github.com/argoproj/argo-cd/v3@v3.2.1/docs/snyk/v3.1.5/argocd-iac-namespace-install.html (about) 1 <!DOCTYPE html> 2 <html lang="en"> 3 4 <head> 5 <meta http-equiv="Content-type" content="text/html; charset=utf-8"> 6 <meta http-equiv="Content-Language" content="en-us"> 7 <meta name="viewport" content="width=device-width, initial-scale=1.0"> 8 <meta http-equiv="X-UA-Compatible" content="IE=edge"> 9 <title>Snyk test report</title> 10 <meta name="description" content=" known vulnerabilities found in ."> 11 <base target="_blank"> 12 <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png" 13 sizes="194x194"> 14 <link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico"> 15 <style type="text/css"> 16 17 body { 18 -moz-font-feature-settings: "pnum"; 19 -webkit-font-feature-settings: "pnum"; 20 font-variant-numeric: proportional-nums; 21 display: flex; 22 flex-direction: column; 23 font-feature-settings: "pnum"; 24 font-size: 100%; 25 line-height: 1.5; 26 min-height: 100vh; 27 -webkit-text-size-adjust: 100%; 28 margin: 0; 29 padding: 0; 30 background-color: #F5F5F5; 31 font-family: 'Arial', 'Helvetica', Calibri, sans-serif; 32 } 33 34 h1, 35 h2, 36 h3, 37 h4, 38 h5, 39 h6 { 40 font-weight: 500; 41 } 42 43 a, 44 a:link, 45 a:visited { 46 border-bottom: 1px solid #4b45a9; 47 text-decoration: none; 48 color: #4b45a9; 49 } 50 51 a:hover, 52 a:focus, 53 a:active { 54 border-bottom: 1px solid #4b45a9; 55 } 56 57 hr { 58 border: none; 59 margin: 1em 0; 60 border-top: 1px solid #c5c5c5; 61 } 62 63 ul { 64 padding: 0 1em; 65 margin: 1em 0; 66 } 67 68 code { 69 background-color: #EEE; 70 color: #333; 71 padding: 0.25em 0.5em; 72 border-radius: 0.25em; 73 } 74 75 pre { 76 background-color: #333; 77 font-family: monospace; 78 padding: 0.5em 1em 0.75em; 79 border-radius: 0.25em; 80 font-size: 14px; 81 } 82 83 pre code { 84 padding: 0; 85 background-color: transparent; 86 color: #fff; 87 } 88 89 a code { 90 border-radius: .125rem .125rem 0 0; 91 padding-bottom: 0; 92 color: #4b45a9; 93 } 94 95 a[href^="http://"]:after, 96 a[href^="https://"]:after { 97 background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E"); 98 background-repeat: no-repeat; 99 background-size: .75rem; 100 content: ""; 101 display: inline-block; 102 height: .75rem; 103 margin-left: .25rem; 104 width: .75rem; 105 } 106 107 108 /* Layout */ 109 110 [class*=layout-container] { 111 margin: 0 auto; 112 max-width: 71.25em; 113 padding: 1.9em 1.3em; 114 position: relative; 115 } 116 .layout-container--short { 117 padding-top: 0; 118 padding-bottom: 0; 119 max-width: 48.75em; 120 } 121 122 .layout-container--short:after { 123 display: block; 124 content: ""; 125 clear: both; 126 } 127 128 /* Header */ 129 130 .header { 131 padding-bottom: 1px; 132 } 133 134 .paths { 135 margin-left: 8px; 136 } 137 .header-wrap { 138 display: flex; 139 flex-direction: row; 140 justify-content: space-between; 141 padding-top: 2em; 142 } 143 .project__header { 144 background-color: #030328; 145 color: #fff; 146 margin-bottom: -1px; 147 padding-top: 1em; 148 padding-bottom: 0.25em; 149 border-bottom: 2px solid #BBB; 150 } 151 152 .project__header__title { 153 overflow-wrap: break-word; 154 word-wrap: break-word; 155 word-break: break-all; 156 margin-bottom: .1em; 157 margin-top: 0; 158 } 159 160 .timestamp { 161 float: right; 162 clear: none; 163 margin-bottom: 0; 164 } 165 166 .meta-counts { 167 clear: both; 168 display: block; 169 flex-wrap: wrap; 170 justify-content: space-between; 171 margin: 0 0 1.5em; 172 color: #fff; 173 clear: both; 174 font-size: 1.1em; 175 } 176 177 .meta-count { 178 display: block; 179 flex-basis: 100%; 180 margin: 0 1em 1em 0; 181 float: left; 182 padding-right: 1em; 183 border-right: 2px solid #fff; 