github.com/argoproj/argo-cd/v3@v3.2.1/docs/snyk/v2.14.17/argocd-iac-install.html (about) 1 <!DOCTYPE html> 2 <html lang="en"> 3 4 <head> 5 <meta http-equiv="Content-type" content="text/html; charset=utf-8"> 6 <meta http-equiv="Content-Language" content="en-us"> 7 <meta name="viewport" content="width=device-width, initial-scale=1.0"> 8 <meta http-equiv="X-UA-Compatible" content="IE=edge"> 9 <title>Snyk test report</title> 10 <meta name="description" content=" known vulnerabilities found in ."> 11 <base target="_blank"> 12 <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png" 13 sizes="194x194"> 14 <link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico"> 15 <style type="text/css"> 16 17 body { 18 -moz-font-feature-settings: "pnum"; 19 -webkit-font-feature-settings: "pnum"; 20 font-variant-numeric: proportional-nums; 21 display: flex; 22 flex-direction: column; 23 font-feature-settings: "pnum"; 24 font-size: 100%; 25 line-height: 1.5; 26 min-height: 100vh; 27 -webkit-text-size-adjust: 100%; 28 margin: 0; 29 padding: 0; 30 background-color: #F5F5F5; 31 font-family: 'Arial', 'Helvetica', Calibri, sans-serif; 32 } 33 34 h1, 35 h2, 36 h3, 37 h4, 38 h5, 39 h6 { 40 font-weight: 500; 41 } 42 43 a, 44 a:link, 45 a:visited { 46 border-bottom: 1px solid #4b45a9; 47 text-decoration: none; 48 color: #4b45a9; 49 } 50 51 a:hover, 52 a:focus, 53 a:active { 54 border-bottom: 1px solid #4b45a9; 55 } 56 57 hr { 58 border: none; 59 margin: 1em 0; 60 border-top: 1px solid #c5c5c5; 61 } 62 63 ul { 64 padding: 0 1em; 65 margin: 1em 0; 66 } 67 68 code { 69 background-color: #EEE; 70 color: #333; 71 padding: 0.25em 0.5em; 72 border-radius: 0.25em; 73 } 74 75 pre { 76 background-color: #333; 77 font-family: monospace; 78 padding: 0.5em 1em 0.75em; 79 border-radius: 0.25em; 80 font-size: 14px; 81 } 82 83 pre code { 84 padding: 0; 85 background-color: transparent; 86 color: #fff; 87 } 88 89 a code { 90 border-radius: .125rem .125rem 0 0; 91 padding-bottom: 0; 92 color: #4b45a9; 93 } 94 95 a[href^="http://"]:after, 96 a[href^="https://"]:after { 97 background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E"); 98 background-repeat: no-repeat; 99 background-size: .75rem; 100 content: ""; 101 display: inline-block; 102 height: .75rem; 103 margin-left: .25rem; 104 width: .75rem; 105 } 106 107 108 /* Layout */ 109 110 [class*=layout-container] { 111 margin: 0 auto; 112 max-width: 71.25em; 113 padding: 1.9em 1.3em; 114 position: relative; 115 } 116 .layout-container--short { 117 padding-top: 0; 118 padding-bottom: 0; 119 max-width: 48.75em; 120 } 121 122 .layout-container--short:after { 123 display: block; 124 content: ""; 125 clear: both; 126 } 127 128 /* Header */ 129 130 .header { 131 padding-bottom: 1px; 132 } 133 134 .paths { 135 margin-left: 8px; 136 } 137 .header-wrap { 138 display: flex; 139 flex-direction: row; 140 justify-content: space-between; 141 padding-top: 2em; 142 } 143 .project__header { 144 background-color: #030328; 145 color: #fff; 146 margin-bottom: -1px; 147 padding-top: 1em; 148 padding-bottom: 0.25em; 149 border-bottom: 2px solid #BBB; 150 } 151 152 .project__header__title { 153 overflow-wrap: break-word; 154 word-wrap: break-word; 155 word-break: break-all; 156 margin-bottom: .1em; 157 margin-top: 0; 158 } 159 160 .timestamp { 161 float: right; 162 clear: none; 163 margin-bottom: 0; 164 } 165 166 .meta-counts { 167 clear: both; 168 display: block; 169 flex-wrap: wrap; 170 justify-content: space-between; 171 margin: 0 0 1.5em; 172 color: #fff; 173 clear: both; 174 font-size: 1.1em; 175 } 176 177 .meta-count { 178 display: block; 179 flex-basis: 100%; 180 margin: 0 1em 1em 0; 181 float: left; 182 padding-right: 1em; 183 border-right: 2px solid #fff; 184 } 185 186 .meta-count:last-child { 187 border-right: 0; 188 padding-right: 0; 189 margin-right: 0; 190 } 191 192 /* Card */ 193 194 .card { 195 background-color: #fff; 196 border: 1px solid #c5c5c5; 197 border-radius: .25rem; 198 margin: 0 0 2em 0; 199 position: relative; 200 min-height: 40px; 201 padding: 1.5em; 202 } 203 204 .card .label { 205 background-color: #767676; 206 border: 2px solid #767676; 207 color: white; 208 padding: 0.25rem 0.75rem; 209 font-size: 0.875rem; 210 text-transform: uppercase; 211 display: inline-block; 212 margin: 0; 213 border-radius: 0.25rem; 214 } 215 216 .card .label__text { 217 vertical-align: text-top; 218 font-weight: bold; 219 } 220 221 .card .label--critical { 222 background-color: #AB1A1A; 223 border-color: #AB1A1A; 224 } 225 226 .card .label--high { 227 background-color: #CE5019; 228 border-color: #CE5019; 229 } 230 231 .card .label--medium { 232 background-color: #D68000; 233 border-color: #D68000; 234 } 235 236 .card .label--low { 237 background-color: #88879E; 238 border-color: #88879E; 239 } 240 241 .severity--low { 242 border-color: #88879E; 243 } 244 245 .severity--medium { 246 border-color: #D68000; 247 } 248 249 .severity--high { 250 border-color: #CE5019; 251 } 252 253 .severity--critical { 254 border-color: #AB1A1A; 255 } 256 257 .card--vuln { 258 padding-top: 4em; 259 } 260 261 .card--vuln .label { 262 left: 0; 263 position: absolute; 264 top: 1.1em; 265 padding-left: 1.9em; 266 padding-right: 1.9em; 267 border-radius: 0 0.25rem 0.25rem 0; 268 } 269 270 .card--vuln .card__section h2 { 271 font-size: 22px; 272 margin-bottom: 0.5em; 273 } 274 275 .card--vuln .card__section p { 276 margin: 0 0 0.5em 0; 277 } 278 279 .card--vuln .card__meta { 280 padding: 0 0 0 1em; 281 margin: 0; 282 font-size: 1.1em; 283 } 284 285 .card .card__meta__paths { 286 font-size: 0.9em; 287 } 288 289 .card--vuln .card__title { 290 font-size: 28px; 291 margin-top: 0; 292 } 293 294 .card--vuln .card__cta p { 295 margin: 0; 296 text-align: right; 297 } 298 299 .source-panel { 300 clear: both; 301 display: flex; 302 justify-content: flex-start; 303 flex-direction: column; 304 align-items: flex-start; 305 padding: 0.5em 0; 306 width: fit-content; 307 } 308 309 310 311 </style> 312 <style type="text/css"> 313 .metatable { 314 text-size-adjust: 100%; 315 -webkit-font-smoothing: antialiased; 316 -webkit-box-direction: normal; 317 color: inherit; 318 font-feature-settings: "pnum"; 319 box-sizing: border-box; 320 background: transparent; 321 border: 0; 322 font: inherit; 323 font-size: 100%; 324 margin: 0; 325 outline: none; 326 padding: 0; 327 text-align: left; 328 text-decoration: none; 329 vertical-align: baseline; 330 z-index: auto; 331 margin-top: 12px; 332 border-collapse: collapse; 333 border-spacing: 0; 334 font-variant-numeric: tabular-nums; 335 max-width: 51.75em; 336 } 337 338 tbody { 339 text-size-adjust: 100%; 340 -webkit-font-smoothing: antialiased; 341 -webkit-box-direction: normal; 342 color: inherit; 343 font-feature-settings: "pnum"; 344 border-collapse: collapse; 345 border-spacing: 0; 346 box-sizing: border-box; 347 background: transparent; 348 border: 0; 349 font: inherit; 350 font-size: 100%; 351 margin: 0; 352 outline: none; 353 padding: 0; 354 text-align: left; 355 text-decoration: none; 356 vertical-align: baseline; 357 z-index: auto; 358 display: flex; 359 flex-wrap: wrap; 360 } 361 362 .meta-row { 363 text-size-adjust: 100%; 364 -webkit-font-smoothing: antialiased; 365 -webkit-box-direction: normal; 366 color: inherit; 367 font-feature-settings: "pnum"; 368 border-collapse: collapse; 369 border-spacing: 0; 370 box-sizing: border-box; 371 background: transparent; 372 border: 0; 373 font: inherit; 374 font-size: 100%; 375 outline: none; 376 text-align: left; 377 text-decoration: none; 378 vertical-align: baseline; 379 z-index: auto; 380 display: flex; 381 align-items: start; 382 border-top: 1px solid #d3d3d9; 383 padding: 8px 0 0 0; 384 border-bottom: none; 385 margin: 8px; 386 width: 47.75%; 387 } 388 389 .meta-row-label { 390 text-size-adjust: 100%; 391 -webkit-font-smoothing: antialiased; 392 -webkit-box-direction: normal; 393 font-feature-settings: "pnum"; 394 border-collapse: collapse; 395 border-spacing: 0; 396 color: #4c4a73; 397 box-sizing: border-box; 398 background: transparent; 399 border: 0; 400 font: inherit; 401 margin: 0; 402 outline: none; 403 text-decoration: none; 404 z-index: auto; 405 align-self: start; 406 flex: 1; 407 font-size: 1rem; 408 line-height: 1.5rem; 409 padding: 0; 410 text-align: left; 411 vertical-align: top; 412 text-transform: none; 413 letter-spacing: 0; 414 } 415 416 .meta-row-value { 417 text-size-adjust: 100%; 418 -webkit-font-smoothing: antialiased; 419 -webkit-box-direction: normal; 420 color: inherit; 421 font-feature-settings: "pnum"; 422 border-collapse: collapse; 423 border-spacing: 0; 424 word-break: break-word; 425 box-sizing: border-box; 426 background: transparent; 427 border: 0; 428 font: inherit; 429 font-size: 100%; 430 margin: 0; 431 outline: none; 432 padding: 0; 433 text-align: right; 434 text-decoration: none; 435 vertical-align: baseline; 436 z-index: auto; 437 } 438 </style> 439 </head> 440 441 <body class="section-projects"> 442 <main class="layout-stacked"> 443 <div class="layout-stacked__header header"> 444 <header class="project__header"> 445 <div class="layout-container"> 446 <a class="brand" href="https://snyk.io" title="Snyk"> 447 <svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img"> 448 <title>Snyk - Open Source Security</title> 449 <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd"> 450 <g fill="#fff"> 451 <path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path> 452 </g> 453 </g> 454 </svg> 455 </a> 456 <div class="header-wrap"> 457 <h1 class="project__header__title">Snyk test report</h1> 458 459 <p class="timestamp">September 14th 2025, 12:32:07 am (UTC+00:00)</p> 460 </div> 461 <div class="source-panel"> 462 <span>Scanned the following path:</span> 463 <ul> 464 <li class="paths">/argo-cd/manifests/install.yaml (Kubernetes)</li> 465 </ul> 466 </div> 467 468 <div class="meta-counts"> 469 <div class="meta-count"><span>44</span> <span>total issues</span></div> 470 </div><!