134 <span class="list-paths__item__arrow">›</span> 2135 resources 2136 <span class="list-paths__item__arrow">›</span> 2137 limits 2138 <span class="list-paths__item__arrow">›</span> 2139 memory 2140 2141 </li> 2142 2143 <li class="card__meta__item"> 2144 Line number: 17615 2145 </li> 2146 </ul> 2147 2148 <hr/> 2149 2150 <h2>Impact</h2> 2151 <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p> 2152 2153 <h2>Remediation</h2> 2154 <p>Set `resources.limits.memory` value</p> 2155 2156 2157 <hr/> 2158 </div><!-- .card__section --> 2159 2160 <div class="cta card__cta"> 2161 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p> 2162 </div> 2163 2164 </div><!-- .card --> 2165 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2166 <h2 class="card__title">Container is running without memory limit</h2> 2167 <div class="card__section"> 2168 2169 <div class="label label--low"> 2170 <span class="label__text">low severity</span> 2171 </div> 2172 2173 <hr/> 2174 2175 <ul class="card__meta"> 2176 <li class="card__meta__item"> 2177 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 2178 </li> 2179 2180 <li class="card__meta__item">Introduced through: 2181 [DocId: 48] 2182 <span class="list-paths__item__arrow">›</span> 2183 input 2184 <span class="list-paths__item__arrow">›</span> 2185 spec 2186 <span class="list-paths__item__arrow">›</span> 2187 template 2188 <span class="list-paths__item__arrow">›</span> 2189 spec 2190 <span class="list-paths__item__arrow">›</span> 2191 containers[argocd-application-controller] 2192 <span class="list-paths__item__arrow">›</span> 2193 resources 2194 <span class="list-paths__item__arrow">›</span> 2195 limits 2196 <span class="list-paths__item__arrow">›</span> 2197 memory 2198 2199 </li> 2200 2201 <li class="card__meta__item"> 2202 Line number: 17919 2203 </li> 2204 </ul> 2205 2206 <hr/> 2207 2208 <h2>Impact</h2> 2209 <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p> 2210 2211 <h2>Remediation</h2> 2212 <p>Set `resources.limits.memory` value</p> 2213 2214 2215 <hr/> 2216 </div><!-- .card__section --> 2217 2218 <div class="cta card__cta"> 2219 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p> 2220 </div> 2221 2222 </div><!-- .card --> 2223 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2224 <h2 class="card__title">Container's or Pod's UID could clash with host's UID</h2> 2225 <div class="card__section"> 2226 2227 <div class="label label--low"> 2228 <span class="label__text">low severity</span> 2229 </div> 2230 2231 <hr/> 2232 2233 <ul class="card__meta"> 2234 <li class="card__meta__item"> 2235 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 2236 </li> 2237 2238 <li class="card__meta__item">Introduced through: 2239 [DocId: 42] 2240 <span class="list-paths__item__arrow">›</span> 2241 input 2242 <span class="list-paths__item__arrow">›</span> 2243 spec 2244 <span class="list-paths__item__arrow">›</span> 2245 template 2246 <span class="list-paths__item__arrow">›</span> 2247 spec 2248 <span class="list-paths__item__arrow">›</span> 2249 containers[argocd-applicationset-controller] 2250 <span class="list-paths__item__arrow">›</span> 2251 securityContext 2252 <span class="list-paths__item__arrow">›</span> 2253 runAsUser 2254 2255 </li> 2256 2257 <li class="card__meta__item"> 2258 Line number: 17055 2259 </li> 2260 </ul> 2261 2262 <hr/> 2263 2264 <h2>Impact</h2> 2265 <p>UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass</p> 2266 2267 <h2>Remediation</h2> 2268 <p>Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence</p> 2269 2270 2271 <hr/> 2272 </div><!-- .card__section --> 2273 2274 <div class="cta card__cta"> 2275 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p> 2276 </div> 2277 2278 </div><!