184 } 185 186 .meta-count:last-child { 187 border-right: 0; 188 padding-right: 0; 189 margin-right: 0; 190 } 191 192 /* Card */ 193 194 .card { 195 background-color: #fff; 196 border: 1px solid #c5c5c5; 197 border-radius: .25rem; 198 margin: 0 0 2em 0; 199 position: relative; 200 min-height: 40px; 201 padding: 1.5em; 202 } 203 204 .card .label { 205 background-color: #767676; 206 border: 2px solid #767676; 207 color: white; 208 padding: 0.25rem 0.75rem; 209 font-size: 0.875rem; 210 text-transform: uppercase; 211 display: inline-block; 212 margin: 0; 213 border-radius: 0.25rem; 214 } 215 216 .card .label__text { 217 vertical-align: text-top; 218 font-weight: bold; 219 } 220 221 .card .label--critical { 222 background-color: #AB1A1A; 223 border-color: #AB1A1A; 224 } 225 226 .card .label--high { 227 background-color: #CE5019; 228 border-color: #CE5019; 229 } 230 231 .card .label--medium { 232 background-color: #D68000; 233 border-color: #D68000; 234 } 235 236 .card .label--low { 237 background-color: #88879E; 238 border-color: #88879E; 239 } 240 241 .severity--low { 242 border-color: #88879E; 243 } 244 245 .severity--medium { 246 border-color: #D68000; 247 } 248 249 .severity--high { 250 border-color: #CE5019; 251 } 252 253 .severity--critical { 254 border-color: #AB1A1A; 255 } 256 257 .card--vuln { 258 padding-top: 4em; 259 } 260 261 .card--vuln .label { 262 left: 0; 263 position: absolute; 264 top: 1.1em; 265 padding-left: 1.9em; 266 padding-right: 1.9em; 267 border-radius: 0 0.25rem 0.25rem 0; 268 } 269 270 .card--vuln .card__section h2 { 271 font-size: 22px; 272 margin-bottom: 0.5em; 273 } 274 275 .card--vuln .card__section p { 276 margin: 0 0 0.5em 0; 277 } 278 279 .card--vuln .card__meta { 280 padding: 0 0 0 1em; 281 margin: 0; 282 font-size: 1.1em; 283 } 284 285 .card .card__meta__paths { 286 font-size: 0.9em; 287 } 288 289 .card--vuln .card__title { 290 font-size: 28px; 291 margin-top: 0; 292 } 293 294 .card--vuln .card__cta p { 295 margin: 0; 296 text-align: right; 297 } 298 299 .source-panel { 300 clear: both; 301 display: flex; 302 justify-content: flex-start; 303 flex-direction: column; 304 align-items: flex-start; 305 padding: 0.5em 0; 306 width: fit-content; 307 } 308 309 310 311 </style> 312 <style type="text/css"> 313 .metatable { 314 text-size-adjust: 100%; 315 -webkit-font-smoothing: antialiased; 316 -webkit-box-direction: normal; 317 color: inherit; 318 font-feature-settings: "pnum"; 319 box-sizing: border-box; 320 background: transparent; 321 border: 0; 322 font: inherit; 323 font-size: 100%; 324 margin: 0; 325 outline: none; 326 padding: 0; 327 text-align: left; 328 text-decoration: none; 329 vertical-align: baseline; 330 z-index: auto; 331 margin-top: 12px; 332 border-collapse: collapse; 333 border-spacing: 0; 334 font-variant-numeric: tabular-nums; 335 max-width: 51.75em; 336 } 337 338 tbody { 339 text-size-adjust: 100%; 340 -webkit-font-smoothing: antialiased; 341 -webkit-box-direction: normal; 342 color: inherit; 343 font-feature-settings: "pnum"; 344 border-collapse: collapse; 345 border-spacing: 0; 346 box-sizing: border-box; 347 background: transparent; 348 border: 0; 349 font: inherit; 350 font-size: 100%; 351 margin: 0; 352 outline: none; 353 padding: 0; 354 text-align: left; 355 text-decoration: none; 356 vertical-align: baseline; 357 z-index: auto; 358 display: flex; 359 flex-wrap: wrap; 360 } 361 362 .meta-row { 363 text-size-adjust: 100%; 364 -webkit-font-smoothing: antialiased; 365 -webkit-box-direction: normal; 366 color: inherit; 367 font-feature-settings: "pnum"; 368 border-collapse: collapse; 369 border-spacing: 0; 370 box-sizing: border-box; 371 background: transparent; 372 border: 0; 373 font: inherit; 374 font-size: 100%; 375 