github.com/argoproj/argo-cd/v2@v2.10.9/docs/snyk/master/argocd-iac-install.html (about) 1 <!DOCTYPE html> 2 <html lang="en"> 3 4 <head> 5 <meta http-equiv="Content-type" content="text/html; charset=utf-8"> 6 <meta http-equiv="Content-Language" content="en-us"> 7 <meta name="viewport" content="width=device-width, initial-scale=1.0"> 8 <meta http-equiv="X-UA-Compatible" content="IE=edge"> 9 <title>Snyk test report</title> 10 <meta name="description" content=" known vulnerabilities found in ."> 11 <base target="_blank"> 12 <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png" 13 sizes="194x194"> 14 <link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico"> 15 <style type="text/css"> 16 17 body { 18 -moz-font-feature-settings: "pnum"; 19 -webkit-font-feature-settings: "pnum"; 20 font-variant-numeric: proportional-nums; 21 display: flex; 22 flex-direction: column; 23 font-feature-settings: "pnum"; 24 font-size: 100%; 25 line-height: 1.5; 26 min-height: 100vh; 27 -webkit-text-size-adjust: 100%; 28 margin: 0; 29 padding: 0; 30 background-color: #F5F5F5; 31 font-family: 'Arial', 'Helvetica', Calibri, sans-serif; 32 } 33 34 h1, 35 h2, 36 h3, 37 h4, 38 h5, 39 h6 { 40 font-weight: 500; 41 } 42 43 a, 44 a:link, 45 a:visited { 46 border-bottom: 1px solid #4b45a9; 47 text-decoration: none; 48 color: #4b45a9; 49 } 50 51 a:hover, 52 a:focus, 53 a:active { 54 border-bottom: 1px solid #4b45a9; 55 } 56 57 hr { 58 border: none; 59 margin: 1em 0; 60 border-top: 1px solid #c5c5c5; 61 } 62 63 ul { 64 padding: 0 1em; 65 margin: 1em 0; 66 } 67 68 code { 69 background-color: #EEE; 70 color: #333; 71 padding: 0.25em 0.5em; 72 border-radius: 0.25em; 73 } 74 75 pre { 76 background-color: #333; 77 font-family: monospace; 78 padding: 0.5em 1em 0.75em; 79 border-radius: 0.25em; 80 font-size: 14px; 81 } 82 83 pre code { 84 padding: 0; 85 background-color: transparent; 86 color: #fff; 87 } 88 89 a code { 90 border-radius: .125rem .125rem 0 0; 91 padding-bottom: 0; 92 color: #4b45a9; 93 } 94 95 a[href^="http://"]:after, 96 a[href^="https://"]:after { 97 background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E"); 98 background-repeat: no-repeat; 99 background-size: .75rem; 100 content: ""; 101 display: inline-block; 102 height: .75rem; 103 margin-left: .25rem; 104 width: .75rem; 105 } 106 107 108 /* Layout */ 109 110 [class*=layout-container] { 111 margin: 0 auto; 112 max-width: 71.25em; 113 padding: 1.9em 1.3em; 114 position: relative; 115 } 116 .layout-container--short { 117 padding-top: 0; 118 padding-bottom: 0; 119 max-width: 48.75em; 120 } 121 122 .layout-container--short:after { 123 display: block; 124 content: ""; 125 clear: both; 126 } 127 128 /* Header */ 129 130 .header { 131 padding-bottom: 1px; 132 } 133 134 .paths { 135 margin-left: 8px; 136 } 137 .header-wrap { 138 display: flex; 139 flex-direction: row; 140 justify-content: space-between; 141 padding-top: 2em; 142 } 143 .project__header { 144 background-color: #4b45a9; 145 color: #fff; 146 margin-bottom: -1px; 147 padding-top: 1em; 148 padding-bottom: 0.25em; 149 border-bottom: 2px solid #BBB; 150 } 151 152 .project__header__title { 153 overflow-wrap: break-word; 154 word-wrap: break-word; 155 word-break: break-all; 156 margin-bottom: .1em; 157 margin-top: 0; 158 } 159 160 .timestamp { 161 float: right; 162 clear: none; 163 margin-bottom: 0; 164 } 165 166 .meta-counts { 167 clear: both; 168 display: block; 169 flex-wrap: wrap; 170 justify-content: space-between; 171 margin: 0 0 1.5em; 172 color: #fff; 173 clear: both; 174 font-size: 1.1em; 175 } 176 177 .meta-count { 178 display: block; 179 flex-basis: 100%; 180 margin: 0 1em 1em 0; 181 float: left; 182 padding-right: 1em; 183 border-right: 2px solid #fff; 184 } 185 186 .meta-count:last-child { 187 border-right: 0; 188 padding-right: 0; 189 margin-right: 0; 190 } 191 192 /* Card */ 193 194 .card { 195 background-color: #fff; 196 border: 1px solid #c5c5c5; 197 border-radius: .25rem; 198 margin: 0 0 2em 0; 199 position: relative; 200 min-height: 40px; 201 padding: 1.5em; 202 } 203 204 .card .label { 205 background-color: #767676; 206 border: 2px solid #767676; 207 color: white; 208 padding: 0.25rem 0.75rem; 209 font-size: 0.875rem; 210 text-transform: uppercase; 211 display: inline-block; 212 margin: 0; 213 border-radius: 0.25rem; 214 } 215 216 .card .label__text { 217 vertical-align: text-top; 218 font-weight: bold; 219 } 220 221 .card .label--critical { 222 background-color: #AB1A1A; 223 border-color: #AB1A1A; 224 } 225 226 .card .label--high { 227 background-color: #CE5019; 228 border-color: #CE5019; 229 } 230 231 .card .label--medium { 232 background-color: #D68000; 233 border-color: #D68000; 234 } 235 236 .card .label--low { 237 background-color: #88879E; 238 border-color: #88879E; 239 } 240 241 .severity--low { 242 border-color: #88879E; 243 } 244 245 .severity--medium { 246 border-color: #D68000; 247 } 248 249 .severity--high { 250 border-color: #CE5019; 251 } 252 253 .severity--critical { 254 border-color: #AB1A1A; 255 } 256 257 .card--vuln { 258 padding-top: 4em; 259 } 260 261 .card--vuln .label { 262 left: 0; 263 position: absolute; 264 top: 1.1em; 265 padding-left: 1.9em; 266 padding-right: 1.9em; 267 border-radius: 0 0.25rem 0.25rem 0; 268 } 269 270 .card--vuln .card__section h2 { 271 font-size: 22px; 272 margin-bottom: 0.5em; 273 } 274 275 .card--vuln .card__section p { 276 margin: 0 0 0.5em 0; 277 } 278 279 .card--vuln .card__meta { 280 padding: 0 0 0 1em; 281 margin: 0; 282 font-size: 1.1em; 283 } 284 285 .card .card__meta__paths { 286 font-size: 0.9em; 287 } 288 289 .card--vuln .card__title { 290 font-size: 28px; 291 margin-top: 0; 292 } 293 294 .card--vuln .card__cta p { 295 margin: 0; 296 text-align: right; 297 } 298 299 .source-panel { 300 clear: both; 301 display: flex; 302 justify-content: flex-start; 303 flex-direction: column; 304 align-items: flex-start; 305 padding: 0.5em 0; 306 width: fit-content; 307 } 308 309 310 311 </style> 312 <style type="text/css"> 313 .metatable { 314 text-size-adjust: 100%; 315 -webkit-font-smoothing: antialiased; 316 -webkit-box-direction: normal; 317 color: inherit; 318 font-feature-settings: "pnum"; 319 box-sizing: border-box; 320 background: transparent; 321 border: 0; 322 font: inherit; 323 font-size: 100%; 324 margin: 0; 325 outline: none; 326 padding: 0; 327 text-align: left; 328 text-decoration: none; 329 vertical-align: baseline; 330 z-index: auto; 331 margin-top: 12px; 332 border-collapse: collapse; 333 border-spacing: 0; 334 font-variant-numeric: tabular-nums; 335 max-width: 51.75em; 336 } 337 338 tbody { 339 text-size-adjust: 100%; 340 -webkit-font-smoothing: antialiased; 341 -webkit-box-direction: normal; 342 color: inherit; 343 font-feature-settings: "pnum"; 344 border-collapse: collapse; 345 border-spacing: 0; 346 box-sizing: border-box; 347 background: transparent; 348 border: 0; 349 font: inherit; 350 font-size: 100%; 351 margin: 0; 352 outline: none; 353 padding: 0; 354 text-align: left; 355 text-decoration: none; 356 vertical-align: baseline; 357 z-index: auto; 358 display: flex; 359 flex-wrap: wrap; 360 } 361 362 .meta-row { 363 text-size-adjust: 100%; 364 -webkit-font-smoothing: antialiased; 365 -webkit-box-direction: normal; 366 color: inherit; 367 font-feature-settings: "pnum"; 368 border-collapse: collapse; 369 border-spacing: 0; 370 box-sizing: border-box; 371 background: transparent; 372 border: 0; 373 font: inherit; 374 font-size: 100%; 375 outline: none; 376 text-align: left; 377 text-decoration: none; 378 vertical-align: baseline; 379 z-index: auto; 380 display: flex; 381 align-items: start; 382 border-top: 1px solid #d3d3d9; 383 padding: 8px 0 0 0; 384 border-bottom: none; 385 margin: 8px; 386 width: 47.75%; 387 } 388 389 .meta-row-label { 390 text-size-adjust: 100%; 391 -webkit-font-smoothing: antialiased; 392 -webkit-box-direction: normal; 393 font-feature-settings: "pnum"; 394 border-collapse: collapse; 395 border-spacing: 0; 396 color: #4c4a73; 397 box-sizing: border-box; 398 background: transparent; 399 border: 0; 400 font: inherit; 401 margin: 0; 402 outline: none; 403 text-decoration: none; 404 z-index: auto; 405 align-self: start; 406 flex: 1; 407 font-size: 1rem; 408 line-height: 1.5rem; 409 padding: 0; 410 text-align: left; 411 vertical-align: top; 412 text-transform: none; 413 letter-spacing: 0; 414 } 415 416 .meta-row-value { 417 text-size-adjust: 100%; 418 -webkit-font-smoothing: antialiased; 419 -webkit-box-direction: normal; 420 color: inherit; 421 font-feature-settings: "pnum"; 422 border-collapse: collapse; 423 border-spacing: 0; 424 word-break: break-word; 425 box-sizing: border-box; 426 background: transparent; 427 border: 0; 428 font: inherit; 429 font-size: 100%; 430 margin: 0; 431 outline: none; 432 padding: 0; 433 text-align: right; 434 text-decoration: none; 435 vertical-align: baseline; 436 z-index: auto; 437 } 438 </style> 439 </head> 440 441 <body class="section-projects"> 442 <main class="layout-stacked"> 443 <div class="layout-stacked__header header"> 444 <header class="project__header"> 445 <div class="layout-container"> 446 <a class="brand" href="https://snyk.io" title="Snyk"> 447 <svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img"> 448 <title>Snyk - Open Source Security</title> 449 <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd"> 450 <g fill="#fff"> 451 <path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path> 452 </g> 453 </g> 454 </svg> 455 </a> 456 <div class="header-wrap"> 457 <h1 class="project__header__title">Snyk test report</h1> 458 459 <p class="timestamp">October 29th 2023, 12:17:42 am (UTC+00:00)</p> 460 </div> 461 <div class="source-panel"> 462 <span>Scanned the following path:</span> 463 <ul> 464 <li class="paths">/argo-cd/manifests/install.yaml (Kubernetes)</li> 465 </ul> 466 </div> 467 468 <div class="meta-counts"> 469 <div class="meta-count"><span>40</span> <span>total issues</span></div> 470 </div><!-- .meta-counts --> 471 </div><!-- .layout-container--short --> 472 </header><!-- .project__header --> 473 </div><!-- .layout-stacked__header --> 474 475 <section class="layout-container"> 476 <table class="metatable"> 477 <tbody> 478 <tr class="meta-row"><th class="meta-row-label">Project</th> <td class="meta-row-value">manifests/install.yaml</td></tr> 479 <tr class="meta-row"><th class="meta-row-label">Path</th> <td class="meta-row-value">/argo-cd/manifests/install.yaml</td></tr> 480 <tr class="meta-row"><th class="meta-row-label">Project Type</th> <td class="meta-row-value">Kubernetes</td></tr> 481 </tbody> 482 </table> 483 </section> <div class="layout-container" style="padding-top: 35px;"> 484 <div class="cards--vuln filter--patch filter--ignore"> 485 <div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium"> 486 <h2 class="card__title">Role with dangerous permissions</h2> 487 <div class="card__section"> 488 489 <div class="label label--medium"> 490 <span class="label__text">medium severity</span> 491 </div> 492 493 <hr/> 494 495 <ul class="card__meta"> 496 <li class="card__meta__item"> 497 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 498 </li> 499 500 <li class="card__meta__item">Introduced through: 501 [DocId: 10] 502 <span class="list-paths__item__arrow">›</span> 503 rules[0] 504 <span class="list-paths__item__arrow">›</span> 505 resources 506 507 </li> 508 509 <li class="card__meta__item"> 510 Line number: 20316 511 </li> 512 </ul> 513 514 <hr/> 515 516 <h2>Impact</h2> 517 <p>Using this role grants dangerous permissions</p> 518 519 <h2>Remediation</h2> 520 <p>Consider removing this permissions</p> 521 522 523 <hr/> 524 </div><!-- .card__section --> 525 526 <div class="cta card__cta"> 527 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p> 528 </div> 529 530 </div><!-- .card --> 531 <div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium"> 532 <h2 class="card__title">Role with dangerous permissions</h2> 533 <div class="card__section"> 534 535 <div class="label label--medium"> 536 <span class="label__text">medium severity</span> 537 </div> 538 539 <hr/> 540 541 <ul class="card__meta"> 542 <li class="card__meta__item"> 543 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 544 </li> 545 546 <li class="card__meta__item">Introduced through: 547 [DocId: 11] 548 <span class="list-paths__item__arrow">›</span> 549 rules[4] 550 <span class="list-paths__item__arrow">›</span> 551 resources 552 553 </li> 554 555 <li class="card__meta__item"> 556 Line number: 20393 557 </li> 558 </ul> 559 560 <hr/> 561 562 <h2>Impact</h2> 563 <p>Using this role grants dangerous permissions</p> 564 565 <h2>Remediation</h2> 566 <p>Consider removing this permissions</p> 567 568 569 <hr/> 570 </div><!-- .card__section --> 571 572 <div class="cta card__cta"> 573 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p> 574 </div> 575 576 </div><!-- .card --> 577 <div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium"> 578 <h2 class="card__title">Role with dangerous permissions</h2> 579 <div class="card__section"> 580 581 <div class="label label--medium"> 582 <span class="label__text">medium severity</span> 583 </div> 584 585 <hr/> 586 587 <ul class="card__meta"> 588 <li class="card__meta__item"> 589 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 590 </li> 591 592 <li class="card__meta__item">Introduced through: 593 [DocId: 12] 594 <span class="list-paths__item__arrow">›</span> 595 rules[0] 596 <span class="list-paths__item__arrow">›</span> 597 resources 598 599 </li> 600 601 <li class="card__meta__item"> 602 Line number: 20421 603 </li> 604 </ul> 605 606 <hr/> 607 608 <h2>Impact</h2> 609 <p>Using this role grants dangerous permissions</p> 610 611 <h2>Remediation</h2> 612 <p>Consider removing this permissions</p> 613 614 615 <hr/> 616 </div><!-- .card__section --> 617 618 <div class="cta card__cta"> 619 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p> 620 </div> 621 622 </div><!-- .card --> 623 <div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium"> 624 <h2 class="card__title">Role with dangerous permissions</h2> 625 <div class="card__section"> 626 627 <div class="label label--medium"> 628 <span class="label__text">medium severity</span> 629 </div> 630 631 <hr/> 632 633 <ul class="card__meta"> 634 <li class="card__meta__item"> 635 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 636 </li> 637 638 <li class="card__meta__item">Introduced through: 639 [DocId: 13] 640 <span class="list-paths__item__arrow">›</span> 641 rules[3] 642 <span class="list-paths__item__arrow">›</span> 643 resources 644 645 </li> 646 647 <li class="card__meta__item"> 648 Line number: 20469 649 </li> 650 </ul> 651 652 <hr/> 653 654 <h2>Impact</h2> 655 <p>Using this role grants dangerous permissions</p> 656 657 <h2>Remediation</h2> 658 <p>Consider removing this permissions</p> 659 660 661 <hr/> 662 </div><!-- .card__section --> 663 664 <div class="cta card__cta"> 665 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p> 666 </div> 667 668 </div><!-- .card --> 669 <div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium"> 670 <h2 class="card__title">Role with dangerous permissions</h2> 671 <div class="card__section"> 672 673 <div class="label label--medium"> 674 <span class="label__text">medium severity</span> 675 </div> 676 677 <hr/> 678 679 <ul class="card__meta"> 680 <li class="card__meta__item"> 681 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 682 </li> 683 684 <li class="card__meta__item">Introduced through: 685 [DocId: 13] 686 <span class="list-paths__item__arrow">›</span> 687 rules[1] 688 <span class="list-paths__item__arrow">›</span> 689 resources 690 691 </li> 692 693 <li class="card__meta__item"> 694 Line number: 20451 695 </li> 696 </ul> 697 698 <hr/> 699 700 <h2>Impact</h2> 701 <p>Using this role grants dangerous permissions</p> 702 703 <h2>Remediation</h2> 704 <p>Consider removing this permissions</p> 705 706 707 <hr/> 708 </div><!-- .card__section --> 709 710 <div class="cta card__cta"> 711 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p> 712 </div> 713 714 </div><!-- .card --> 715 <div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium"> 716 <h2 class="card__title">Role with dangerous permissions</h2> 717 <div class="card__section"> 718 719 <div class="label label--medium"> 720 <span class="label__text">medium severity</span> 721 </div> 722 723 <hr/> 724 725 <ul class="card__meta"> 726 <li class="card__meta__item"> 727 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 728 </li> 729 730 <li class="card__meta__item">Introduced through: 731 [DocId: 14] 732 <span class="list-paths__item__arrow">›</span> 733 rules[0] 734 <span class="list-paths__item__arrow">›</span> 735 resources 736 737 </li> 738 739 <li class="card__meta__item"> 740 Line number: 20485 741 </li> 742 </ul> 743 744 <hr/> 745 746 <h2>Impact</h2> 747 <p>Using this role grants dangerous permissions</p> 748 749 <h2>Remediation</h2> 750 <p>Consider removing this permissions</p> 751 752 753 <hr/> 754 </div><!