-- .meta-counts --> 471 </div><!-- .layout-container--short --> 472 </header><!-- .project__header --> 473 </div><!-- .layout-stacked__header --> 474 475 <section class="layout-container"> 476 <table class="metatable"> 477 <tbody> 478 <tr class="meta-row"><th class="meta-row-label">Project</th> <td class="meta-row-value">manifests/install.yaml</td></tr> 479 <tr class="meta-row"><th class="meta-row-label">Path</th> <td class="meta-row-value">/argo-cd/manifests/install.yaml</td></tr> 480 <tr class="meta-row"><th class="meta-row-label">Project Type</th> <td class="meta-row-value">Kubernetes</td></tr> 481 </tbody> 482 </table> 483 </section> <div class="layout-container" style="padding-top: 35px;"> 484 <div class="cards--vuln filter--patch filter--ignore"> 485 <div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high"> 486 <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2> 487 <div class="card__section"> 488 489 <div class="label label--high"> 490 <span class="label__text">high severity</span> 491 </div> 492 493 <hr/> 494 495 <ul class="card__meta"> 496 <li class="card__meta__item"> 497 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 498 </li> 499 500 <li class="card__meta__item">Introduced through: 501 [DocId: 17] 502 <span class="list-paths__item__arrow">›</span> 503 rules[5] 504 <span class="list-paths__item__arrow">›</span> 505 resources 506 507 </li> 508 509 <li class="card__meta__item"> 510 Line number: 23952 511 </li> 512 </ul> 513 514 <hr/> 515 516 <h2>Impact</h2> 517 <p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p> 518 519 <h2>Remediation</h2> 520 <p>Consider removing these permissions</p> 521 522 523 <hr/> 524 </div><!-- .card__section --> 525 526 <div class="cta card__cta"> 527 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p> 528 </div> 529 530 </div><!-- .card --> 531 <div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium"> 532 <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2> 533 <div class="card__section"> 534 535 <div class="label label--medium"> 536 <span class="label__text">medium severity</span> 537 </div> 538 539 <hr/> 540 541 <ul class="card__meta"> 542 <li class="card__meta__item"> 543 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 544 </li> 545 546 <li class="card__meta__item">Introduced through: 547 [DocId: 10] 548 <span class="list-paths__item__arrow">›</span> 549 rules[0] 550 <span class="list-paths__item__arrow">›</span> 551 resources 552 553 </li> 554 555 <li class="card__meta__item"> 556 Line number: 23633 557 </li> 558 </ul> 559 560 <hr/> 561 562 <h2>Impact</h2> 563 <p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p> 564 565 <h2>Remediation</h2> 566 <p>Consider removing these permissions</p> 567 568 569 <hr/> 570 </div><!-- .card__section --> 571 572 <div class="cta card__cta"> 573 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p> 574 </div> 575 576 </div><!-- .card --> 577 <div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium"> 578 <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2> 579 <div class="card__section"> 580 581 <div class="label label--medium"> 582 <span class="label__text">medium severity</span> 583 </div> 584 585 <hr/> 586 587 <ul class="card__meta"> 588 <li class="card__meta__item"> 589 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 590 </li> 591 592 <li class="card__meta__item">Introduced through: 593 [DocId: 11] 594 <span class="list-paths__item__arrow">›</span> 595 rules[4] 596 <span class="list-paths__item__arrow">›</span> 597 resources 598 599 </li> 600 601 <li class="card__meta__item"> 602 Line number: 23720 603 </li> 604 </ul> 605 606 <hr/> 607 608 <h2>Impact</h2> 609 <p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p> 610 611 <h2>Remediation</h2> 612 <p>Consider removing these permissions</p> 613 614 615 <hr/> 616 </div><!-- .card__section --> 617 618 <div class="cta card__cta"> 619 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p> 620 </div> 621 622 </div><!-- .card --> 623 <div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium"> 624 <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2> 625 <div class="card__section"> 626 627 <div class="label label--medium"> 628 <span class="label__text">medium severity</span> 629 </div> 630 631 <hr/> 632 633 <ul class="card__meta"> 634 <li class="card__meta__item"> 635 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 636 </li> 637 638 <li class="card__meta__item">Introduced through: 639 [DocId: 12] 640 <span class="list-paths__item__arrow">›</span> 641 rules[0] 642 <span class="list-paths__item__arrow">›</span> 643 resources 644 645 </li> 646 647 <li class="card__meta__item"> 648 Line number: 23748 649 </li> 650 </ul> 651 652 <hr/> 653 654 <h2>Impact</h2> 655 <p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p> 656 657 <h2>Remediation</h2> 658 <p>Consider removing these permissions</p> 659 660 661 <hr/> 662 </div><!-- .card__section --> 663 664 <div class="cta card__cta"> 665 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p> 666 </div> 667 668 </div><!-- .card --> 669 <div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium"> 670 <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2> 671 <div class="card__section"> 672 673 <div class="label label--medium"> 674 <span class="label__text">medium severity</span> 675 </div> 676 677 <hr/> 678 679 <ul class="card__meta"> 680 <li class="card__meta__item"> 681 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 682 </li> 683 684 <li class="card__meta__item">Introduced through: 685 [DocId: 13] 686 <span class="list-paths__item__arrow">›</span> 687 rules[1] 688 <span class="list-paths__item__arrow">›</span> 689 resources 690 691 </li> 692 693 <li class="card__meta__item"> 694 Line number: 23778 695 </li> 696 </ul> 697 698 <hr/> 699 700 <h2>Impact</h2> 701 <p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p> 702 703 <h2>Remediation</h2> 704 <p>Consider removing these permissions</p> 705 706 707 <hr/> 708 </div><!-- .card__section --> 709 710 <div class="cta card__cta"> 711 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p> 712 </div> 713 714 </div><!-- .card --> 715 <div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium"> 716 <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2> 717 <div class="card__section"> 718 719 <div class="label label--medium"> 720 <span class="label__text">medium severity</span> 721 </div> 722 723 <hr/> 724 725 <ul class="card__meta"> 726 <li class="card__meta__item"> 727 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 728 </li> 729 730 <li class="card__meta__item">Introduced through: 731 [DocId: 13] 732 <span class="list-paths__item__arrow">›</span> 733 rules[3] 734 <span class="list-paths__item__arrow">›</span> 735 resources 736 737 </li> 738 739 <li class="card__meta__item"> 740 Line number: 23796 741 </li> 742 </ul> 743 744 <hr/> 745 746 <h2>Impact</h2> 747 <p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p> 748 749 <h2>Remediation</h2> 750 <p>Consider removing these permissions</p> 751 752 753 <hr/> 754 </div><!-- .card__section --> 755 756 <div class="cta card__cta"> 757 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p> 758 </div> 759 760 </div><!-- .card --> 761 <div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium"> 762 <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2> 763 <div class="card__section"> 764 765 <div class="label label--medium"> 766 <span class="label__text">medium severity</span> 767 </div> 768 769 <hr/> 770 771 <ul class="card__meta"> 772 <li class="card__meta__item"> 773 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 774 </li> 775 776 <li class="card__meta__item">Introduced through: 777 [DocId: 14] 778 <span class="list-paths__item__arrow">›</span> 779 rules[0] 780 <span class="list-paths__item__arrow">›</span> 781 resources 782 783 </li> 784 785 <li class="card__meta__item"> 786 Line number: 23814 787 </li> 788 </ul> 789 790 <hr/> 791 792 <h2>Impact</h2> 793 <p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p> 794 795 <h2>Remediation</h2> 796 <p>Consider removing these permissions</p> 797 798 799 <hr/> 800 </div><!-- .card__section --> 801 802 <div class="cta card__cta"> 803 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p> 804 </div> 805 806 </div><!