outline: none; 376 text-align: left; 377 text-decoration: none; 378 vertical-align: baseline; 379 z-index: auto; 380 display: flex; 381 align-items: start; 382 border-top: 1px solid #d3d3d9; 383 padding: 8px 0 0 0; 384 border-bottom: none; 385 margin: 8px; 386 width: 47.75%; 387 } 388 389 .meta-row-label { 390 text-size-adjust: 100%; 391 -webkit-font-smoothing: antialiased; 392 -webkit-box-direction: normal; 393 font-feature-settings: "pnum"; 394 border-collapse: collapse; 395 border-spacing: 0; 396 color: #4c4a73; 397 box-sizing: border-box; 398 background: transparent; 399 border: 0; 400 font: inherit; 401 margin: 0; 402 outline: none; 403 text-decoration: none; 404 z-index: auto; 405 align-self: start; 406 flex: 1; 407 font-size: 1rem; 408 line-height: 1.5rem; 409 padding: 0; 410 text-align: left; 411 vertical-align: top; 412 text-transform: none; 413 letter-spacing: 0; 414 } 415 416 .meta-row-value { 417 text-size-adjust: 100%; 418 -webkit-font-smoothing: antialiased; 419 -webkit-box-direction: normal; 420 color: inherit; 421 font-feature-settings: "pnum"; 422 border-collapse: collapse; 423 border-spacing: 0; 424 word-break: break-word; 425 box-sizing: border-box; 426 background: transparent; 427 border: 0; 428 font: inherit; 429 font-size: 100%; 430 margin: 0; 431 outline: none; 432 padding: 0; 433 text-align: right; 434 text-decoration: none; 435 vertical-align: baseline; 436 z-index: auto; 437 } 438 </style> 439 </head> 440 441 <body class="section-projects"> 442 <main class="layout-stacked"> 443 <div class="layout-stacked__header header"> 444 <header class="project__header"> 445 <div class="layout-container"> 446 <a class="brand" href="https://snyk.io" title="Snyk"> 447 <svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img"> 448 <title>Snyk - Open Source Security</title> 449 <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd"> 450 <g fill="#fff"> 451 <path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path> 452 </g> 453 </g> 454 </svg> 455 </a> 456 <div class="header-wrap"> 457 <h1 class="project__header__title">Snyk test report</h1> 458 459 <p class="timestamp">September 14th 2025, 12:26:30 am (UTC+00:00)</p> 460 </div> 461 <div class="source-panel"> 462 <span>Scanned the following path:</span> 463 <ul> 464 <li class="paths">/argo-cd/manifests/namespace-install.yaml (Kubernetes)</li> 465 </ul> 466 </div> 467 468 <div class="meta-counts"> 469 <div class="meta-count"><span>43</span> <span>total issues</span></div> 470 </div><!-- .meta-counts --> 471 </div><!-- .layout-container--short --> 472 </header><!-- .project__header --> 473 </div><!-- .layout-stacked__header --> 474 475 <section class="layout-container"> 476 <table class="metatable"> 477 <tbody> 478 <tr class="meta-row"><th class="meta-row-label">Project</th> <td class="meta-row-value">manifests/namespace-install.yaml</td></tr> 479 <tr class="meta-row"><th class="meta-row-label">Path</th> <td class="meta-row-value">/argo-cd/manifests/namespace-install.yaml</td></tr> 480 <tr class="meta-row"><th class="meta-row-label">Project Type</th> <td class="meta-row-value">Kubernetes</td></tr> 481 </tbody> 482 </table> 483 </section> <div class="layout-container" style="padding-top: 35px;"> 484 <div class="cards--vuln filter--patch filter--ignore"> 485 <div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium"> 486 <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2> 487 <div class="card__section"> 488 489 <div class="label label--medium"> 490 <span class="label__text">medium severity</span> 491 </div> 492 493 <hr/> 494 495 <ul class="card__meta"> 496 <li class="card__meta__item"> 497 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 498 </li> 499 500 <li class="card__meta__item">Introduced through: 501 [DocId: 7] 502 <span class="list-paths__item__arrow">›</span> 503 rules[0] 504 <span class="list-paths__item__arrow">›</span> 505 resources 506 507 </li> 508 509 <li class="card__meta__item"> 510 Line number: 77 511 </li> 512 </ul> 513 514 <hr/> 515 516 <h2>Impact</h2> 517 <p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p> 518 519 <h2>Remediation</h2> 520 <p>Consider removing these permissions</p> 521 522 523 <hr/> 524 </div><!