-- .card__section --> 755 756 <div class="cta card__cta"> 757 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p> 758 </div> 759 760 </div><!-- .card --> 761 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 762 <h2 class="card__title">Container could be running with outdated image</h2> 763 <div class="card__section"> 764 765 <div class="label label--low"> 766 <span class="label__text">low severity</span> 767 </div> 768 769 <hr/> 770 771 <ul class="card__meta"> 772 <li class="card__meta__item"> 773 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-42">SNYK-CC-K8S-42</a> 774 </li> 775 776 <li class="card__meta__item">Introduced through: 777 [DocId: 45] 778 <span class="list-paths__item__arrow">›</span> 779 spec 780 <span class="list-paths__item__arrow">›</span> 781 template 782 <span class="list-paths__item__arrow">›</span> 783 spec 784 <span class="list-paths__item__arrow">›</span> 785 initContainers[copyutil] 786 <span class="list-paths__item__arrow">›</span> 787 imagePullPolicy 788 789 </li> 790 791 <li class="card__meta__item"> 792 Line number: 21642 793 </li> 794 </ul> 795 796 <hr/> 797 798 <h2>Impact</h2> 799 <p>The container may run with outdated or unauthorized image</p> 800 801 <h2>Remediation</h2> 802 <p>Set `imagePullPolicy` attribute to `Always`</p> 803 804 805 <hr/> 806 </div><!-- .card__section --> 807 808 <div class="cta card__cta"> 809 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-42">More about this issue</a></p> 810 </div> 811 812 </div><!-- .card --> 813 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 814 <h2 class="card__title">Container has no CPU limit</h2> 815 <div class="card__section"> 816 817 <div class="label label--low"> 818 <span class="label__text">low severity</span> 819 </div> 820 821 <hr/> 822 823 <ul class="card__meta"> 824 <li class="card__meta__item"> 825 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 826 </li> 827 828 <li class="card__meta__item">Introduced through: 829 [DocId: 41] 830 <span class="list-paths__item__arrow">›</span> 831 input 832 <span class="list-paths__item__arrow">›</span> 833 spec 834 <span class="list-paths__item__arrow">›</span> 835 template 836 <span class="list-paths__item__arrow">›</span> 837 spec 838 <span class="list-paths__item__arrow">›</span> 839 containers[argocd-applicationset-controller] 840 <span class="list-paths__item__arrow">›</span> 841 resources 842 <span class="list-paths__item__arrow">›</span> 843 limits 844 <span class="list-paths__item__arrow">›</span> 845 cpu 846 847 </li> 848 849 <li class="card__meta__item"> 850 Line number: 20969 851 </li> 852 </ul> 853 854 <hr/> 855 856 <h2>Impact</h2> 857 <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p> 858 859 <h2>Remediation</h2> 860 <p>Add `resources.limits.cpu` field with required CPU limit value</p> 861 862 863 <hr/> 864 </div><!-- .card__section --> 865 866 <div class="cta card__cta"> 867 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p> 868 </div> 869 870 </div><!-- .card --> 871 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 872 <h2 class="card__title">Container has no CPU limit</h2> 873 <div class="card__section"> 874 875 <div class="label label--low"> 876 <span class="label__text">low severity</span> 877 </div> 878 879 <hr/> 880 881 <ul class="card__meta"> 882 <li class="card__meta__item"> 883 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 884 </li> 885 886 <li class="card__meta__item">Introduced through: 887 [DocId: 42] 888 <span class="list-paths__item__arrow">›</span> 889 input 890 <span class="list-paths__item__arrow">›</span> 891 spec 892 <span class="list-paths__item__arrow">›</span> 893 template 894 <span class="list-paths__item__arrow">›</span> 895 spec 896 <span class="list-paths__item__arrow">›</span> 897 initContainers[copyutil] 898 <span class="list-paths__item__arrow">›</span> 899 resources 900 <span class="list-paths__item__arrow">›</span> 901 limits 902 <span class="list-paths__item__arrow">›</span> 903 cpu 904 905 </li> 906 907 <li class="card__meta__item"> 908 Line number: 21220 909 </li> 910 </ul> 911 912 <hr/> 913 914 <h2>Impact</h2> 915 <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p> 916 917 <h2>Remediation</h2> 918 <p>Add `resources.limits.cpu` field with required CPU limit value</p> 919 920 921 <hr/> 922 </div><!-- .card__section --> 923 924 <div class="cta card__cta"> 925 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p> 926 </div> 927 928 </div><!-- .card --> 929 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 930 <h2 class="card__title">Container has no CPU limit</h2> 931 <div class="card__section"> 932 933 <div class="label label--low"> 934 <span class="label__text">low severity</span> 935 </div> 936 937 <hr/> 938 939 <ul class="card__meta"> 940 <li class="card__meta__item"> 941 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 942 </li> 943 944 <li class="card__meta__item">Introduced through: 945 [DocId: 42] 946 <span class="list-paths__item__arrow">›</span> 947 input 948 <span class="list-paths__item__arrow">›</span> 949 spec 950 <span class="list-paths__item__arrow">›</span> 951 template 952 <span class="list-paths__item__arrow">›</span> 953 spec 954 <span class="list-paths__item__arrow">›</span> 955 containers[dex] 956 <span class="list-paths__item__arrow">›</span> 957 resources 958 <span class="list-paths__item__arrow">›</span> 959 limits 960 <span class="list-paths__item__arrow">›</span> 961 cpu 962 963 </li> 964 965 <li class="card__meta__item"> 966 Line number: 21186 967 </li> 968 </ul> 969 970 <hr/> 971 972 <h2>Impact</h2> 973 <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p> 974 975 <h2>Remediation</h2> 976 <p>Add `resources.limits.cpu` field with required CPU limit value</p> 977 978 979 <hr/> 980 </div><!-- .card__section --> 981 982 <div class="cta card__cta"> 983 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p> 984 </div> 985 986 </div><!-- .card --> 987 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 988 <h2 class="card__title">Container has no CPU limit</h2> 989 <div class="card__section"> 990 991 <div class="label label--low"> 992 <span class="label__text">low severity</span> 993 </div> 994 995 <hr/> 996 997 <ul class="card__meta"> 998 <li class="card__meta__item"> 999 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 1000 </li> 1001 1002 <li class="card__meta__item">Introduced through: 1003 [DocId: 43] 1004 <span class="list-paths__item__arrow">›</span> 1005 input 1006 <span class="list-paths__item__arrow">›</span> 1007 spec 1008 <span class="list-paths__item__arrow">›</span> 1009 template 1010 <span class="list-paths__item__arrow">›</span> 1011 spec 1012 <span class="list-paths__item__arrow">›</span> 1013 containers[argocd-notifications-controller] 1014 <span class="list-paths__item__arrow">›</span> 1015 resources 1016 <span class="list-paths__item__arrow">›</span> 1017 limits 1018 <span class="list-paths__item__arrow">›</span> 1019 cpu 1020 1021 </li> 1022 1023 <li class="card__meta__item"> 1024 Line number: 21280 1025 </li> 1026 </ul> 1027 1028 <hr/> 1029 1030 <h2>Impact</h2> 1031 <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p> 1032 1033 <h2>Remediation</h2> 1034 <p>Add `resources.limits.cpu` field with required CPU limit value</p> 1035 1036 1037 <hr/> 1038 </div><!-- .card__section --> 1039 1040 <div class="cta card__cta"> 1041 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p> 1042 </div> 1043 1044 </div><!-- .card --> 1045 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1046 <h2 class="card__title">Container has no CPU limit</h2> 1047 <div class="card__section"> 1048 1049 <div class="label label--low"> 1050 <span class="label__text">low severity</span> 1051 </div> 1052 1053 <hr/> 1054 1055 <ul class="card__meta"> 1056 <li class="card__meta__item"> 1057 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 1058 </li> 1059 1060 <li class="card__meta__item">Introduced through: 1061 [DocId: 44] 1062 <span class="list-paths__item__arrow">›</span> 1063 input 1064 <span class="list-paths__item__arrow">›</span> 1065 spec 1066 <span class="list-paths__item__arrow">›</span> 1067 template 1068 <span class="list-paths__item__arrow">›</span> 1069 spec 1070 <span class="list-paths__item__arrow">›</span> 1071 containers[redis] 1072 <span class="list-paths__item__arrow">›</span> 1073 resources 1074 <span class="list-paths__item__arrow">›</span> 1075 limits 1076 <span class="list-paths__item__arrow">›</span> 1077 cpu 1078 1079 </li> 1080 1081 <li class="card__meta__item"> 1082 Line number: 21373 1083 </li> 1084 </ul> 1085 1086 <hr/> 1087 1088 <h2>Impact</h2> 1089 <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p> 1090 1091 <h2>Remediation</h2> 1092 <p>Add `resources.limits.cpu` field with required CPU limit value</p> 1093 1094 1095 <hr/> 1096 </div><!