-- .card --> 807 <div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium"> 808 <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2> 809 <div class="card__section"> 810 811 <div class="label label--medium"> 812 <span class="label__text">medium severity</span> 813 </div> 814 815 <hr/> 816 817 <ul class="card__meta"> 818 <li class="card__meta__item"> 819 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 820 </li> 821 822 <li class="card__meta__item">Introduced through: 823 [DocId: 15] 824 <span class="list-paths__item__arrow">›</span> 825 rules[0] 826 <span class="list-paths__item__arrow">›</span> 827 resources 828 829 </li> 830 831 <li class="card__meta__item"> 832 Line number: 23836 833 </li> 834 </ul> 835 836 <hr/> 837 838 <h2>Impact</h2> 839 <p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p> 840 841 <h2>Remediation</h2> 842 <p>Consider removing these permissions</p> 843 844 845 <hr/> 846 </div><!-- .card__section --> 847 848 <div class="cta card__cta"> 849 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p> 850 </div> 851 852 </div><!-- .card --> 853 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 854 <h2 class="card__title">Container could be running with outdated image</h2> 855 <div class="card__section"> 856 857 <div class="label label--low"> 858 <span class="label__text">low severity</span> 859 </div> 860 861 <hr/> 862 863 <ul class="card__meta"> 864 <li class="card__meta__item"> 865 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-42">SNYK-CC-K8S-42</a> 866 </li> 867 868 <li class="card__meta__item">Introduced through: 869 [DocId: 48] 870 <span class="list-paths__item__arrow">›</span> 871 spec 872 <span class="list-paths__item__arrow">›</span> 873 template 874 <span class="list-paths__item__arrow">›</span> 875 spec 876 <span class="list-paths__item__arrow">›</span> 877 initContainers[secret-init] 878 <span class="list-paths__item__arrow">›</span> 879 imagePullPolicy 880 881 </li> 882 883 <li class="card__meta__item"> 884 Line number: 24926 885 </li> 886 </ul> 887 888 <hr/> 889 890 <h2>Impact</h2> 891 <p>The container may run with outdated or unauthorized image</p> 892 893 <h2>Remediation</h2> 894 <p>Set `imagePullPolicy` attribute to `Always`</p> 895 896 897 <hr/> 898 </div><!-- .card__section --> 899 900 <div class="cta card__cta"> 901 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-42">More about this issue</a></p> 902 </div> 903 904 </div><!-- .card --> 905 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 906 <h2 class="card__title">Container could be running with outdated image</h2> 907 <div class="card__section"> 908 909 <div class="label label--low"> 910 <span class="label__text">low severity</span> 911 </div> 912 913 <hr/> 914 915 <ul class="card__meta"> 916 <li class="card__meta__item"> 917 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-42">SNYK-CC-K8S-42</a> 918 </li> 919 920 <li class="card__meta__item">Introduced through: 921 [DocId: 49] 922 <span class="list-paths__item__arrow">›</span> 923 spec 924 <span class="list-paths__item__arrow">›</span> 925 template 926 <span class="list-paths__item__arrow">›</span> 927 spec 928 <span class="list-paths__item__arrow">›</span> 929 initContainers[copyutil] 930 <span class="list-paths__item__arrow">›</span> 931 imagePullPolicy 932 933 </li> 934 935 <li class="card__meta__item"> 936 Line number: 25233 937 </li> 938 </ul> 939 940 <hr/> 941 942 <h2>Impact</h2> 943 <p>The container may run with outdated or unauthorized image</p> 944 945 <h2>Remediation</h2> 946 <p>Set `imagePullPolicy` attribute to `Always`</p> 947 948 949 <hr/> 950 </div><!-- .card__section --> 951 952 <div class="cta card__cta"> 953 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-42">More about this issue</a></p> 954 </div> 955 956 </div><!-- .card --> 957 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 958 <h2 class="card__title">Container has no CPU limit</h2> 959 <div class="card__section"> 960 961 <div class="label label--low"> 962 <span class="label__text">low severity</span> 963 </div> 964 965 <hr/> 966 967 <ul class="card__meta"> 968 <li class="card__meta__item"> 969 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 970 </li> 971 972 <li class="card__meta__item">Introduced through: 973 [DocId: 45] 974 <span class="list-paths__item__arrow">›</span> 975 input 976 <span class="list-paths__item__arrow">›</span> 977 spec 978 <span class="list-paths__item__arrow">›</span> 979 template 980 <span class="list-paths__item__arrow">›</span> 981 spec 982 <span class="list-paths__item__arrow">›</span> 983 containers[argocd-applicationset-controller] 984 <span class="list-paths__item__arrow">›</span> 985 resources 986 <span class="list-paths__item__arrow">›</span> 987 limits 988 <span class="list-paths__item__arrow">›</span> 989 cpu 990 991 </li> 992 993 <li class="card__meta__item"> 994 Line number: 24445 995 </li> 996 </ul> 997 998 <hr/> 999 1000 <h2>Impact</h2> 1001 <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p> 1002 1003 <h2>Remediation</h2> 1004 <p>Add `resources.limits.cpu` field with required CPU limit value</p> 1005 1006 1007 <hr/> 1008 </div><!-- .card__section --> 1009 1010 <div class="cta card__cta"> 1011 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p> 1012 </div> 1013 1014 </div><!-- .card --> 1015 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1016 <h2 class="card__title">Container has no CPU limit</h2> 1017 <div class="card__section"> 1018 1019 <div class="label label--low"> 1020 <span class="label__text">low severity</span> 1021 </div> 1022 1023 <hr/> 1024 1025 <ul class="card__meta"> 1026 <li class="card__meta__item"> 1027 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 1028 </li> 1029 1030 <li class="card__meta__item">Introduced through: 1031 [DocId: 46] 1032 <span class="list-paths__item__arrow">›</span> 1033 input 1034 <span class="list-paths__item__arrow">›</span> 1035 spec 1036 <span class="list-paths__item__arrow">›</span> 1037 template 1038 <span class="list-paths__item__arrow">›</span> 1039 spec 1040 <span class="list-paths__item__arrow">›</span> 1041 initContainers[copyutil] 1042 <span class="list-paths__item__arrow">›</span> 1043 resources 1044 <span class="list-paths__item__arrow">›</span> 1045 limits 1046 <span class="list-paths__item__arrow">›</span> 1047 cpu 1048 1049 </li> 1050 1051 <li class="card__meta__item"> 1052 Line number: 24728 1053 </li> 1054 </ul> 1055 1056 <hr/> 1057 1058 <h2>Impact</h2> 1059 <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p> 1060 1061 <h2>Remediation</h2> 1062 <p>Add `resources.limits.cpu` field with required CPU limit value</p> 1063 1064 1065 <hr/> 1066 </div><!-- .card__section --> 1067 1068 <div class="cta card__cta"> 1069 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p> 1070 </div> 1071 1072 </div><!-- .card --> 1073 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1074 <h2 class="card__title">Container has no CPU limit</h2> 1075 <div class="card__section"> 1076 1077 <div class="label label--low"> 1078 <span class="label__text">low severity</span> 1079 </div> 1080 1081 <hr/> 1082 1083 <ul class="card__meta"> 1084 <li class="card__meta__item"> 1085 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 1086 </li> 1087 1088 <li class="card__meta__item">Introduced through: 1089 [DocId: 46] 1090 <span class="list-paths__item__arrow">›</span> 1091 input 1092 <span class="list-paths__item__arrow">›</span> 1093 spec 1094 <span class="list-paths__item__arrow">›</span> 1095 template 1096 <span class="list-paths__item__arrow">›</span> 1097 spec 1098 <span class="list-paths__item__arrow">›</span> 1099 containers[dex] 1100 <span class="list-paths__item__arrow">›</span> 1101 resources 1102 <span class="list-paths__item__arrow">›</span> 1103 limits 1104 <span class="list-paths__item__arrow">›</span> 1105 cpu 1106 1107 </li> 1108 1109 <li class="card__meta__item"> 1110 Line number: 24682 1111 </li> 1112 </ul> 1113 1114 <hr/> 1115 1116 <h2>Impact</h2> 1117 <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p> 1118 1119 <h2>Remediation</h2> 1120 <p>Add `resources.limits.cpu` field with required CPU limit value</p> 1121 1122 1123 <hr/> 1124 </div><!-- .card__section --> 1125 1126 <div class="cta card__cta"> 1127 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p> 1128 </div> 1129 1130 </div><!-- .card --> 1131 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1132 <h2 class="card__title">Container has no CPU limit</h2> 1133 <div class="card__section"> 1134 1135 <div class="label label--low"> 1136 <span class="label__text">low severity</span> 1137 </div> 1138 1139 <hr/> 1140 1141 <ul class="card__meta"> 1142 <li class="card__meta__item"> 1143 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 1144 </li> 1145 1146 <li class="card__meta__item">Introduced through: 1147 [DocId: 47] 1148 <span class="list-paths__item__arrow">›</span> 1149 input 1150 <span class="list-paths__item__arrow">›</span> 1151 spec 1152 <span class="list-paths__item__arrow">›</span> 1153 template 1154 <span class="list-paths__item__arrow">›</span> 1155 spec 1156 <span class="list-paths__item__arrow">›</span> 1157 containers[argocd-notifications-controller] 1158 <span class="list-paths__item__arrow">›</span> 1159 resources 1160 <span class="list-paths__item__arrow">›</span> 1161 limits 1162 <span class="list-paths__item__arrow">›</span> 1163 cpu 1164 1165 </li> 1166 1167 <li class="card__meta__item"> 1168 Line number: 24790 1169 </li> 1170 </ul> 1171 1172 <hr/> 1173 1174 <h2>Impact</h2> 1175 <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p> 1176 1177 <h2>Remediation</h2> 1178 <p>Add `resources.limits.cpu` field with required CPU limit value</p> 1179 1180 1181 <hr/> 1182 </div><!