-- .card --> 2279 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2280 <h2 class="card__title">Container's or Pod's UID could clash with host's UID</h2> 2281 <div class="card__section"> 2282 2283 <div class="label label--low"> 2284 <span class="label__text">low severity</span> 2285 </div> 2286 2287 <hr/> 2288 2289 <ul class="card__meta"> 2290 <li class="card__meta__item"> 2291 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 2292 </li> 2293 2294 <li class="card__meta__item">Introduced through: 2295 [DocId: 43] 2296 <span class="list-paths__item__arrow">›</span> 2297 input 2298 <span class="list-paths__item__arrow">›</span> 2299 spec 2300 <span class="list-paths__item__arrow">›</span> 2301 template 2302 <span class="list-paths__item__arrow">›</span> 2303 spec 2304 <span class="list-paths__item__arrow">›</span> 2305 initContainers[copyutil] 2306 <span class="list-paths__item__arrow">›</span> 2307 securityContext 2308 <span class="list-paths__item__arrow">›</span> 2309 runAsUser 2310 2311 </li> 2312 2313 <li class="card__meta__item"> 2314 Line number: 17160 2315 </li> 2316 </ul> 2317 2318 <hr/> 2319 2320 <h2>Impact</h2> 2321 <p>UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass</p> 2322 2323 <h2>Remediation</h2> 2324 <p>Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence</p> 2325 2326 2327 <hr/> 2328 </div><!-- .card__section --> 2329 2330 <div class="cta card__cta"> 2331 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p> 2332 </div> 2333 2334 </div><!-- .card --> 2335 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2336 <h2 class="card__title">Container's or Pod's UID could clash with host's UID</h2> 2337 <div class="card__section"> 2338 2339 <div class="label label--low"> 2340 <span class="label__text">low severity</span> 2341 </div> 2342 2343 <hr/> 2344 2345 <ul class="card__meta"> 2346 <li class="card__meta__item"> 2347 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 2348 </li> 2349 2350 <li class="card__meta__item">Introduced through: 2351 [DocId: 43] 2352 <span class="list-paths__item__arrow">›</span> 2353 input 2354 <span class="list-paths__item__arrow">›</span> 2355 spec 2356 <span class="list-paths__item__arrow">›</span> 2357 template 2358 <span class="list-paths__item__arrow">›</span> 2359 spec 2360 <span class="list-paths__item__arrow">›</span> 2361 containers[dex] 2362 <span class="list-paths__item__arrow">›</span> 2363 securityContext 2364 <span class="list-paths__item__arrow">›</span> 2365 runAsUser 2366 2367 </li> 2368 2369 <li class="card__meta__item"> 2370 Line number: 17135 2371 </li> 2372 </ul> 2373 2374 <hr/> 2375 2376 <h2>Impact</h2> 2377 <p>UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass</p> 2378 2379 <h2>Remediation</h2> 2380 <p>Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence</p> 2381 2382 2383 <hr/> 2384 </div><!-- .card__section --> 2385 2386 <div class="cta card__cta"> 2387 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p> 2388 </div> 2389 2390 </div><!-- .card --> 2391 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2392 <h2 class="card__title">Container's or Pod's UID could clash with host's UID</h2> 2393 <div class="card__section"> 2394 2395 <div class="label label--low"> 2396 <span class="label__text">low severity</span> 2397 </div> 2398 2399 <hr/> 2400 2401 <ul class="card__meta"> 2402 <li class="card__meta__item"> 2403 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 2404 </li> 2405 2406 <li class="card__meta__item">Introduced through: 2407 [DocId: 44] 2408 <span class="list-paths__item__arrow">›</span> 2409 input 2410 <span class="list-paths__item__arrow">›</span> 2411 spec 2412 <span class="list-paths__item__arrow">›</span> 2413 template 2414 <span class="list-paths__item__arrow">›</span> 2415 spec 2416 <span class="list-paths__item__arrow">›</span> 2417 containers[argocd-notifications-controller] 2418 <span class="list-paths__item__arrow">›</span> 2419 securityContext 2420 <span class="list-paths__item__arrow">›</span> 2421 runAsUser 2422 2423 </li> 2424 2425 <li class="card__meta__item"> 2426 Line number: 17220 2427 </li> 2428 </ul> 2429 2430 <hr/> 2431 2432 <h2>Impact</h2> 2433 <p>UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass</p> 2434 2435 <h2>Remediation</h2> 2436 <p>Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence</p> 2437 2438 2439 <hr/> 2440 </div><!