-- .card__section --> 525 526 <div class="cta card__cta"> 527 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p> 528 </div> 529 530 </div><!-- .card --> 531 <div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium"> 532 <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2> 533 <div class="card__section"> 534 535 <div class="label label--medium"> 536 <span class="label__text">medium severity</span> 537 </div> 538 539 <hr/> 540 541 <ul class="card__meta"> 542 <li class="card__meta__item"> 543 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 544 </li> 545 546 <li class="card__meta__item">Introduced through: 547 [DocId: 8] 548 <span class="list-paths__item__arrow">›</span> 549 rules[4] 550 <span class="list-paths__item__arrow">›</span> 551 resources 552 553 </li> 554 555 <li class="card__meta__item"> 556 Line number: 165 557 </li> 558 </ul> 559 560 <hr/> 561 562 <h2>Impact</h2> 563 <p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p> 564 565 <h2>Remediation</h2> 566 <p>Consider removing these permissions</p> 567 568 569 <hr/> 570 </div><!-- .card__section --> 571 572 <div class="cta card__cta"> 573 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p> 574 </div> 575 576 </div><!-- .card --> 577 <div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium"> 578 <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2> 579 <div class="card__section"> 580 581 <div class="label label--medium"> 582 <span class="label__text">medium severity</span> 583 </div> 584 585 <hr/> 586 587 <ul class="card__meta"> 588 <li class="card__meta__item"> 589 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 590 </li> 591 592 <li class="card__meta__item">Introduced through: 593 [DocId: 9] 594 <span class="list-paths__item__arrow">›</span> 595 rules[0] 596 <span class="list-paths__item__arrow">›</span> 597 resources 598 599 </li> 600 601 <li class="card__meta__item"> 602 Line number: 193 603 </li> 604 </ul> 605 606 <hr/> 607 608 <h2>Impact</h2> 609 <p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p> 610 611 <h2>Remediation</h2> 612 <p>Consider removing these permissions</p> 613 614 615 <hr/> 616 </div><!-- .card__section --> 617 618 <div class="cta card__cta"> 619 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p> 620 </div> 621 622 </div><!-- .card --> 623 <div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium"> 624 <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2> 625 <div class="card__section"> 626 627 <div class="label label--medium"> 628 <span class="label__text">medium severity</span> 629 </div> 630 631 <hr/> 632 633 <ul class="card__meta"> 634 <li class="card__meta__item"> 635 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 636 </li> 637 638 <li class="card__meta__item">Introduced through: 639 [DocId: 10] 640 <span class="list-paths__item__arrow">›</span> 641 rules[1] 642 <span class="list-paths__item__arrow">›</span> 643 resources 644 645 </li> 646 647 <li class="card__meta__item"> 648 Line number: 223 649 </li> 650 </ul> 651 652 <hr/> 653 654 <h2>Impact</h2> 655 <p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p> 656 657 <h2>Remediation</h2> 658 <p>Consider removing these permissions</p> 659 660 661 <hr/> 662 </div><!