-- .card__section --> 1183 1184 <div class="cta card__cta"> 1185 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p> 1186 </div> 1187 1188 </div><!-- .card --> 1189 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1190 <h2 class="card__title">Container has no CPU limit</h2> 1191 <div class="card__section"> 1192 1193 <div class="label label--low"> 1194 <span class="label__text">low severity</span> 1195 </div> 1196 1197 <hr/> 1198 1199 <ul class="card__meta"> 1200 <li class="card__meta__item"> 1201 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 1202 </li> 1203 1204 <li class="card__meta__item">Introduced through: 1205 [DocId: 48] 1206 <span class="list-paths__item__arrow">›</span> 1207 input 1208 <span class="list-paths__item__arrow">›</span> 1209 spec 1210 <span class="list-paths__item__arrow">›</span> 1211 template 1212 <span class="list-paths__item__arrow">›</span> 1213 spec 1214 <span class="list-paths__item__arrow">›</span> 1215 containers[redis] 1216 <span class="list-paths__item__arrow">›</span> 1217 resources 1218 <span class="list-paths__item__arrow">›</span> 1219 limits 1220 <span class="list-paths__item__arrow">›</span> 1221 cpu 1222 1223 </li> 1224 1225 <li class="card__meta__item"> 1226 Line number: 24897 1227 </li> 1228 </ul> 1229 1230 <hr/> 1231 1232 <h2>Impact</h2> 1233 <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p> 1234 1235 <h2>Remediation</h2> 1236 <p>Add `resources.limits.cpu` field with required CPU limit value</p> 1237 1238 1239 <hr/> 1240 </div><!-- .card__section --> 1241 1242 <div class="cta card__cta"> 1243 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p> 1244 </div> 1245 1246 </div><!-- .card --> 1247 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1248 <h2 class="card__title">Container has no CPU limit</h2> 1249 <div class="card__section"> 1250 1251 <div class="label label--low"> 1252 <span class="label__text">low severity</span> 1253 </div> 1254 1255 <hr/> 1256 1257 <ul class="card__meta"> 1258 <li class="card__meta__item"> 1259 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 1260 </li> 1261 1262 <li class="card__meta__item">Introduced through: 1263 [DocId: 48] 1264 <span class="list-paths__item__arrow">›</span> 1265 input 1266 <span class="list-paths__item__arrow">›</span> 1267 spec 1268 <span class="list-paths__item__arrow">›</span> 1269 template 1270 <span class="list-paths__item__arrow">›</span> 1271 spec 1272 <span class="list-paths__item__arrow">›</span> 1273 initContainers[secret-init] 1274 <span class="list-paths__item__arrow">›</span> 1275 resources 1276 <span class="list-paths__item__arrow">›</span> 1277 limits 1278 <span class="list-paths__item__arrow">›</span> 1279 cpu 1280 1281 </li> 1282 1283 <li class="card__meta__item"> 1284 Line number: 24921 1285 </li> 1286 </ul> 1287 1288 <hr/> 1289 1290 <h2>Impact</h2> 1291 <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p> 1292 1293 <h2>Remediation</h2> 1294 <p>Add `resources.limits.cpu` field with required CPU limit value</p> 1295 1296 1297 <hr/> 1298 </div><!-- .card__section --> 1299 1300 <div class="cta card__cta"> 1301 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p> 1302 </div> 1303 1304 </div><!-- .card --> 1305 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1306 <h2 class="card__title">Container has no CPU limit</h2> 1307 <div class="card__section"> 1308 1309 <div class="label label--low"> 1310 <span class="label__text">low severity</span> 1311 </div> 1312 1313 <hr/> 1314 1315 <ul class="card__meta"> 1316 <li class="card__meta__item"> 1317 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 1318 </li> 1319 1320 <li class="card__meta__item">Introduced through: 1321 [DocId: 49] 1322 <span class="list-paths__item__arrow">›</span> 1323 input 1324 <span class="list-paths__item__arrow">›</span> 1325 spec 1326 <span class="list-paths__item__arrow">›</span> 1327 template 1328 <span class="list-paths__item__arrow">›</span> 1329 spec 1330 <span class="list-paths__item__arrow">›</span> 1331 initContainers[copyutil] 1332 <span class="list-paths__item__arrow">›</span> 1333 resources 1334 <span class="list-paths__item__arrow">›</span> 1335 limits 1336 <span class="list-paths__item__arrow">›</span> 1337 cpu 1338 1339 </li> 1340 1341 <li class="card__meta__item"> 1342 Line number: 25233 1343 </li> 1344 </ul> 1345 1346 <hr/> 1347 1348 <h2>Impact</h2> 1349 <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p> 1350 1351 <h2>Remediation</h2> 1352 <p>Add `resources.limits.cpu` field with required CPU limit value</p> 1353 1354 1355 <hr/> 1356 </div><!-- .card__section --> 1357 1358 <div class="cta card__cta"> 1359 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p> 1360 </div> 1361 1362 </div><!-- .card --> 1363 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1364 <h2 class="card__title">Container has no CPU limit</h2> 1365 <div class="card__section"> 1366 1367 <div class="label label--low"> 1368 <span class="label__text">low severity</span> 1369 </div> 1370 1371 <hr/> 1372 1373 <ul class="card__meta"> 1374 <li class="card__meta__item"> 1375 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 1376 </li> 1377 1378 <li class="card__meta__item">Introduced through: 1379 [DocId: 49] 1380 <span class="list-paths__item__arrow">›</span> 1381 input 1382 <span class="list-paths__item__arrow">›</span> 1383 spec 1384 <span class="list-paths__item__arrow">›</span> 1385 template 1386 <span class="list-paths__item__arrow">›</span> 1387 spec 1388 <span class="list-paths__item__arrow">›</span> 1389 containers[argocd-repo-server] 1390 <span class="list-paths__item__arrow">›</span> 1391 resources 1392 <span class="list-paths__item__arrow">›</span> 1393 limits 1394 <span class="list-paths__item__arrow">›</span> 1395 cpu 1396 1397 </li> 1398 1399 <li class="card__meta__item"> 1400 Line number: 24980 1401 </li> 1402 </ul> 1403 1404 <hr/> 1405 1406 <h2>Impact</h2> 1407 <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p> 1408 1409 <h2>Remediation</h2> 1410 <p>Add `resources.limits.cpu` field with required CPU limit value</p> 1411 1412 1413 <hr/> 1414 </div><!-- .card__section --> 1415 1416 <div class="cta card__cta"> 1417 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p> 1418 </div> 1419 1420 </div><!-- .card --> 1421 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1422 <h2 class="card__title">Container has no CPU limit</h2> 1423 <div class="card__section"> 1424 1425 <div class="label label--low"> 1426 <span class="label__text">low severity</span> 1427 </div> 1428 1429 <hr/> 1430 1431 <ul class="card__meta"> 1432 <li class="card__meta__item"> 1433 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 1434 </li> 1435 1436 <li class="card__meta__item">Introduced through: 1437 [DocId: 50] 1438 <span class="list-paths__item__arrow">›</span> 1439 input 1440 <span class="list-paths__item__arrow">›</span> 1441 spec 1442 <span class="list-paths__item__arrow">›</span> 1443 template 1444 <span class="list-paths__item__arrow">›</span> 1445 spec 1446 <span class="list-paths__item__arrow">›</span> 1447 containers[argocd-server] 1448 <span class="list-paths__item__arrow">›</span> 1449 resources 1450 <span class="list-paths__item__arrow">›</span> 1451 limits 1452 <span class="list-paths__item__arrow">›</span> 1453 cpu 1454 1455 </li> 1456 1457 <li class="card__meta__item"> 1458 Line number: 25320 1459 </li> 1460 </ul> 1461 1462 <hr/> 1463 1464 <h2>Impact</h2> 1465 <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p> 1466 1467 <h2>Remediation</h2> 1468 <p>Add `resources.limits.cpu` field with required CPU limit value</p> 1469 1470 1471 <hr/> 1472 </div><!-- .card__section --> 1473 1474 <div class="cta card__cta"> 1475 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p> 1476 </div> 1477 1478 </div><!-- .card --> 1479 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1480 <h2 class="card__title">Container has no CPU limit</h2> 1481 <div class="card__section"> 1482 1483 <div class="label label--low"> 1484 <span class="label__text">low severity</span> 1485 </div> 1486 1487 <hr/> 1488 1489 <ul class="card__meta"> 1490 <li class="card__meta__item"> 1491 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 1492 </li> 1493 1494 <li class="card__meta__item">Introduced through: 1495 [DocId: 51] 1496 <span class="list-paths__item__arrow">›</span> 1497 input 1498 <span class="list-paths__item__arrow">›</span> 1499 spec 1500 <span class="list-paths__item__arrow">›</span> 1501 template 1502 <span class="list-paths__item__arrow">›</span> 1503 spec 1504 <span class="list-paths__item__arrow">›</span> 1505 containers[argocd-application-controller] 1506 <span class="list-paths__item__arrow">›</span> 1507 resources 1508 <span class="list-paths__item__arrow">›</span> 1509 limits 1510 <span class="list-paths__item__arrow">›</span> 1511 cpu 1512 1513 </li> 1514 1515 <li class="card__meta__item"> 1516 Line number: 25718 1517 </li> 1518 </ul> 1519 1520 <hr/> 1521 1522 <h2>Impact</h2> 1523 <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p> 1524 1525 <h2>Remediation</h2> 1526 <p>Add `resources.limits.cpu` field with required CPU limit value</p> 1527 1528 1529 <hr/> 1530 </div><!