-- .card__section --> 1097 1098 <div class="cta card__cta"> 1099 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p> 1100 </div> 1101 1102 </div><!-- .card --> 1103 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1104 <h2 class="card__title">Container has no CPU limit</h2> 1105 <div class="card__section"> 1106 1107 <div class="label label--low"> 1108 <span class="label__text">low severity</span> 1109 </div> 1110 1111 <hr/> 1112 1113 <ul class="card__meta"> 1114 <li class="card__meta__item"> 1115 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 1116 </li> 1117 1118 <li class="card__meta__item">Introduced through: 1119 [DocId: 45] 1120 <span class="list-paths__item__arrow">›</span> 1121 input 1122 <span class="list-paths__item__arrow">›</span> 1123 spec 1124 <span class="list-paths__item__arrow">›</span> 1125 template 1126 <span class="list-paths__item__arrow">›</span> 1127 spec 1128 <span class="list-paths__item__arrow">›</span> 1129 initContainers[copyutil] 1130 <span class="list-paths__item__arrow">›</span> 1131 resources 1132 <span class="list-paths__item__arrow">›</span> 1133 limits 1134 <span class="list-paths__item__arrow">›</span> 1135 cpu 1136 1137 </li> 1138 1139 <li class="card__meta__item"> 1140 Line number: 21642 1141 </li> 1142 </ul> 1143 1144 <hr/> 1145 1146 <h2>Impact</h2> 1147 <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p> 1148 1149 <h2>Remediation</h2> 1150 <p>Add `resources.limits.cpu` field with required CPU limit value</p> 1151 1152 1153 <hr/> 1154 </div><!-- .card__section --> 1155 1156 <div class="cta card__cta"> 1157 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p> 1158 </div> 1159 1160 </div><!-- .card --> 1161 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1162 <h2 class="card__title">Container has no CPU limit</h2> 1163 <div class="card__section"> 1164 1165 <div class="label label--low"> 1166 <span class="label__text">low severity</span> 1167 </div> 1168 1169 <hr/> 1170 1171 <ul class="card__meta"> 1172 <li class="card__meta__item"> 1173 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 1174 </li> 1175 1176 <li class="card__meta__item">Introduced through: 1177 [DocId: 45] 1178 <span class="list-paths__item__arrow">›</span> 1179 input 1180 <span class="list-paths__item__arrow">›</span> 1181 spec 1182 <span class="list-paths__item__arrow">›</span> 1183 template 1184 <span class="list-paths__item__arrow">›</span> 1185 spec 1186 <span class="list-paths__item__arrow">›</span> 1187 containers[argocd-repo-server] 1188 <span class="list-paths__item__arrow">›</span> 1189 resources 1190 <span class="list-paths__item__arrow">›</span> 1191 limits 1192 <span class="list-paths__item__arrow">›</span> 1193 cpu 1194 1195 </li> 1196 1197 <li class="card__meta__item"> 1198 Line number: 21430 1199 </li> 1200 </ul> 1201 1202 <hr/> 1203 1204 <h2>Impact</h2> 1205 <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p> 1206 1207 <h2>Remediation</h2> 1208 <p>Add `resources.limits.cpu` field with required CPU limit value</p> 1209 1210 1211 <hr/> 1212 </div><!-- .card__section --> 1213 1214 <div class="cta card__cta"> 1215 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p> 1216 </div> 1217 1218 </div><!-- .card --> 1219 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1220 <h2 class="card__title">Container has no CPU limit</h2> 1221 <div class="card__section"> 1222 1223 <div class="label label--low"> 1224 <span class="label__text">low severity</span> 1225 </div> 1226 1227 <hr/> 1228 1229 <ul class="card__meta"> 1230 <li class="card__meta__item"> 1231 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 1232 </li> 1233 1234 <li class="card__meta__item">Introduced through: 1235 [DocId: 46] 1236 <span class="list-paths__item__arrow">›</span> 1237 input 1238 <span class="list-paths__item__arrow">›</span> 1239 spec 1240 <span class="list-paths__item__arrow">›</span> 1241 template 1242 <span class="list-paths__item__arrow">›</span> 1243 spec 1244 <span class="list-paths__item__arrow">›</span> 1245 containers[argocd-server] 1246 <span class="list-paths__item__arrow">›</span> 1247 resources 1248 <span class="list-paths__item__arrow">›</span> 1249 limits 1250 <span class="list-paths__item__arrow">›</span> 1251 cpu 1252 1253 </li> 1254 1255 <li class="card__meta__item"> 1256 Line number: 21727 1257 </li> 1258 </ul> 1259 1260 <hr/> 1261 1262 <h2>Impact</h2> 1263 <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p> 1264 1265 <h2>Remediation</h2> 1266 <p>Add `resources.limits.cpu` field with required CPU limit value</p> 1267 1268 1269 <hr/> 1270 </div><!-- .card__section --> 1271 1272 <div class="cta card__cta"> 1273 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p> 1274 </div> 1275 1276 </div><!-- .card --> 1277 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1278 <h2 class="card__title">Container has no CPU limit</h2> 1279 <div class="card__section"> 1280 1281 <div class="label label--low"> 1282 <span class="label__text">low severity</span> 1283 </div> 1284 1285 <hr/> 1286 1287 <ul class="card__meta"> 1288 <li class="card__meta__item"> 1289 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 1290 </li> 1291 1292 <li class="card__meta__item">Introduced through: 1293 [DocId: 47] 1294 <span class="list-paths__item__arrow">›</span> 1295 input 1296 <span class="list-paths__item__arrow">›</span> 1297 spec 1298 <span class="list-paths__item__arrow">›</span> 1299 template 1300 <span class="list-paths__item__arrow">›</span> 1301 spec 1302 <span class="list-paths__item__arrow">›</span> 1303 containers[argocd-application-controller] 1304 <span class="list-paths__item__arrow">›</span> 1305 resources 1306 <span class="list-paths__item__arrow">›</span> 1307 limits 1308 <span class="list-paths__item__arrow">›</span> 1309 cpu 1310 1311 </li> 1312 1313 <li class="card__meta__item"> 1314 Line number: 22043 1315 </li> 1316 </ul> 1317 1318 <hr/> 1319 1320 <h2>Impact</h2> 1321 <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p> 1322 1323 <h2>Remediation</h2> 1324 <p>Add `resources.limits.cpu` field with required CPU limit value</p> 1325 1326 1327 <hr/> 1328 </div><!-- .card__section --> 1329 1330 <div class="cta card__cta"> 1331 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p> 1332 </div> 1333 1334 </div><!-- .card --> 1335 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1336 <h2 class="card__title">Container is running with multiple open ports</h2> 1337 <div class="card__section"> 1338 1339 <div class="label label--low"> 1340 <span class="label__text">low severity</span> 1341 </div> 1342 1343 <hr/> 1344 1345 <ul class="card__meta"> 1346 <li class="card__meta__item"> 1347 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-36">SNYK-CC-K8S-36</a> 1348 </li> 1349 1350 <li class="card__meta__item">Introduced through: 1351 [DocId: 42] 1352 <span class="list-paths__item__arrow">›</span> 1353 spec 1354 <span class="list-paths__item__arrow">›</span> 1355 template 1356 <span class="list-paths__item__arrow">›</span> 1357 spec 1358 <span class="list-paths__item__arrow">›</span> 1359 containers[dex] 1360 <span class="list-paths__item__arrow">›</span> 1361 ports 1362 1363 </li> 1364 1365 <li class="card__meta__item"> 1366 Line number: 21200 1367 </li> 1368 </ul> 1369 1370 <hr/> 1371 1372 <h2>Impact</h2> 1373 <p>Increases the attack surface of the application and the container.</p> 1374 1375 <h2>Remediation</h2> 1376 <p>Reduce `ports` count to 2</p> 1377 1378 1379 <hr/> 1380 </div><!-- .card__section --> 1381 1382 <div class="cta card__cta"> 1383 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-36">More about this issue</a></p> 1384 </div> 1385 1386 </div><!