-- .card__section --> 663 664 <div class="cta card__cta"> 665 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p> 666 </div> 667 668 </div><!-- .card --> 669 <div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium"> 670 <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2> 671 <div class="card__section"> 672 673 <div class="label label--medium"> 674 <span class="label__text">medium severity</span> 675 </div> 676 677 <hr/> 678 679 <ul class="card__meta"> 680 <li class="card__meta__item"> 681 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 682 </li> 683 684 <li class="card__meta__item">Introduced through: 685 [DocId: 10] 686 <span class="list-paths__item__arrow">›</span> 687 rules[3] 688 <span class="list-paths__item__arrow">›</span> 689 resources 690 691 </li> 692 693 <li class="card__meta__item"> 694 Line number: 241 695 </li> 696 </ul> 697 698 <hr/> 699 700 <h2>Impact</h2> 701 <p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p> 702 703 <h2>Remediation</h2> 704 <p>Consider removing these permissions</p> 705 706 707 <hr/> 708 </div><!-- .card__section --> 709 710 <div class="cta card__cta"> 711 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p> 712 </div> 713 714 </div><!-- .card --> 715 <div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium"> 716 <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2> 717 <div class="card__section"> 718 719 <div class="label label--medium"> 720 <span class="label__text">medium severity</span> 721 </div> 722 723 <hr/> 724 725 <ul class="card__meta"> 726 <li class="card__meta__item"> 727 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 728 </li> 729 730 <li class="card__meta__item">Introduced through: 731 [DocId: 11] 732 <span class="list-paths__item__arrow">›</span> 733 rules[0] 734 <span class="list-paths__item__arrow">›</span> 735 resources 736 737 </li> 738 739 <li class="card__meta__item"> 740 Line number: 259 741 </li> 742 </ul> 743 744 <hr/> 745 746 <h2>Impact</h2> 747 <p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p> 748 749 <h2>Remediation</h2> 750 <p>Consider removing these permissions</p> 751 752 753 <hr/> 754 </div><!-- .card__section --> 755 756 <div class="cta card__cta"> 757 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p> 758 </div> 759 760 </div><!-- .card --> 761 <div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium"> 762 <h2 class="card__title">Role or ClusterRole with dangerous permissions</h2> 763 <div class="card__section"> 764 765 <div class="label label--medium"> 766 <span class="label__text">medium severity</span> 767 </div> 768 769 <hr/> 770 771 <ul class="card__meta"> 772 <li class="card__meta__item"> 773 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a> 774 </li> 775 776 <li class="card__meta__item">Introduced through: 777 [DocId: 12] 778 <span class="list-paths__item__arrow">›</span> 779 rules[0] 780 <span class="list-paths__item__arrow">›</span> 781 resources 782 783 </li> 784 785 <li class="card__meta__item"> 786 Line number: 281 787 </li> 788 </ul> 789 790 <hr/> 791 792 <h2>Impact</h2> 793 <p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p> 794 795 <h2>Remediation</h2> 796 <p>Consider removing these permissions</p> 797 798 799 <hr/> 800 </div><!-- .card__section --> 801 802 <div class="cta card__cta"> 803 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p> 804 </div> 805 806 </div><!