-- .card__section --> 1531 1532 <div class="cta card__cta"> 1533 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p> 1534 </div> 1535 1536 </div><!-- .card --> 1537 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1538 <h2 class="card__title">Container is running with multiple open ports</h2> 1539 <div class="card__section"> 1540 1541 <div class="label label--low"> 1542 <span class="label__text">low severity</span> 1543 </div> 1544 1545 <hr/> 1546 1547 <ul class="card__meta"> 1548 <li class="card__meta__item"> 1549 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-36">SNYK-CC-K8S-36</a> 1550 </li> 1551 1552 <li class="card__meta__item">Introduced through: 1553 [DocId: 46] 1554 <span class="list-paths__item__arrow">›</span> 1555 spec 1556 <span class="list-paths__item__arrow">›</span> 1557 template 1558 <span class="list-paths__item__arrow">›</span> 1559 spec 1560 <span class="list-paths__item__arrow">›</span> 1561 containers[dex] 1562 <span class="list-paths__item__arrow">›</span> 1563 ports 1564 1565 </li> 1566 1567 <li class="card__meta__item"> 1568 Line number: 24708 1569 </li> 1570 </ul> 1571 1572 <hr/> 1573 1574 <h2>Impact</h2> 1575 <p>Increases the attack surface of the application and the container.</p> 1576 1577 <h2>Remediation</h2> 1578 <p>Reduce `ports` count to 2</p> 1579 1580 1581 <hr/> 1582 </div><!-- .card__section --> 1583 1584 <div class="cta card__cta"> 1585 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-36">More about this issue</a></p> 1586 </div> 1587 1588 </div><!-- .card --> 1589 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1590 <h2 class="card__title">Container is running without liveness probe</h2> 1591 <div class="card__section"> 1592 1593 <div class="label label--low"> 1594 <span class="label__text">low severity</span> 1595 </div> 1596 1597 <hr/> 1598 1599 <ul class="card__meta"> 1600 <li class="card__meta__item"> 1601 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">SNYK-CC-K8S-41</a> 1602 </li> 1603 1604 <li class="card__meta__item">Introduced through: 1605 [DocId: 45] 1606 <span class="list-paths__item__arrow">›</span> 1607 spec 1608 <span class="list-paths__item__arrow">›</span> 1609 template 1610 <span class="list-paths__item__arrow">›</span> 1611 spec 1612 <span class="list-paths__item__arrow">›</span> 1613 containers[argocd-applicationset-controller] 1614 <span class="list-paths__item__arrow">›</span> 1615 livenessProbe 1616 1617 </li> 1618 1619 <li class="card__meta__item"> 1620 Line number: 24445 1621 </li> 1622 </ul> 1623 1624 <hr/> 1625 1626 <h2>Impact</h2> 1627 <p>Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods</p> 1628 1629 <h2>Remediation</h2> 1630 <p>Add `livenessProbe` attribute</p> 1631 1632 1633 <hr/> 1634 </div><!-- .card__section --> 1635 1636 <div class="cta card__cta"> 1637 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">More about this issue</a></p> 1638 </div> 1639 1640 </div><!-- .card --> 1641 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1642 <h2 class="card__title">Container is running without liveness probe</h2> 1643 <div class="card__section"> 1644 1645 <div class="label label--low"> 1646 <span class="label__text">low severity</span> 1647 </div> 1648 1649 <hr/> 1650 1651 <ul class="card__meta"> 1652 <li class="card__meta__item"> 1653 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">SNYK-CC-K8S-41</a> 1654 </li> 1655 1656 <li class="card__meta__item">Introduced through: 1657 [DocId: 46] 1658 <span class="list-paths__item__arrow">›</span> 1659 spec 1660 <span class="list-paths__item__arrow">›</span> 1661 template 1662 <span class="list-paths__item__arrow">›</span> 1663 spec 1664 <span class="list-paths__item__arrow">›</span> 1665 containers[dex] 1666 <span class="list-paths__item__arrow">›</span> 1667 livenessProbe 1668 1669 </li> 1670 1671 <li class="card__meta__item"> 1672 Line number: 24682 1673 </li> 1674 </ul> 1675 1676 <hr/> 1677 1678 <h2>Impact</h2> 1679 <p>Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods</p> 1680 1681 <h2>Remediation</h2> 1682 <p>Add `livenessProbe` attribute</p> 1683 1684 1685 <hr/> 1686 </div><!-- .card__section --> 1687 1688 <div class="cta card__cta"> 1689 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">More about this issue</a></p> 1690 </div> 1691 1692 </div><!-- .card --> 1693 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1694 <h2 class="card__title">Container is running without liveness probe</h2> 1695 <div class="card__section"> 1696 1697 <div class="label label--low"> 1698 <span class="label__text">low severity</span> 1699 </div> 1700 1701 <hr/> 1702 1703 <ul class="card__meta"> 1704 <li class="card__meta__item"> 1705 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">SNYK-CC-K8S-41</a> 1706 </li> 1707 1708 <li class="card__meta__item">Introduced through: 1709 [DocId: 48] 1710 <span class="list-paths__item__arrow">›</span> 1711 spec 1712 <span class="list-paths__item__arrow">›</span> 1713 template 1714 <span class="list-paths__item__arrow">›</span> 1715 spec 1716 <span class="list-paths__item__arrow">›</span> 1717 containers[redis] 1718 <span class="list-paths__item__arrow">›</span> 1719 livenessProbe 1720 1721 </li> 1722 1723 <li class="card__meta__item"> 1724 Line number: 24897 1725 </li> 1726 </ul> 1727 1728 <hr/> 1729 1730 <h2>Impact</h2> 1731 <p>Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods</p> 1732 1733 <h2>Remediation</h2> 1734 <p>Add `livenessProbe` attribute</p> 1735 1736 1737 <hr/> 1738 </div><!-- .card__section --> 1739 1740 <div class="cta card__cta"> 1741 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">More about this issue</a></p> 1742 </div> 1743 1744 </div><!-- .card --> 1745 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1746 <h2 class="card__title">Container is running without memory limit</h2> 1747 <div class="card__section"> 1748 1749 <div class="label label--low"> 1750 <span class="label__text">low severity</span> 1751 </div> 1752 1753 <hr/> 1754 1755 <ul class="card__meta"> 1756 <li class="card__meta__item"> 1757 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 1758 </li> 1759 1760 <li class="card__meta__item">Introduced through: 1761 [DocId: 45] 1762 <span class="list-paths__item__arrow">›</span> 1763 input 1764 <span class="list-paths__item__arrow">›</span> 1765 spec 1766 <span class="list-paths__item__arrow">›</span> 1767 template 1768 <span class="list-paths__item__arrow">›</span> 1769 spec 1770 <span class="list-paths__item__arrow">›</span> 1771 containers[argocd-applicationset-controller] 1772 <span class="list-paths__item__arrow">›</span> 1773 resources 1774 <span class="list-paths__item__arrow">›</span> 1775 limits 1776 <span class="list-paths__item__arrow">›</span> 1777 memory 1778 1779 </li> 1780 1781 <li class="card__meta__item"> 1782 Line number: 24445 1783 </li> 1784 </ul> 1785 1786 <hr/> 1787 1788 <h2>Impact</h2> 1789 <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p> 1790 1791 <h2>Remediation</h2> 1792 <p>Set `resources.limits.memory` value</p> 1793 1794 1795 <hr/> 1796 </div><!-- .card__section --> 1797 1798 <div class="cta card__cta"> 1799 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p> 1800 </div> 1801 1802 </div><!-- .card --> 1803 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1804 <h2 class="card__title">Container is running without memory limit</h2> 1805 <div class="card__section"> 1806 1807 <div class="label label--low"> 1808 <span class="label__text">low severity</span> 1809 </div> 1810 1811 <hr/> 1812 1813 <ul class="card__meta"> 1814 <li class="card__meta__item"> 1815 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 1816 </li> 1817 1818 <li class="card__meta__item">Introduced through: 1819 [DocId: 46] 1820 <span class="list-paths__item__arrow">›</span> 1821 input 1822 <span class="list-paths__item__arrow">›</span> 1823 spec 1824 <span class="list-paths__item__arrow">›</span> 1825 template 1826 <span class="list-paths__item__arrow">›</span> 1827 spec 1828 <span class="list-paths__item__arrow">›</span> 1829 containers[dex] 1830 <span class="list-paths__item__arrow">›</span> 1831 resources 1832 <span class="list-paths__item__arrow">›</span> 1833 limits 1834 <span class="list-paths__item__arrow">›</span> 1835 memory 1836 1837 </li> 1838 1839 <li class="card__meta__item"> 1840 Line number: 24682 1841 </li> 1842 </ul> 1843 1844 <hr/> 1845 1846 <h2>Impact</h2> 1847 <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p> 1848 1849 <h2>Remediation</h2> 1850 <p>Set `resources.limits.memory` value</p> 1851 1852 1853 <hr/> 1854 </div><!