-- .card --> 1387 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1388 <h2 class="card__title">Container is running without liveness probe</h2> 1389 <div class="card__section"> 1390 1391 <div class="label label--low"> 1392 <span class="label__text">low severity</span> 1393 </div> 1394 1395 <hr/> 1396 1397 <ul class="card__meta"> 1398 <li class="card__meta__item"> 1399 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">SNYK-CC-K8S-41</a> 1400 </li> 1401 1402 <li class="card__meta__item">Introduced through: 1403 [DocId: 41] 1404 <span class="list-paths__item__arrow">›</span> 1405 spec 1406 <span class="list-paths__item__arrow">›</span> 1407 template 1408 <span class="list-paths__item__arrow">›</span> 1409 spec 1410 <span class="list-paths__item__arrow">›</span> 1411 containers[argocd-applicationset-controller] 1412 <span class="list-paths__item__arrow">›</span> 1413 livenessProbe 1414 1415 </li> 1416 1417 <li class="card__meta__item"> 1418 Line number: 20969 1419 </li> 1420 </ul> 1421 1422 <hr/> 1423 1424 <h2>Impact</h2> 1425 <p>Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods</p> 1426 1427 <h2>Remediation</h2> 1428 <p>Add `livenessProbe` attribute</p> 1429 1430 1431 <hr/> 1432 </div><!-- .card__section --> 1433 1434 <div class="cta card__cta"> 1435 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">More about this issue</a></p> 1436 </div> 1437 1438 </div><!-- .card --> 1439 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1440 <h2 class="card__title">Container is running without liveness probe</h2> 1441 <div class="card__section"> 1442 1443 <div class="label label--low"> 1444 <span class="label__text">low severity</span> 1445 </div> 1446 1447 <hr/> 1448 1449 <ul class="card__meta"> 1450 <li class="card__meta__item"> 1451 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">SNYK-CC-K8S-41</a> 1452 </li> 1453 1454 <li class="card__meta__item">Introduced through: 1455 [DocId: 42] 1456 <span class="list-paths__item__arrow">›</span> 1457 spec 1458 <span class="list-paths__item__arrow">›</span> 1459 template 1460 <span class="list-paths__item__arrow">›</span> 1461 spec 1462 <span class="list-paths__item__arrow">›</span> 1463 initContainers[copyutil] 1464 <span class="list-paths__item__arrow">›</span> 1465 livenessProbe 1466 1467 </li> 1468 1469 <li class="card__meta__item"> 1470 Line number: 21220 1471 </li> 1472 </ul> 1473 1474 <hr/> 1475 1476 <h2>Impact</h2> 1477 <p>Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods</p> 1478 1479 <h2>Remediation</h2> 1480 <p>Add `livenessProbe` attribute</p> 1481 1482 1483 <hr/> 1484 </div><!-- .card__section --> 1485 1486 <div class="cta card__cta"> 1487 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">More about this issue</a></p> 1488 </div> 1489 1490 </div><!-- .card --> 1491 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1492 <h2 class="card__title">Container is running without liveness probe</h2> 1493 <div class="card__section"> 1494 1495 <div class="label label--low"> 1496 <span class="label__text">low severity</span> 1497 </div> 1498 1499 <hr/> 1500 1501 <ul class="card__meta"> 1502 <li class="card__meta__item"> 1503 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">SNYK-CC-K8S-41</a> 1504 </li> 1505 1506 <li class="card__meta__item">Introduced through: 1507 [DocId: 42] 1508 <span class="list-paths__item__arrow">›</span> 1509 spec 1510 <span class="list-paths__item__arrow">›</span> 1511 template 1512 <span class="list-paths__item__arrow">›</span> 1513 spec 1514 <span class="list-paths__item__arrow">›</span> 1515 containers[dex] 1516 <span class="list-paths__item__arrow">›</span> 1517 livenessProbe 1518 1519 </li> 1520 1521 <li class="card__meta__item"> 1522 Line number: 21186 1523 </li> 1524 </ul> 1525 1526 <hr/> 1527 1528 <h2>Impact</h2> 1529 <p>Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods</p> 1530 1531 <h2>Remediation</h2> 1532 <p>Add `livenessProbe` attribute</p> 1533 1534 1535 <hr/> 1536 </div><!-- .card__section --> 1537 1538 <div class="cta card__cta"> 1539 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">More about this issue</a></p> 1540 </div> 1541 1542 </div><!-- .card --> 1543 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1544 <h2 class="card__title">Container is running without liveness probe</h2> 1545 <div class="card__section"> 1546 1547 <div class="label label--low"> 1548 <span class="label__text">low severity</span> 1549 </div> 1550 1551 <hr/> 1552 1553 <ul class="card__meta"> 1554 <li class="card__meta__item"> 1555 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">SNYK-CC-K8S-41</a> 1556 </li> 1557 1558 <li class="card__meta__item">Introduced through: 1559 [DocId: 44] 1560 <span class="list-paths__item__arrow">›</span> 1561 spec 1562 <span class="list-paths__item__arrow">›</span> 1563 template 1564 <span class="list-paths__item__arrow">›</span> 1565 spec 1566 <span class="list-paths__item__arrow">›</span> 1567 containers[redis] 1568 <span class="list-paths__item__arrow">›</span> 1569 livenessProbe 1570 1571 </li> 1572 1573 <li class="card__meta__item"> 1574 Line number: 21373 1575 </li> 1576 </ul> 1577 1578 <hr/> 1579 1580 <h2>Impact</h2> 1581 <p>Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods</p> 1582 1583 <h2>Remediation</h2> 1584 <p>Add `livenessProbe` attribute</p> 1585 1586 1587 <hr/> 1588 </div><!-- .card__section --> 1589 1590 <div class="cta card__cta"> 1591 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">More about this issue</a></p> 1592 </div> 1593 1594 </div><!-- .card --> 1595 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1596 <h2 class="card__title">Container is running without liveness probe</h2> 1597 <div class="card__section"> 1598 1599 <div class="label label--low"> 1600 <span class="label__text">low severity</span> 1601 </div> 1602 1603 <hr/> 1604 1605 <ul class="card__meta"> 1606 <li class="card__meta__item"> 1607 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">SNYK-CC-K8S-41</a> 1608 </li> 1609 1610 <li class="card__meta__item">Introduced through: 1611 [DocId: 45] 1612 <span class="list-paths__item__arrow">›</span> 1613 spec 1614 <span class="list-paths__item__arrow">›</span> 1615 template 1616 <span class="list-paths__item__arrow">›</span> 1617 spec 1618 <span class="list-paths__item__arrow">›</span> 1619 initContainers[copyutil] 1620 <span class="list-paths__item__arrow">›</span> 1621 livenessProbe 1622 1623 </li> 1624 1625 <li class="card__meta__item"> 1626 Line number: 21642 1627 </li> 1628 </ul> 1629 1630 <hr/> 1631 1632 <h2>Impact</h2> 1633 <p>Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods</p> 1634 1635 <h2>Remediation</h2> 1636 <p>Add `livenessProbe` attribute</p> 1637 1638 1639 <hr/> 1640 </div><!-- .card__section --> 1641 1642 <div class="cta card__cta"> 1643 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">More about this issue</a></p> 1644 </div> 1645 1646 </div><!-- .card --> 1647 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1648 <h2 class="card__title">Container is running without memory limit</h2> 1649 <div class="card__section"> 1650 1651 <div class="label label--low"> 1652 <span class="label__text">low severity</span> 1653 </div> 1654 1655 <hr/> 1656 1657 <ul class="card__meta"> 1658 <li class="card__meta__item"> 1659 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 1660 </li> 1661 1662 <li class="card__meta__item">Introduced through: 1663 [DocId: 41] 1664 <span class="list-paths__item__arrow">›</span> 1665 input 1666 <span class="list-paths__item__arrow">›</span> 1667 spec 1668 <span class="list-paths__item__arrow">›</span> 1669 template 1670 <span class="list-paths__item__arrow">›</span> 1671 spec 1672 <span class="list-paths__item__arrow">›</span> 1673 containers[argocd-applicationset-controller] 1674 <span class="list-paths__item__arrow">›</span> 1675 resources 1676 <span class="list-paths__item__arrow">›</span> 1677 limits 1678 <span class="list-paths__item__arrow">›</span> 1679 memory 1680 1681 </li> 1682 1683 <li class="card__meta__item"> 1684 Line number: 20969 1685 </li> 1686 </ul> 1687 1688 <hr/> 1689 1690 <h2>Impact</h2> 1691 <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p> 1692 1693 <h2>Remediation</h2> 1694 <p>Set `resources.limits.memory` value</p> 1695 1696 1697 <hr/> 1698 </div><!-- .card__section --> 1699 1700 <div class="cta card__cta"> 1701 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p> 1702 </div> 1703 1704 </div><!