-- .card__section --> 2441 2442 <div class="cta card__cta"> 2443 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p> 2444 </div> 2445 2446 </div><!-- .card --> 2447 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2448 <h2 class="card__title">Container's or Pod's UID could clash with host's UID</h2> 2449 <div class="card__section"> 2450 2451 <div class="label label--low"> 2452 <span class="label__text">low severity</span> 2453 </div> 2454 2455 <hr/> 2456 2457 <ul class="card__meta"> 2458 <li class="card__meta__item"> 2459 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 2460 </li> 2461 2462 <li class="card__meta__item">Introduced through: 2463 [DocId: 45] 2464 <span class="list-paths__item__arrow">›</span> 2465 input 2466 <span class="list-paths__item__arrow">›</span> 2467 spec 2468 <span class="list-paths__item__arrow">›</span> 2469 template 2470 <span class="list-paths__item__arrow">›</span> 2471 spec 2472 <span class="list-paths__item__arrow">›</span> 2473 containers[redis] 2474 <span class="list-paths__item__arrow">›</span> 2475 securityContext 2476 <span class="list-paths__item__arrow">›</span> 2477 runAsUser 2478 2479 </li> 2480 2481 <li class="card__meta__item"> 2482 Line number: 17296 2483 </li> 2484 </ul> 2485 2486 <hr/> 2487 2488 <h2>Impact</h2> 2489 <p>UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass</p> 2490 2491 <h2>Remediation</h2> 2492 <p>Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence</p> 2493 2494 2495 <hr/> 2496 </div><!-- .card__section --> 2497 2498 <div class="cta card__cta"> 2499 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p> 2500 </div> 2501 2502 </div><!-- .card --> 2503 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2504 <h2 class="card__title">Container's or Pod's UID could clash with host's UID</h2> 2505 <div class="card__section"> 2506 2507 <div class="label label--low"> 2508 <span class="label__text">low severity</span> 2509 </div> 2510 2511 <hr/> 2512 2513 <ul class="card__meta"> 2514 <li class="card__meta__item"> 2515 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 2516 </li> 2517 2518 <li class="card__meta__item">Introduced through: 2519 [DocId: 46] 2520 <span class="list-paths__item__arrow">›</span> 2521 input 2522 <span class="list-paths__item__arrow">›</span> 2523 spec 2524 <span class="list-paths__item__arrow">›</span> 2525 template 2526 <span class="list-paths__item__arrow">›</span> 2527 spec 2528 <span class="list-paths__item__arrow">›</span> 2529 initContainers[copyutil] 2530 <span class="list-paths__item__arrow">›</span> 2531 securityContext 2532 <span class="list-paths__item__arrow">›</span> 2533 runAsUser 2534 2535 </li> 2536 2537 <li class="card__meta__item"> 2538 Line number: 17537 2539 </li> 2540 </ul> 2541 2542 <hr/> 2543 2544 <h2>Impact</h2> 2545 <p>UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass</p> 2546 2547 <h2>Remediation</h2> 2548 <p>Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence</p> 2549 2550 2551 <hr/> 2552 </div><!-- .card__section --> 2553 2554 <div class="cta card__cta"> 2555 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p> 2556 </div> 2557 2558 </div><!-- .card --> 2559 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2560 <h2 class="card__title">Container's or Pod's UID could clash with host's UID</h2> 2561 <div class="card__section"> 2562 2563 <div class="label label--low"> 2564 <span class="label__text">low severity</span> 2565 </div> 2566 2567 <hr/> 2568 2569 <ul class="card__meta"> 2570 <li class="card__meta__item"> 2571 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 2572 </li> 2573 2574 <li class="card__meta__item">Introduced through: 2575 [DocId: 46] 2576 <span class="list-paths__item__arrow">›</span> 2577 input 2578 <span class="list-paths__item__arrow">›</span> 2579 spec 2580 <span