-- .card --> 807 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 808 <h2 class="card__title">Container could be running with outdated image</h2> 809 <div class="card__section"> 810 811 <div class="label label--low"> 812 <span class="label__text">low severity</span> 813 </div> 814 815 <hr/> 816 817 <ul class="card__meta"> 818 <li class="card__meta__item"> 819 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-42">SNYK-CC-K8S-42</a> 820 </li> 821 822 <li class="card__meta__item">Introduced through: 823 [DocId: 39] 824 <span class="list-paths__item__arrow">›</span> 825 spec 826 <span class="list-paths__item__arrow">›</span> 827 template 828 <span class="list-paths__item__arrow">›</span> 829 spec 830 <span class="list-paths__item__arrow">›</span> 831 initContainers[secret-init] 832 <span class="list-paths__item__arrow">›</span> 833 imagePullPolicy 834 835 </li> 836 837 <li class="card__meta__item"> 838 Line number: 1275 839 </li> 840 </ul> 841 842 <hr/> 843 844 <h2>Impact</h2> 845 <p>The container may run with outdated or unauthorized image</p> 846 847 <h2>Remediation</h2> 848 <p>Set `imagePullPolicy` attribute to `Always`</p> 849 850 851 <hr/> 852 </div><!-- .card__section --> 853 854 <div class="cta card__cta"> 855 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-42">More about this issue</a></p> 856 </div> 857 858 </div><!-- .card --> 859 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 860 <h2 class="card__title">Container could be running with outdated image</h2> 861 <div class="card__section"> 862 863 <div class="label label--low"> 864 <span class="label__text">low severity</span> 865 </div> 866 867 <hr/> 868 869 <ul class="card__meta"> 870 <li class="card__meta__item"> 871 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-42">SNYK-CC-K8S-42</a> 872 </li> 873 874 <li class="card__meta__item">Introduced through: 875 [DocId: 40] 876 <span class="list-paths__item__arrow">›</span> 877 spec 878 <span class="list-paths__item__arrow">›</span> 879 template 880 <span class="list-paths__item__arrow">›</span> 881 spec 882 <span class="list-paths__item__arrow">›</span> 883 initContainers[copyutil] 884 <span class="list-paths__item__arrow">›</span> 885 imagePullPolicy 886 887 </li> 888 889 <li class="card__meta__item"> 890 Line number: 1612 891 </li> 892 </ul> 893 894 <hr/> 895 896 <h2>Impact</h2> 897 <p>The container may run with outdated or unauthorized image</p> 898 899 <h2>Remediation</h2> 900 <p>Set `imagePullPolicy` attribute to `Always`</p> 901 902 903 <hr/> 904 </div><!-- .card__section --> 905 906 <div class="cta card__cta"> 907 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-42">More about this issue</a></p> 908 </div> 909 910 </div><!-- .card --> 911 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 912 <h2 class="card__title">Container has no CPU limit</h2> 913 <div class="card__section"> 914 915 <div class="label label--low"> 916 <span class="label__text">low severity</span> 917 </div> 918 919 <hr/> 920 921 <ul class="card__meta"> 922 <li class="card__meta__item"> 923 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 924 </li> 925 926 <li class="card__meta__item">Introduced through: 927 [DocId: 36] 928 <span class="list-paths__item__arrow">›</span> 929 input 930 <span class="list-paths__item__arrow">›</span> 931 spec 932 <span class="list-paths__item__arrow">›</span> 933 template 934 <span class="list-paths__item__arrow">›</span> 935 spec 936 <span class="list-paths__item__arrow">›</span> 937 containers[argocd-applicationset-controller] 938 <span class="list-paths__item__arrow">›</span> 939 resources 940 <span class="list-paths__item__arrow">›</span> 941 limits 942 <span class="list-paths__item__arrow">›</span> 943 cpu 944 945 </li> 946 947 <li class="card__meta__item"> 948 Line number: 770 949 </li> 950 </ul> 951 952 <hr/> 953 954 <h2>Impact</h2> 955 <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p> 956 957 <h2>Remediation</h2> 958 <p>Add `resources.limits.cpu` field with required CPU limit value</p> 959 960 961 <hr/> 962 </div><!-- .card__section --> 963 964 <div class="cta card__cta"> 965 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p> 966 </div> 967 968 </div><!