-- .card__section --> 1855 1856 <div class="cta card__cta"> 1857 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p> 1858 </div> 1859 1860 </div><!-- .card --> 1861 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1862 <h2 class="card__title">Container is running without memory limit</h2> 1863 <div class="card__section"> 1864 1865 <div class="label label--low"> 1866 <span class="label__text">low severity</span> 1867 </div> 1868 1869 <hr/> 1870 1871 <ul class="card__meta"> 1872 <li class="card__meta__item"> 1873 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 1874 </li> 1875 1876 <li class="card__meta__item">Introduced through: 1877 [DocId: 46] 1878 <span class="list-paths__item__arrow">›</span> 1879 input 1880 <span class="list-paths__item__arrow">›</span> 1881 spec 1882 <span class="list-paths__item__arrow">›</span> 1883 template 1884 <span class="list-paths__item__arrow">›</span> 1885 spec 1886 <span class="list-paths__item__arrow">›</span> 1887 initContainers[copyutil] 1888 <span class="list-paths__item__arrow">›</span> 1889 resources 1890 <span class="list-paths__item__arrow">›</span> 1891 limits 1892 <span class="list-paths__item__arrow">›</span> 1893 memory 1894 1895 </li> 1896 1897 <li class="card__meta__item"> 1898 Line number: 24728 1899 </li> 1900 </ul> 1901 1902 <hr/> 1903 1904 <h2>Impact</h2> 1905 <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p> 1906 1907 <h2>Remediation</h2> 1908 <p>Set `resources.limits.memory` value</p> 1909 1910 1911 <hr/> 1912 </div><!-- .card__section --> 1913 1914 <div class="cta card__cta"> 1915 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p> 1916 </div> 1917 1918 </div><!-- .card --> 1919 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1920 <h2 class="card__title">Container is running without memory limit</h2> 1921 <div class="card__section"> 1922 1923 <div class="label label--low"> 1924 <span class="label__text">low severity</span> 1925 </div> 1926 1927 <hr/> 1928 1929 <ul class="card__meta"> 1930 <li class="card__meta__item"> 1931 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 1932 </li> 1933 1934 <li class="card__meta__item">Introduced through: 1935 [DocId: 47] 1936 <span class="list-paths__item__arrow">›</span> 1937 input 1938 <span class="list-paths__item__arrow">›</span> 1939 spec 1940 <span class="list-paths__item__arrow">›</span> 1941 template 1942 <span class="list-paths__item__arrow">›</span> 1943 spec 1944 <span class="list-paths__item__arrow">›</span> 1945 containers[argocd-notifications-controller] 1946 <span class="list-paths__item__arrow">›</span> 1947 resources 1948 <span class="list-paths__item__arrow">›</span> 1949 limits 1950 <span class="list-paths__item__arrow">›</span> 1951 memory 1952 1953 </li> 1954 1955 <li class="card__meta__item"> 1956 Line number: 24790 1957 </li> 1958 </ul> 1959 1960 <hr/> 1961 1962 <h2>Impact</h2> 1963 <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p> 1964 1965 <h2>Remediation</h2> 1966 <p>Set `resources.limits.memory` value</p> 1967 1968 1969 <hr/> 1970 </div><!-- .card__section --> 1971 1972 <div class="cta card__cta"> 1973 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p> 1974 </div> 1975 1976 </div><!-- .card --> 1977 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1978 <h2 class="card__title">Container is running without memory limit</h2> 1979 <div class="card__section"> 1980 1981 <div class="label label--low"> 1982 <span class="label__text">low severity</span> 1983 </div> 1984 1985 <hr/> 1986 1987 <ul class="card__meta"> 1988 <li class="card__meta__item"> 1989 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 1990 </li> 1991 1992 <li class="card__meta__item">Introduced through: 1993 [DocId: 48] 1994 <span class="list-paths__item__arrow">›</span> 1995 input 1996 <span class="list-paths__item__arrow">›</span> 1997 spec 1998 <span class="list-paths__item__arrow">›</span> 1999 template 2000 <span class="list-paths__item__arrow">›</span> 2001 spec 2002 <span class="list-paths__item__arrow">›</span> 2003 containers[redis] 2004 <span class="list-paths__item__arrow">›</span> 2005 resources 2006 <span class="list-paths__item__arrow">›</span> 2007 limits 2008 <span class="list-paths__item__arrow">›</span> 2009 memory 2010 2011 </li> 2012 2013 <li class="card__meta__item"> 2014 Line number: 24897 2015 </li> 2016 </ul> 2017 2018 <hr/> 2019 2020 <h2>Impact</h2> 2021 <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p> 2022 2023 <h2>Remediation</h2> 2024 <p>Set `resources.limits.memory` value</p> 2025 2026 2027 <hr/> 2028 </div><!-- .card__section --> 2029 2030 <div class="cta card__cta"> 2031 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p> 2032 </div> 2033 2034 </div><!-- .card --> 2035 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2036 <h2 class="card__title">Container is running without memory limit</h2> 2037 <div class="card__section"> 2038 2039 <div class="label label--low"> 2040 <span class="label__text">low severity</span> 2041 </div> 2042 2043 <hr/> 2044 2045 <ul class="card__meta"> 2046 <li class="card__meta__item"> 2047 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 2048 </li> 2049 2050 <li class="card__meta__item">Introduced through: 2051 [DocId: 48] 2052 <span class="list-paths__item__arrow">›</span> 2053 input 2054 <span class="list-paths__item__arrow">›</span> 2055 spec 2056 <span class="list-paths__item__arrow">›</span> 2057 template 2058 <span class="list-paths__item__arrow">›</span> 2059 spec 2060 <span class="list-paths__item__arrow">›</span> 2061 initContainers[secret-init] 2062 <span class="list-paths__item__arrow">›</span> 2063 resources 2064 <span class="list-paths__item__arrow">›</span> 2065 limits 2066 <span class="list-paths__item__arrow">›</span> 2067 memory 2068 2069 </li> 2070 2071 <li class="card__meta__item"> 2072 Line number: 24921 2073 </li> 2074 </ul> 2075 2076 <hr/> 2077 2078 <h2>Impact</h2> 2079 <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p> 2080 2081 <h2>Remediation</h2> 2082 <p>Set `resources.limits.memory` value</p> 2083 2084 2085 <hr/> 2086 </div><!-- .card__section --> 2087 2088 <div class="cta card__cta"> 2089 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p> 2090 </div> 2091 2092 </div><!-- .card --> 2093 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2094 <h2 class="card__title">Container is running without memory limit</h2> 2095 <div class="card__section"> 2096 2097 <div class="label label--low"> 2098 <span class="label__text">low severity</span> 2099 </div> 2100 2101 <hr/> 2102 2103 <ul class="card__meta"> 2104 <li class="card__meta__item"> 2105 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 2106 </li> 2107 2108 <li class="card__meta__item">Introduced through: 2109 [DocId: 49] 2110 <span class="list-paths__item__arrow">›</span> 2111 input 2112 <span class="list-paths__item__arrow">›</span> 2113 spec 2114 <span class="list-paths__item__arrow">›</span> 2115 template 2116 <span class="list-paths__item__arrow">›</span> 2117 spec 2118 <span class="list-paths__item__arrow">›</span> 2119 initContainers[copyutil] 2120 <span class="list-paths__item__arrow">›</span> 2121 resources 2122 <span class="list-paths__item__arrow">›</span> 2123 limits 2124 <span class="list-paths__item__arrow">›</span> 2125 memory 2126 2127 </li> 2128 2129 <li class="card__meta__item"> 2130 Line number: 25233 2131 </li> 2132 </ul> 2133 2134 <hr/> 2135 2136 <h2>Impact</h2> 2137 <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p> 2138 2139 <h2>Remediation</h2> 2140 <p>Set `resources.limits.memory` value</p> 2141 2142 2143 <hr/> 2144 </div><!-- .card__section --> 2145 2146 <div class="cta card__cta"> 2147 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p> 2148 </div> 2149 2150 </div><!-- .card --> 2151 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2152 <h2 class="card__title">Container is running without memory limit</h2> 2153 <div class="card__section"> 2154 2155 <div class="label label--low"> 2156 <span class="label__text">low severity</span> 2157 </div> 2158 2159 <hr/> 2160 2161 <ul class="card__meta"> 2162 <li class="card__meta__item"> 2163 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 2164 </li> 2165 2166 <li class="card__meta__item">Introduced through: 2167 [DocId: 49] 2168 <span class="list-paths__item__arrow">›</span> 2169 input 2170 <span class="list-paths__item__arrow">›</span> 2171 spec 2172 <span class="list-paths__item__arrow">›</span> 2173 template 2174 <span class="list-paths__item__arrow">›</span> 2175 spec 2176 <span class="list-paths__item__arrow">›</span> 2177 containers[argocd-repo-server] 2178 <span class="list-paths__item__arrow">›</span> 2179 resources 2180 <span class="list-paths__item__arrow">›</span> 2181 limits 2182 <span class="list-paths__item__arrow">›</span> 2183 memory 2184 2185 </li> 2186 2187 <li class="card__meta__item"> 2188 Line number: 24980 2189 </li> 2190 </ul> 2191 2192 <hr/> 2193 2194 <h2>Impact</h2> 2195 <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p> 2196 2197 <h2>Remediation</h2> 2198 <p>Set `resources.limits.memory` value</p> 2199 2200 2201 <hr/> 2202 </div><!-- .card__section --> 2203 2204 <div class="cta card__cta"> 2205 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p> 2206 </div> 2207 2208 </div><!