class="list-paths__item__arrow">›</span> 2581 template 2582 <span class="list-paths__item__arrow">›</span> 2583 spec 2584 <span class="list-paths__item__arrow">›</span> 2585 containers[argocd-repo-server] 2586 <span class="list-paths__item__arrow">›</span> 2587 securityContext 2588 <span class="list-paths__item__arrow">›</span> 2589 runAsUser 2590 2591 </li> 2592 2593 <li class="card__meta__item"> 2594 Line number: 17503 2595 </li> 2596 </ul> 2597 2598 <hr/> 2599 2600 <h2>Impact</h2> 2601 <p>UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass</p> 2602 2603 <h2>Remediation</h2> 2604 <p>Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence</p> 2605 2606 2607 <hr/> 2608 </div><!-- .card__section --> 2609 2610 <div class="cta card__cta"> 2611 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p> 2612 </div> 2613 2614 </div><!-- .card --> 2615 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2616 <h2 class="card__title">Container's or Pod's UID could clash with host's UID</h2> 2617 <div class="card__section"> 2618 2619 <div class="label label--low"> 2620 <span class="label__text">low severity</span> 2621 </div> 2622 2623 <hr/> 2624 2625 <ul class="card__meta"> 2626 <li class="card__meta__item"> 2627 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 2628 </li> 2629 2630 <li class="card__meta__item">Introduced through: 2631 [DocId: 47] 2632 <span class="list-paths__item__arrow">›</span> 2633 input 2634 <span class="list-paths__item__arrow">›</span> 2635 spec 2636 <span class="list-paths__item__arrow">›</span> 2637 template 2638 <span class="list-paths__item__arrow">›</span> 2639 spec 2640 <span class="list-paths__item__arrow">›</span> 2641 containers[argocd-server] 2642 <span class="list-paths__item__arrow">›</span> 2643 securityContext 2644 <span class="list-paths__item__arrow">›</span> 2645 runAsUser 2646 2647 </li> 2648 2649 <li class="card__meta__item"> 2650 Line number: 17829 2651 </li> 2652 </ul> 2653 2654 <hr/> 2655 2656 <h2>Impact</h2> 2657 <p>UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass</p> 2658 2659 <h2>Remediation</h2> 2660 <p>Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence</p> 2661 2662 2663 <hr/> 2664 </div><!-- .card__section --> 2665 2666 <div class="cta card__cta"> 2667 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p> 2668 </div> 2669 2670 </div><!-- .card --> 2671 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2672 <h2 class="card__title">Container's or Pod's UID could clash with host's UID</h2> 2673 <div class="card__section"> 2674 2675 <div class="label label--low"> 2676 <span class="label__text">low severity</span> 2677 </div> 2678 2679 <hr/> 2680 2681 <ul class="card__meta"> 2682 <li class="card__meta__item"> 2683 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 2684 </li> 2685 2686 <li class="card__meta__item">Introduced through: 2687 [DocId: 48] 2688 <span class="list-paths__item__arrow">›</span> 2689 input 2690 <span class="list-paths__item__arrow">›</span> 2691 spec 2692 <span class="list-paths__item__arrow">›</span> 2693 template 2694 <span class="list-paths__item__arrow">›</span> 2695 spec 2696 <span class="list-paths__item__arrow">›</span> 2697 containers[argocd-application-controller] 2698 <span class="list-paths__item__arrow">›</span> 2699 securityContext 2700 <span class="list-paths__item__arrow">›</span> 2701 runAsUser 2702 2703 </li> 2704 2705 <li class="card__meta__item"> 2706 Line number: 18061 2707 </li> 2708 </ul> 2709 2710 <hr/> 2711 2712 <h2>Impact</h2> 2713 <p>UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass</p> 2714 2715 <h2>Remediation</h2> 2716 <p>Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence</p> 2717 2718 2719 <hr/> 2720 </div><!-- .card__section --> 2721 2722 <div class="cta card__cta"> 2723 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p> 2724 </div> 2725 2726 </div><!-- .card --> 2727 </div> 2728 </div> 2729 2730 </main><!-- .layout-stacked__content --> 2731 </body> 2732 2733 </html>