-- .card --> 1705 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1706 <h2 class="card__title">Container is running without memory limit</h2> 1707 <div class="card__section"> 1708 1709 <div class="label label--low"> 1710 <span class="label__text">low severity</span> 1711 </div> 1712 1713 <hr/> 1714 1715 <ul class="card__meta"> 1716 <li class="card__meta__item"> 1717 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 1718 </li> 1719 1720 <li class="card__meta__item">Introduced through: 1721 [DocId: 42] 1722 <span class="list-paths__item__arrow">›</span> 1723 input 1724 <span class="list-paths__item__arrow">›</span> 1725 spec 1726 <span class="list-paths__item__arrow">›</span> 1727 template 1728 <span class="list-paths__item__arrow">›</span> 1729 spec 1730 <span class="list-paths__item__arrow">›</span> 1731 containers[dex] 1732 <span class="list-paths__item__arrow">›</span> 1733 resources 1734 <span class="list-paths__item__arrow">›</span> 1735 limits 1736 <span class="list-paths__item__arrow">›</span> 1737 memory 1738 1739 </li> 1740 1741 <li class="card__meta__item"> 1742 Line number: 21186 1743 </li> 1744 </ul> 1745 1746 <hr/> 1747 1748 <h2>Impact</h2> 1749 <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p> 1750 1751 <h2>Remediation</h2> 1752 <p>Set `resources.limits.memory` value</p> 1753 1754 1755 <hr/> 1756 </div><!-- .card__section --> 1757 1758 <div class="cta card__cta"> 1759 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p> 1760 </div> 1761 1762 </div><!-- .card --> 1763 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1764 <h2 class="card__title">Container is running without memory limit</h2> 1765 <div class="card__section"> 1766 1767 <div class="label label--low"> 1768 <span class="label__text">low severity</span> 1769 </div> 1770 1771 <hr/> 1772 1773 <ul class="card__meta"> 1774 <li class="card__meta__item"> 1775 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 1776 </li> 1777 1778 <li class="card__meta__item">Introduced through: 1779 [DocId: 42] 1780 <span class="list-paths__item__arrow">›</span> 1781 input 1782 <span class="list-paths__item__arrow">›</span> 1783 spec 1784 <span class="list-paths__item__arrow">›</span> 1785 template 1786 <span class="list-paths__item__arrow">›</span> 1787 spec 1788 <span class="list-paths__item__arrow">›</span> 1789 initContainers[copyutil] 1790 <span class="list-paths__item__arrow">›</span> 1791 resources 1792 <span class="list-paths__item__arrow">›</span> 1793 limits 1794 <span class="list-paths__item__arrow">›</span> 1795 memory 1796 1797 </li> 1798 1799 <li class="card__meta__item"> 1800 Line number: 21220 1801 </li> 1802 </ul> 1803 1804 <hr/> 1805 1806 <h2>Impact</h2> 1807 <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p> 1808 1809 <h2>Remediation</h2> 1810 <p>Set `resources.limits.memory` value</p> 1811 1812 1813 <hr/> 1814 </div><!-- .card__section --> 1815 1816 <div class="cta card__cta"> 1817 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p> 1818 </div> 1819 1820 </div><!-- .card --> 1821 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1822 <h2 class="card__title">Container is running without memory limit</h2> 1823 <div class="card__section"> 1824 1825 <div class="label label--low"> 1826 <span class="label__text">low severity</span> 1827 </div> 1828 1829 <hr/> 1830 1831 <ul class="card__meta"> 1832 <li class="card__meta__item"> 1833 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 1834 </li> 1835 1836 <li class="card__meta__item">Introduced through: 1837 [DocId: 43] 1838 <span class="list-paths__item__arrow">›</span> 1839 input 1840 <span class="list-paths__item__arrow">›</span> 1841 spec 1842 <span class="list-paths__item__arrow">›</span> 1843 template 1844 <span class="list-paths__item__arrow">›</span> 1845 spec 1846 <span class="list-paths__item__arrow">›</span> 1847 containers[argocd-notifications-controller] 1848 <span class="list-paths__item__arrow">›</span> 1849 resources 1850 <span class="list-paths__item__arrow">›</span> 1851 limits 1852 <span class="list-paths__item__arrow">›</span> 1853 memory 1854 1855 </li> 1856 1857 <li class="card__meta__item"> 1858 Line number: 21280 1859 </li> 1860 </ul> 1861 1862 <hr/> 1863 1864 <h2>Impact</h2> 1865 <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p> 1866 1867 <h2>Remediation</h2> 1868 <p>Set `resources.limits.memory` value</p> 1869 1870 1871 <hr/> 1872 </div><!-- .card__section --> 1873 1874 <div class="cta card__cta"> 1875 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p> 1876 </div> 1877 1878 </div><!-- .card --> 1879 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1880 <h2 class="card__title">Container is running without memory limit</h2> 1881 <div class="card__section"> 1882 1883 <div class="label label--low"> 1884 <span class="label__text">low severity</span> 1885 </div> 1886 1887 <hr/> 1888 1889 <ul class="card__meta"> 1890 <li class="card__meta__item"> 1891 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 1892 </li> 1893 1894 <li class="card__meta__item">Introduced through: 1895 [DocId: 44] 1896 <span class="list-paths__item__arrow">›</span> 1897 input 1898 <span class="list-paths__item__arrow">›</span> 1899 spec 1900 <span class="list-paths__item__arrow">›</span> 1901 template 1902 <span class="list-paths__item__arrow">›</span> 1903 spec 1904 <span class="list-paths__item__arrow">›</span> 1905 containers[redis] 1906 <span class="list-paths__item__arrow">›</span> 1907 resources 1908 <span class="list-paths__item__arrow">›</span> 1909 limits 1910 <span class="list-paths__item__arrow">›</span> 1911 memory 1912 1913 </li> 1914 1915 <li class="card__meta__item"> 1916 Line number: 21373 1917 </li> 1918 </ul> 1919 1920 <hr/> 1921 1922 <h2>Impact</h2> 1923 <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p> 1924 1925 <h2>Remediation</h2> 1926 <p>Set `resources.limits.memory` value</p> 1927 1928 1929 <hr/> 1930 </div><!-- .card__section --> 1931 1932 <div class="cta card__cta"> 1933 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p> 1934 </div> 1935 1936 </div><!-- .card --> 1937 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1938 <h2 class="card__title">Container is running without memory limit</h2> 1939 <div class="card__section"> 1940 1941 <div class="label label--low"> 1942 <span class="label__text">low severity</span> 1943 </div> 1944 1945 <hr/> 1946 1947 <ul class="card__meta"> 1948 <li class="card__meta__item"> 1949 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 1950 </li> 1951 1952 <li class="card__meta__item">Introduced through: 1953 [DocId: 45] 1954 <span class="list-paths__item__arrow">›</span> 1955 input 1956 <span class="list-paths__item__arrow">›</span> 1957 spec 1958 <span class="list-paths__item__arrow">›</span> 1959 template 1960 <span class="list-paths__item__arrow">›</span> 1961 spec 1962 <span class="list-paths__item__arrow">›</span> 1963 initContainers[copyutil] 1964 <span class="list-paths__item__arrow">›</span> 1965 resources 1966 <span class="list-paths__item__arrow">›</span> 1967 limits 1968 <span class="list-paths__item__arrow">›</span> 1969 memory 1970 1971 </li> 1972 1973 <li class="card__meta__item"> 1974 Line number: 21642 1975 </li> 1976 </ul> 1977 1978 <hr/> 1979 1980 <h2>Impact</h2> 1981 <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p> 1982 1983 <h2>Remediation</h2> 1984 <p>Set `resources.limits.memory` value</p> 1985 1986 1987 <hr/> 1988 </div><!-- .card__section --> 1989 1990 <div class="cta card__cta"> 1991 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p> 1992 </div> 1993 1994 </div><!-- .card --> 1995 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1996 <h2 class="card__title">Container is running without memory limit</h2> 1997 <div class="card__section"> 1998 1999 <div class="label label--low"> 2000 <span class="label__text">low severity</span> 2001 </div> 2002 2003 <hr/> 2004 2005 <ul class="card__meta"> 2006 <li class="card__meta__item"> 2007 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 2008 </li> 2009 2010 <li class="card__meta__item">Introduced through: 2011 [DocId: 45] 2012 <span class="list-paths__item__arrow">›</span> 2013 input 2014 <span class="list-paths__item__arrow">›</span> 2015 spec 2016 <span class="list-paths__item__arrow">›</span> 2017 template 2018 <span class="list-paths__item__arrow">›</span> 2019 spec 2020 <span class="list-paths__item__arrow">›</span> 2021 containers[argocd-repo-server] 2022 <span class="list-paths__item__arrow">›</span> 2023 resources 2024 <span class="list-paths__item__arrow">›</span> 2025 limits 2026 <span class="list-paths__item__arrow">›</span> 2027 memory 2028 2029 </li> 2030 2031 <li class="card__meta__item"> 2032 Line number: 21430 2033 </li> 2034 </ul> 2035 2036 <hr/> 2037 2038 <h2>Impact</h2> 2039 <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p> 2040 2041 <h2>Remediation</h2> 2042 <p>Set `resources.limits.memory` value</p> 2043 2044 2045 <hr/> 2046 </div><!