-- .card --> 2209 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2210 <h2 class="card__title">Container is running without memory limit</h2> 2211 <div class="card__section"> 2212 2213 <div class="label label--low"> 2214 <span class="label__text">low severity</span> 2215 </div> 2216 2217 <hr/> 2218 2219 <ul class="card__meta"> 2220 <li class="card__meta__item"> 2221 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 2222 </li> 2223 2224 <li class="card__meta__item">Introduced through: 2225 [DocId: 50] 2226 <span class="list-paths__item__arrow">›</span> 2227 input 2228 <span class="list-paths__item__arrow">›</span> 2229 spec 2230 <span class="list-paths__item__arrow">›</span> 2231 template 2232 <span class="list-paths__item__arrow">›</span> 2233 spec 2234 <span class="list-paths__item__arrow">›</span> 2235 containers[argocd-server] 2236 <span class="list-paths__item__arrow">›</span> 2237 resources 2238 <span class="list-paths__item__arrow">›</span> 2239 limits 2240 <span class="list-paths__item__arrow">›</span> 2241 memory 2242 2243 </li> 2244 2245 <li class="card__meta__item"> 2246 Line number: 25320 2247 </li> 2248 </ul> 2249 2250 <hr/> 2251 2252 <h2>Impact</h2> 2253 <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p> 2254 2255 <h2>Remediation</h2> 2256 <p>Set `resources.limits.memory` value</p> 2257 2258 2259 <hr/> 2260 </div><!-- .card__section --> 2261 2262 <div class="cta card__cta"> 2263 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p> 2264 </div> 2265 2266 </div><!-- .card --> 2267 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2268 <h2 class="card__title">Container is running without memory limit</h2> 2269 <div class="card__section"> 2270 2271 <div class="label label--low"> 2272 <span class="label__text">low severity</span> 2273 </div> 2274 2275 <hr/> 2276 2277 <ul class="card__meta"> 2278 <li class="card__meta__item"> 2279 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 2280 </li> 2281 2282 <li class="card__meta__item">Introduced through: 2283 [DocId: 51] 2284 <span class="list-paths__item__arrow">›</span> 2285 input 2286 <span class="list-paths__item__arrow">›</span> 2287 spec 2288 <span class="list-paths__item__arrow">›</span> 2289 template 2290 <span class="list-paths__item__arrow">›</span> 2291 spec 2292 <span class="list-paths__item__arrow">›</span> 2293 containers[argocd-application-controller] 2294 <span class="list-paths__item__arrow">›</span> 2295 resources 2296 <span class="list-paths__item__arrow">›</span> 2297 limits 2298 <span class="list-paths__item__arrow">›</span> 2299 memory 2300 2301 </li> 2302 2303 <li class="card__meta__item"> 2304 Line number: 25718 2305 </li> 2306 </ul> 2307 2308 <hr/> 2309 2310 <h2>Impact</h2> 2311 <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p> 2312 2313 <h2>Remediation</h2> 2314 <p>Set `resources.limits.memory` value</p> 2315 2316 2317 <hr/> 2318 </div><!-- .card__section --> 2319 2320 <div class="cta card__cta"> 2321 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p> 2322 </div> 2323 2324 </div><!-- .card --> 2325 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2326 <h2 class="card__title">Container's or Pod's UID could clash with host's UID</h2> 2327 <div class="card__section"> 2328 2329 <div class="label label--low"> 2330 <span class="label__text">low severity</span> 2331 </div> 2332 2333 <hr/> 2334 2335 <ul class="card__meta"> 2336 <li class="card__meta__item"> 2337 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 2338 </li> 2339 2340 <li class="card__meta__item">Introduced through: 2341 [DocId: 45] 2342 <span class="list-paths__item__arrow">›</span> 2343 input 2344 <span class="list-paths__item__arrow">›</span> 2345 spec 2346 <span class="list-paths__item__arrow">›</span> 2347 template 2348 <span class="list-paths__item__arrow">›</span> 2349 spec 2350 <span class="list-paths__item__arrow">›</span> 2351 containers[argocd-applicationset-controller] 2352 <span class="list-paths__item__arrow">›</span> 2353 securityContext 2354 <span class="list-paths__item__arrow">›</span> 2355 runAsUser 2356 2357 </li> 2358 2359 <li class="card__meta__item"> 2360 Line number: 24604 2361 </li> 2362 </ul> 2363 2364 <hr/> 2365 2366 <h2>Impact</h2> 2367 <p>UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass</p> 2368 2369 <h2>Remediation</h2> 2370 <p>Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence</p> 2371 2372 2373 <hr/> 2374 </div><!-- .card__section --> 2375 2376 <div class="cta card__cta"> 2377 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p> 2378 </div> 2379 2380 </div><!-- .card --> 2381 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2382 <h2 class="card__title">Container's or Pod's UID could clash with host's UID</h2> 2383 <div class="card__section"> 2384 2385 <div class="label label--low"> 2386 <span class="label__text">low severity</span> 2387 </div> 2388 2389 <hr/> 2390 2391 <ul class="card__meta"> 2392 <li class="card__meta__item"> 2393 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 2394 </li> 2395 2396 <li class="card__meta__item">Introduced through: 2397 [DocId: 46] 2398 <span class="list-paths__item__arrow">›</span> 2399 input 2400 <span class="list-paths__item__arrow">›</span> 2401 spec 2402 <span class="list-paths__item__arrow">›</span> 2403 template 2404 <span class="list-paths__item__arrow">›</span> 2405 spec 2406 <span class="list-paths__item__arrow">›</span> 2407 initContainers[copyutil] 2408 <span class="list-paths__item__arrow">›</span> 2409 securityContext 2410 <span class="list-paths__item__arrow">›</span> 2411 runAsUser 2412 2413 </li> 2414 2415 <li class="card__meta__item"> 2416 Line number: 24736 2417 </li> 2418 </ul> 2419 2420 <hr/> 2421 2422 <h2>Impact</h2> 2423 <p>UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass</p> 2424 2425 <h2>Remediation</h2> 2426 <p>Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence</p> 2427 2428 2429 <hr/> 2430 </div><!-- .card__section --> 2431 2432 <div class="cta card__cta"> 2433 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p> 2434 </div> 2435 2436 </div><!-- .card --> 2437 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2438 <h2 class="card__title">Container's or Pod's UID could clash with host's UID</h2> 2439 <div class="card__section"> 2440 2441 <div class="label label--low"> 2442 <span class="label__text">low severity</span> 2443 </div> 2444 2445 <hr/> 2446 2447 <ul class="card__meta"> 2448 <li class="card__meta__item"> 2449 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 2450 </li> 2451 2452 <li class="card__meta__item">Introduced through: 2453 [DocId: 46] 2454 <span class="list-paths__item__arrow">›</span> 2455 input 2456 <span class="list-paths__item__arrow">›</span> 2457 spec 2458 <span class="list-paths__item__arrow">›</span> 2459 template 2460 <span class="list-paths__item__arrow">›</span> 2461 spec 2462 <span class="list-paths__item__arrow">›</span> 2463 containers[dex] 2464 <span class="list-paths__item__arrow">›</span> 2465 securityContext 2466 <span class="list-paths__item__arrow">›</span> 2467 runAsUser 2468 2469 </li> 2470 2471 <li class="card__meta__item"> 2472 Line number: 24711 2473 </li> 2474 </ul> 2475 2476 <hr/> 2477 2478 <h2>Impact</h2> 2479 <p>UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass</p> 2480 2481 <h2>Remediation</h2> 2482 <p>Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence</p> 2483 2484 2485 <hr/> 2486 </div><!-- .card__section --> 2487 2488 <div class="cta card__cta"> 2489 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p> 2490 </div> 2491 2492 </div><!-- .card --> 2493 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2494 <h2 class="card__title">Container's or Pod's UID could clash with host's UID</h2> 2495 <div class="card__section"> 2496 2497 <div class="label label--low"> 2498 <span class="label__text">low severity</span> 2499 </div> 2500 2501 <hr/> 2502 2503 <ul class="card__meta"> 2504 <li class="card__meta__item"> 2505 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 2506 </li> 2507 2508 <li class="card__meta__item">Introduced through: 2509 [DocId: 47] 2510 <span class="list-paths__item__arrow">›</span> 2511 input 2512 <span class="list-paths__item__arrow">›</span> 2513 spec 2514 <span class="list-paths__item__arrow">›</span> 2515 template 2516 <span class="list-paths__item__arrow">›</span> 2517 spec 2518 <span class="list-paths__item__arrow">›</span> 2519 containers[argocd-notifications-controller] 2520 <span class="list-paths__item__arrow">›</span> 2521 securityContext 2522 <span class="list-paths__item__arrow">›</span> 2523 runAsUser 2524 2525 </li> 2526 2527 <li class="card__meta__item"> 2528 Line number: 24829 2529 </li> 2530 </ul> 2531 2532 <hr/> 2533 2534 <h2>Impact</h2> 2535 <p>UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass</p> 2536 2537 <h2>Remediation</h2> 2538 <p>Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence</p> 2539 2540 2541 <hr/> 2542 </div><!-- .card__section --> 2543 2544 <div class="cta card__cta"> 2545 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p> 2546 </div> 2547 2548 </div><!