-- .card__section --> 2047 2048 <div class="cta card__cta"> 2049 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p> 2050 </div> 2051 2052 </div><!-- .card --> 2053 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2054 <h2 class="card__title">Container is running without memory limit</h2> 2055 <div class="card__section"> 2056 2057 <div class="label label--low"> 2058 <span class="label__text">low severity</span> 2059 </div> 2060 2061 <hr/> 2062 2063 <ul class="card__meta"> 2064 <li class="card__meta__item"> 2065 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 2066 </li> 2067 2068 <li class="card__meta__item">Introduced through: 2069 [DocId: 46] 2070 <span class="list-paths__item__arrow">›</span> 2071 input 2072 <span class="list-paths__item__arrow">›</span> 2073 spec 2074 <span class="list-paths__item__arrow">›</span> 2075 template 2076 <span class="list-paths__item__arrow">›</span> 2077 spec 2078 <span class="list-paths__item__arrow">›</span> 2079 containers[argocd-server] 2080 <span class="list-paths__item__arrow">›</span> 2081 resources 2082 <span class="list-paths__item__arrow">›</span> 2083 limits 2084 <span class="list-paths__item__arrow">›</span> 2085 memory 2086 2087 </li> 2088 2089 <li class="card__meta__item"> 2090 Line number: 21727 2091 </li> 2092 </ul> 2093 2094 <hr/> 2095 2096 <h2>Impact</h2> 2097 <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p> 2098 2099 <h2>Remediation</h2> 2100 <p>Set `resources.limits.memory` value</p> 2101 2102 2103 <hr/> 2104 </div><!-- .card__section --> 2105 2106 <div class="cta card__cta"> 2107 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p> 2108 </div> 2109 2110 </div><!-- .card --> 2111 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2112 <h2 class="card__title">Container is running without memory limit</h2> 2113 <div class="card__section"> 2114 2115 <div class="label label--low"> 2116 <span class="label__text">low severity</span> 2117 </div> 2118 2119 <hr/> 2120 2121 <ul class="card__meta"> 2122 <li class="card__meta__item"> 2123 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 2124 </li> 2125 2126 <li class="card__meta__item">Introduced through: 2127 [DocId: 47] 2128 <span class="list-paths__item__arrow">›</span> 2129 input 2130 <span class="list-paths__item__arrow">›</span> 2131 spec 2132 <span class="list-paths__item__arrow">›</span> 2133 template 2134 <span class="list-paths__item__arrow">›</span> 2135 spec 2136 <span class="list-paths__item__arrow">›</span> 2137 containers[argocd-application-controller] 2138 <span class="list-paths__item__arrow">›</span> 2139 resources 2140 <span class="list-paths__item__arrow">›</span> 2141 limits 2142 <span class="list-paths__item__arrow">›</span> 2143 memory 2144 2145 </li> 2146 2147 <li class="card__meta__item"> 2148 Line number: 22043 2149 </li> 2150 </ul> 2151 2152 <hr/> 2153 2154 <h2>Impact</h2> 2155 <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p> 2156 2157 <h2>Remediation</h2> 2158 <p>Set `resources.limits.memory` value</p> 2159 2160 2161 <hr/> 2162 </div><!-- .card__section --> 2163 2164 <div class="cta card__cta"> 2165 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p> 2166 </div> 2167 2168 </div><!-- .card --> 2169 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2170 <h2 class="card__title">Container's or Pod's UID could clash with host's UID</h2> 2171 <div class="card__section"> 2172 2173 <div class="label label--low"> 2174 <span class="label__text">low severity</span> 2175 </div> 2176 2177 <hr/> 2178 2179 <ul class="card__meta"> 2180 <li class="card__meta__item"> 2181 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 2182 </li> 2183 2184 <li class="card__meta__item">Introduced through: 2185 [DocId: 41] 2186 <span class="list-paths__item__arrow">›</span> 2187 input 2188 <span class="list-paths__item__arrow">›</span> 2189 spec 2190 <span class="list-paths__item__arrow">›</span> 2191 template 2192 <span class="list-paths__item__arrow">›</span> 2193 spec 2194 <span class="list-paths__item__arrow">›</span> 2195 containers[argocd-applicationset-controller] 2196 <span class="list-paths__item__arrow">›</span> 2197 securityContext 2198 <span class="list-paths__item__arrow">›</span> 2199 runAsUser 2200 2201 </li> 2202 2203 <li class="card__meta__item"> 2204 Line number: 21110 2205 </li> 2206 </ul> 2207 2208 <hr/> 2209 2210 <h2>Impact</h2> 2211 <p>UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass</p> 2212 2213 <h2>Remediation</h2> 2214 <p>Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence</p> 2215 2216 2217 <hr/> 2218 </div><!-- .card__section --> 2219 2220 <div class="cta card__cta"> 2221 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p> 2222 </div> 2223 2224 </div><!-- .card --> 2225 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2226 <h2 class="card__title">Container's or Pod's UID could clash with host's UID</h2> 2227 <div class="card__section"> 2228 2229 <div class="label label--low"> 2230 <span class="label__text">low severity</span> 2231 </div> 2232 2233 <hr/> 2234 2235 <ul class="card__meta"> 2236 <li class="card__meta__item"> 2237 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 2238 </li> 2239 2240 <li class="card__meta__item">Introduced through: 2241 [DocId: 42] 2242 <span class="list-paths__item__arrow">›</span> 2243 input 2244 <span class="list-paths__item__arrow">›</span> 2245 spec 2246 <span class="list-paths__item__arrow">›</span> 2247 template 2248 <span class="list-paths__item__arrow">›</span> 2249 spec 2250 <span class="list-paths__item__arrow">›</span> 2251 initContainers[copyutil] 2252 <span class="list-paths__item__arrow">›</span> 2253 securityContext 2254 <span class="list-paths__item__arrow">›</span> 2255 runAsUser 2256 2257 </li> 2258 2259 <li class="card__meta__item"> 2260 Line number: 21228 2261 </li> 2262 </ul> 2263 2264 <hr/> 2265 2266 <h2>Impact</h2> 2267 <p>UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass</p> 2268 2269 <h2>Remediation</h2> 2270 <p>Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence</p> 2271 2272 2273 <hr/> 2274 </div><!-- .card__section --> 2275 2276 <div class="cta card__cta"> 2277 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p> 2278 </div> 2279 2280 </div><!-- .card --> 2281 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2282 <h2 class="card__title">Container's or Pod's UID could clash with host's UID</h2> 2283 <div class="card__section"> 2284 2285 <div class="label label--low"> 2286 <span class="label__text">low severity</span> 2287 </div> 2288 2289 <hr/> 2290 2291 <ul class="card__meta"> 2292 <li class="card__meta__item"> 2293 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 2294 </li> 2295 2296 <li class="card__meta__item">Introduced through: 2297 [DocId: 42] 2298 <span class="list-paths__item__arrow">›</span> 2299 input 2300 <span class="list-paths__item__arrow">›</span> 2301 spec 2302 <span class="list-paths__item__arrow">›</span> 2303 template 2304 <span class="list-paths__item__arrow">›</span> 2305 spec 2306 <span class="list-paths__item__arrow">›</span> 2307 containers[dex] 2308 <span class="list-paths__item__arrow">›</span> 2309 securityContext 2310 <span class="list-paths__item__arrow">›</span> 2311 runAsUser 2312 2313 </li> 2314 2315 <li class="card__meta__item"> 2316 Line number: 21203 2317 </li> 2318 </ul> 2319 2320 <hr/> 2321 2322 <h2>Impact</h2> 2323 <p>UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass</p> 2324 2325 <h2>Remediation</h2> 2326 <p>Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence</p> 2327 2328 2329 <hr/> 2330 </div><!-- .card__section --> 2331 2332 <div class="cta card__cta"> 2333 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p> 2334 </div> 2335 2336 </div><!-- .card --> 2337 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2338 <h2 class="card__title">Container's or Pod's UID could clash with host's UID</h2> 2339 <div class="card__section"> 2340 2341 <div class="label label--low"> 2342 <span class="label__text">low severity</span> 2343 </div> 2344 2345 <hr/> 2346 2347 <ul class="card__meta"> 2348 <li class="card__meta__item"> 2349 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 2350 </li> 2351 2352 <li class="card__meta__item">Introduced through: 2353 [DocId: 43] 2354 <span class="list-paths__item__arrow">›</span> 2355 input 2356 <span class="list-paths__item__arrow">›</span> 2357 spec 2358 <span class="list-paths__item__arrow">›</span> 2359 template 2360 <span class="list-paths__item__arrow">›</span> 2361 spec 2362 <span class="list-paths__item__arrow">›</span> 2363 containers[argocd-notifications-controller] 2364 <span class="list-paths__item__arrow">›</span> 2365 securityContext 2366 <span class="list-paths__item__arrow">›</span> 2367 runAsUser 2368 2369 </li> 2370 2371 <li class="card__meta__item"> 2372 Line number: 21307 2373 </li> 2374 </ul> 2375 2376 <hr/> 2377 2378 <h2>Impact</h2> 2379 <p>UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass</p> 2380 2381 <h2>Remediation</h2> 2382 <p>Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence</p> 2383 2384 2385 <hr/> 2386 </div><!-- .card__section --> 2387 2388 <div class="cta card__cta"> 2389 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p> 2390 </div> 2391 2392 </div><!-- .card --> 2393 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2394 <h2 class="card__title">Container's or Pod's UID could clash with host's UID</h2> 2395 <div class="card__section"> 2396 2397 <div class="label label--low"> 2398 <span class="label__text">low severity</span> 2399 </div> 2400 2401 <hr/> 2402 2403 <ul class="card__meta"> 2404 <li class="card__meta__item"> 2405 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 2406 </li> 2407 2408 <li class="card__meta__item">Introduced through: 2409 [DocId: 44] 2410 <span class="list-paths__item__arrow">›</span> 2411 input 2412 <span class="list-paths__item__arrow">›</span> 2413 spec 2414 <span class="list-paths__item__arrow">›</span> 2415 template 2416 <span class="list-paths__item__arrow">›</span> 2417 spec 2418 <span class="list-paths__item__arrow">›</span> 2419 containers[redis] 2420 <span class="list-paths__item__arrow">›</span> 2421 securityContext 2422 <span class="list-paths__item__arrow">›</span> 2423 runAsUser 2424 2425 </li> 2426 2427 <li class="card__meta__item"> 2428 Line number: 21383 2429 </li> 2430 </ul> 2431 2432 <hr/> 2433 2434 <h2>Impact</h2> 2435 <p>UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass</p> 2436 2437 <h2>Remediation</h2> 2438 <p>Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence</p> 2439 2440 2441 <hr/> 2442 </div><!-- .card__section --> 2443 2444 <div class="cta card__cta"> 2445 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p> 2446 </div> 2447 2448 </div><!-- .card --> 2449 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2450 <h2 class="card__title">Container's or Pod's UID could clash with host's UID</h2> 2451 <div class="card__section"> 2452 2453 <div class="label label--low"> 2454 <span class="label__text">low severity</span> 2455 </div> 2456 2457 <hr/> 2458 2459 <ul class="card__meta"> 2460 <li class="card__meta__item"> 2461 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 2462 </li> 2463 2464 <li class="card__meta__item">Introduced through: 2465 [DocId: 45] 2466 <span class="list-paths__item__arrow">›</span> 2467 input 2468 <span class="list-paths__item__arrow">›</span> 2469 spec 2470 <span class="list-paths__item__arrow">›</span> 2471 template 2472 <span class="list-paths__item__arrow">›</span> 2473 spec 2474 <span class="list-paths__item__arrow">›</span> 2475 initContainers[copyutil] 2476 <span class="list-paths__item__arrow">›</span> 2477 securityContext 2478 <span class="list-paths__item__arrow">›</span> 2479 runAsUser 2480 2481 </li> 2482 2483 <li class="card__meta__item"> 2484 Line number: 21649 2485 </li> 2486 </ul> 2487 2488 <hr/> 2489 2490 <h2>Impact</h2> 2491 <p>UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass</p> 2492 2493 <h2>Remediation</h2> 2494 <p>Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence</p> 2495 2496 2497 <hr/> 2498 </div><!-- .card__section --> 2499 2500 <div class="cta card__cta"> 2501 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p> 2502 </div> 2503 2504 </div><!-- .card --> 2505 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2506 <h2 class="card__title">Container's or Pod's UID could clash with host's UID</h2> 2507 <div class="card__section"> 2508 2509 <div class="label label--low"> 2510 <span class="label__text">low severity</span> 2511 </div> 2512 2513 <hr/> 2514 2515 <ul class="card__meta"> 2516 <li class="card__meta__item"> 2517 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 2518 </li> 2519 2520 <li class="card__meta__item">Introduced through: 2521 [DocId: 45] 2522 <span class="list-paths__item__arrow">›</span> 2523 input 2524 <span class="list-paths__item__arrow">›</span> 2525 spec 2526 <span class="list-paths__item__arrow">›</span> 2527 template 2528 <span class="list-paths__item__arrow">›</span> 2529 spec 2530 <span class="list-paths__item__arrow">›</span> 2531 containers[argocd-repo-server] 2532 <span class="list-paths__item__arrow">›</span> 2533 securityContext 2534 <span class="list-paths__item__arrow">›</span> 2535 runAsUser 2536 2537 </li> 2538 2539 <li class="card__meta__item"> 2540 Line number: 21615 2541 </li> 2542 </ul> 2543 2544 <hr/> 2545 2546 <h2>Impact</h2> 2547 <p>UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass</p> 2548 2549 <h2>Remediation</h2> 2550 <p>Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence</p> 2551 2552 2553 <hr/> 2554 </div><!-- .card__section --> 2555 2556 <div class="cta card__cta"> 2557 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p> 2558 </div> 2559 2560 </div><!-- .card --> 2561 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2562 <h2 class="card__title">Container's or Pod's UID could clash with host's UID</h2> 2563 <div class="card__section"> 2564 2565 <div class="label label--low"> 2566 <span class="label__text">low severity</span> 2567 </div> 2568 2569 <hr/> 2570 2571 <ul class="card__meta"> 2572 <li class="card__meta__item"> 2573 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 2574 </li> 2575 2576 <li class="card__meta__item">Introduced through: 2577 [DocId: 46] 2578 <span class="list-paths__item__arrow">›</span> 2579 input 2580 <span class="list-paths__item__arrow">›</span> 2581 spec 2582 <span class="list-paths__item__arrow">›</span> 2583 template 2584 <span class="list-paths__item__arrow">›</span> 2585 spec 2586 <span class="list-paths__item__arrow">›</span> 2587 containers[argocd-server] 2588 <span class="list-paths__item__arrow">›</span> 2589 securityContext 2590 <span class="list-paths__item__arrow">›</span> 2591 runAsUser 2592 2593 </li> 2594 2595 <li class="card__meta__item"> 2596 Line number: 21953 2597 </li> 2598 </ul> 2599 2600 <hr/> 2601 2602 <h2>Impact</h2> 2603 <p>UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass</p> 2604 2605 <h2>Remediation</h2> 2606 <p>Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence</p> 2607 2608 2609 <hr/> 2610 </div><!-- .card__section --> 2611 2612 <div class="cta card__cta"> 2613 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p> 2614 </div> 2615 2616 </div><!-- .card --> 2617 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2618 <h2 class="card__title">Container's or Pod's UID could clash with host's UID</h2> 2619 <div class="card__section"> 2620 2621 <div class="label label--low"> 2622 <span class="label__text">low severity</span> 2623 </div> 2624 2625 <hr/> 2626 2627 <ul class="card__meta"> 2628 <li class="card__meta__item"> 2629 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 2630 </li> 2631 2632 <li class="card__meta__item">Introduced through: 2633 [DocId: 47] 2634 <span class="list-paths__item__arrow">›</span> 2635 input 2636 <span class="list-paths__item__arrow">›</span> 2637 spec 2638 <span class="list-paths__item__arrow">›</span> 2639 template 2640 <span class="list-paths__item__arrow">›</span> 2641 spec 2642 <span class="list-paths__item__arrow">›</span> 2643 containers[argocd-application-controller] 2644 <span class="list-paths__item__arrow">›</span> 2645 securityContext 2646 <span class="list-paths__item__arrow">›</span> 2647 runAsUser 2648 2649 </li> 2650 2651 <li class="card__meta__item"> 2652 Line number: 22191 2653 </li> 2654 </ul> 2655 2656 <hr/> 2657 2658 <h2>Impact</h2> 2659 <p>UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass</p> 2660 2661 <h2>Remediation</h2> 2662 <p>Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence</p> 2663 2664 2665 <hr/> 2666 </div><!-- .card__section --> 2667 2668 <div class="cta card__cta"> 2669 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p> 2670 </div> 2671 2672 </div><!-- .card --> 2673 </div> 2674 </div> 2675 2676 </main><!-- .layout-stacked__content --> 2677 </body> 2678 2679 </html>