-- .card --> 2549 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2550 <h2 class="card__title">Container's or Pod's UID could clash with host's UID</h2> 2551 <div class="card__section"> 2552 2553 <div class="label label--low"> 2554 <span class="label__text">low severity</span> 2555 </div> 2556 2557 <hr/> 2558 2559 <ul class="card__meta"> 2560 <li class="card__meta__item"> 2561 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 2562 </li> 2563 2564 <li class="card__meta__item">Introduced through: 2565 [DocId: 48] 2566 <span class="list-paths__item__arrow">›</span> 2567 input 2568 <span class="list-paths__item__arrow">›</span> 2569 spec 2570 <span class="list-paths__item__arrow">›</span> 2571 template 2572 <span class="list-paths__item__arrow">›</span> 2573 spec 2574 <span class="list-paths__item__arrow">›</span> 2575 containers[redis] 2576 <span class="list-paths__item__arrow">›</span> 2577 securityContext 2578 <span class="list-paths__item__arrow">›</span> 2579 runAsUser 2580 2581 </li> 2582 2583 <li class="card__meta__item"> 2584 Line number: 24914 2585 </li> 2586 </ul> 2587 2588 <hr/> 2589 2590 <h2>Impact</h2> 2591 <p>UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass</p> 2592 2593 <h2>Remediation</h2> 2594 <p>Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence</p> 2595 2596 2597 <hr/> 2598 </div><!-- .card__section --> 2599 2600 <div class="cta card__cta"> 2601 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p> 2602 </div> 2603 2604 </div><!-- .card --> 2605 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2606 <h2 class="card__title">Container's or Pod's UID could clash with host's UID</h2> 2607 <div class="card__section"> 2608 2609 <div class="label label--low"> 2610 <span class="label__text">low severity</span> 2611 </div> 2612 2613 <hr/> 2614 2615 <ul class="card__meta"> 2616 <li class="card__meta__item"> 2617 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 2618 </li> 2619 2620 <li class="card__meta__item">Introduced through: 2621 [DocId: 48] 2622 <span class="list-paths__item__arrow">›</span> 2623 input 2624 <span class="list-paths__item__arrow">›</span> 2625 spec 2626 <span class="list-paths__item__arrow">›</span> 2627 template 2628 <span class="list-paths__item__arrow">›</span> 2629 spec 2630 <span class="list-paths__item__arrow">›</span> 2631 initContainers[secret-init] 2632 <span class="list-paths__item__arrow">›</span> 2633 securityContext 2634 <span class="list-paths__item__arrow">›</span> 2635 runAsUser 2636 2637 </li> 2638 2639 <li class="card__meta__item"> 2640 Line number: 24928 2641 </li> 2642 </ul> 2643 2644 <hr/> 2645 2646 <h2>Impact</h2> 2647 <p>UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass</p> 2648 2649 <h2>Remediation</h2> 2650 <p>Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence</p> 2651 2652 2653 <hr/> 2654 </div><!-- .card__section --> 2655 2656 <div class="cta card__cta"> 2657 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p> 2658 </div> 2659 2660 </div><!-- .card --> 2661 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2662 <h2 class="card__title">Container's or Pod's UID could clash with host's UID</h2> 2663 <div class="card__section"> 2664 2665 <div class="label label--low"> 2666 <span class="label__text">low severity</span> 2667 </div> 2668 2669 <hr/> 2670 2671 <ul class="card__meta"> 2672 <li class="card__meta__item"> 2673 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 2674 </li> 2675 2676 <li class="card__meta__item">Introduced through: 2677 [DocId: 49] 2678 <span class="list-paths__item__arrow">›</span> 2679 input 2680 <span class="list-paths__item__arrow">›</span> 2681 spec 2682 <span class="list-paths__item__arrow">›</span> 2683 template 2684 <span class="list-paths__item__arrow">›</span> 2685 spec 2686 <span class="list-paths__item__arrow">›</span> 2687 initContainers[copyutil] 2688 <span class="list-paths__item__arrow">›</span> 2689 securityContext 2690 <span class="list-paths__item__arrow">›</span> 2691 runAsUser 2692 2693 </li> 2694 2695 <li class="card__meta__item"> 2696 Line number: 25240 2697 </li> 2698 </ul> 2699 2700 <hr/> 2701 2702 <h2>Impact</h2> 2703 <p>UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass</p> 2704 2705 <h2>Remediation</h2> 2706 <p>Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence</p> 2707 2708 2709 <hr/> 2710 </div><!-- .card__section --> 2711 2712 <div class="cta card__cta"> 2713 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p> 2714 </div> 2715 2716 </div><!-- .card --> 2717 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2718 <h2 class="card__title">Container's or Pod's UID could clash with host's UID</h2> 2719 <div class="card__section"> 2720 2721 <div class="label label--low"> 2722 <span class="label__text">low severity</span> 2723 </div> 2724 2725 <hr/> 2726 2727 <ul class="card__meta"> 2728 <li class="card__meta__item"> 2729 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 2730 </li> 2731 2732 <li class="card__meta__item">Introduced through: 2733 [DocId: 49] 2734 <span class="list-paths__item__arrow">›</span> 2735 input 2736 <span class="list-paths__item__arrow">›</span> 2737 spec 2738 <span class="list-paths__item__arrow">›</span> 2739 template 2740 <span class="list-paths__item__arrow">›</span> 2741 spec 2742 <span class="list-paths__item__arrow">›</span> 2743 containers[argocd-repo-server] 2744 <span class="list-paths__item__arrow">›</span> 2745 securityContext 2746 <span class="list-paths__item__arrow">›</span> 2747 runAsUser 2748 2749 </li> 2750 2751 <li class="card__meta__item"> 2752 Line number: 25206 2753 </li> 2754 </ul> 2755 2756 <hr/> 2757 2758 <h2>Impact</h2> 2759 <p>UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass</p> 2760 2761 <h2>Remediation</h2> 2762 <p>Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence</p> 2763 2764 2765 <hr/> 2766 </div><!-- .card__section --> 2767 2768 <div class="cta card__cta"> 2769 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p> 2770 </div> 2771 2772 </div><!-- .card --> 2773 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2774 <h2 class="card__title">Container's or Pod's UID could clash with host's UID</h2> 2775 <div class="card__section"> 2776 2777 <div class="label label--low"> 2778 <span class="label__text">low severity</span> 2779 </div> 2780 2781 <hr/> 2782 2783 <ul class="card__meta"> 2784 <li class="card__meta__item"> 2785 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 2786 </li> 2787 2788 <li class="card__meta__item">Introduced through: 2789 [DocId: 50] 2790 <span class="list-paths__item__arrow">›</span> 2791 input 2792 <span class="list-paths__item__arrow">›</span> 2793 spec 2794 <span class="list-paths__item__arrow">›</span> 2795 template 2796 <span class="list-paths__item__arrow">›</span> 2797 spec 2798 <span class="list-paths__item__arrow">›</span> 2799 containers[argocd-server] 2800 <span class="list-paths__item__arrow">›</span> 2801 securityContext 2802 <span class="list-paths__item__arrow">›</span> 2803 runAsUser 2804 2805 </li> 2806 2807 <li class="card__meta__item"> 2808 Line number: 25617 2809 </li> 2810 </ul> 2811 2812 <hr/> 2813 2814 <h2>Impact</h2> 2815 <p>UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass</p> 2816 2817 <h2>Remediation</h2> 2818 <p>Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence</p> 2819 2820 2821 <hr/> 2822 </div><!-- .card__section --> 2823 2824 <div class="cta card__cta"> 2825 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p> 2826 </div> 2827 2828 </div><!-- .card --> 2829 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2830 <h2 class="card__title">Container's or Pod's UID could clash with host's UID</h2> 2831 <div class="card__section"> 2832 2833 <div class="label label--low"> 2834 <span class="label__text">low severity</span> 2835 </div> 2836 2837 <hr/> 2838 2839 <ul class="card__meta"> 2840 <li class="card__meta__item"> 2841 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 2842 </li> 2843 2844 <li class="card__meta__item">Introduced through: 2845 [DocId: 51] 2846 <span class="list-paths__item__arrow">›</span> 2847 input 2848 <span class="list-paths__item__arrow">›</span> 2849 spec 2850 <span class="list-paths__item__arrow">›</span> 2851 template 2852 <span class="list-paths__item__arrow">›</span> 2853 spec 2854 <span class="list-paths__item__arrow">›</span> 2855 containers[argocd-application-controller] 2856 <span class="list-paths__item__arrow">›</span> 2857 securityContext 2858 <span class="list-paths__item__arrow">›</span> 2859 runAsUser 2860 2861 </li> 2862 2863 <li class="card__meta__item"> 2864 Line number: 25975 2865 </li> 2866 </ul> 2867 2868 <hr/> 2869 2870 <h2>Impact</h2> 2871 <p>UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass</p> 2872 2873 <h2>Remediation</h2> 2874 <p>Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence</p> 2875 2876 2877 <hr/> 2878 </div><!-- .card__section --> 2879 2880 <div class="cta card__cta"> 2881 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p> 2882 </div> 2883 2884 </div><!-- .card --> 2885 </div> 2886 </div> 2887 2888 </main><!-- .layout-stacked__content --> 2889 </body> 2890 2891 </html>