-- .card --> 969 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 970 <h2 class="card__title">Container has no CPU limit</h2> 971 <div class="card__section"> 972 973 <div class="label label--low"> 974 <span class="label__text">low severity</span> 975 </div> 976 977 <hr/> 978 979 <ul class="card__meta"> 980 <li class="card__meta__item"> 981 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 982 </li> 983 984 <li class="card__meta__item">Introduced through: 985 [DocId: 37] 986 <span class="list-paths__item__arrow">›</span> 987 input 988 <span class="list-paths__item__arrow">›</span> 989 spec 990 <span class="list-paths__item__arrow">›</span> 991 template 992 <span class="list-paths__item__arrow">›</span> 993 spec 994 <span class="list-paths__item__arrow">›</span> 995 initContainers[copyutil] 996 <span class="list-paths__item__arrow">›</span> 997 resources 998 <span class="list-paths__item__arrow">›</span> 999 limits 1000 <span class="list-paths__item__arrow">›</span> 1001 cpu 1002 1003 </li> 1004 1005 <li class="card__meta__item"> 1006 Line number: 1071 1007 </li> 1008 </ul> 1009 1010 <hr/> 1011 1012 <h2>Impact</h2> 1013 <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p> 1014 1015 <h2>Remediation</h2> 1016 <p>Add `resources.limits.cpu` field with required CPU limit value</p> 1017 1018 1019 <hr/> 1020 </div><!-- .card__section --> 1021 1022 <div class="cta card__cta"> 1023 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p> 1024 </div> 1025 1026 </div><!-- .card --> 1027 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1028 <h2 class="card__title">Container has no CPU limit</h2> 1029 <div class="card__section"> 1030 1031 <div class="label label--low"> 1032 <span class="label__text">low severity</span> 1033 </div> 1034 1035 <hr/> 1036 1037 <ul class="card__meta"> 1038 <li class="card__meta__item"> 1039 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 1040 </li> 1041 1042 <li class="card__meta__item">Introduced through: 1043 [DocId: 37] 1044 <span class="list-paths__item__arrow">›</span> 1045 input 1046 <span class="list-paths__item__arrow">›</span> 1047 spec 1048 <span class="list-paths__item__arrow">›</span> 1049 template 1050 <span class="list-paths__item__arrow">›</span> 1051 spec 1052 <span class="list-paths__item__arrow">›</span> 1053 containers[dex] 1054 <span class="list-paths__item__arrow">›</span> 1055 resources 1056 <span class="list-paths__item__arrow">›</span> 1057 limits 1058 <span class="list-paths__item__arrow">›</span> 1059 cpu 1060 1061 </li> 1062 1063 <li class="card__meta__item"> 1064 Line number: 1019 1065 </li> 1066 </ul> 1067 1068 <hr/> 1069 1070 <h2>Impact</h2> 1071 <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p> 1072 1073 <h2>Remediation</h2> 1074 <p>Add `resources.limits.cpu` field with required CPU limit value</p> 1075 1076 1077 <hr/> 1078 </div><!-- .card__section --> 1079 1080 <div class="cta card__cta"> 1081 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p> 1082 </div> 1083 1084 </div><!-- .card --> 1085 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1086 <h2 class="card__title">Container has no CPU limit</h2> 1087 <div class="card__section"> 1088 1089 <div class="label label--low"> 1090 <span class="label__text">low severity</span> 1091 </div> 1092 1093 <hr/> 1094 1095 <ul class="card__meta"> 1096 <li class="card__meta__item"> 1097 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 1098 </li> 1099 1100 <li class="card__meta__item">Introduced through: 1101 [DocId: 38] 1102 <span class="list-paths__item__arrow">›</span> 1103 input 1104 <span class="list-paths__item__arrow">›</span> 1105 spec 1106 <span class="list-paths__item__arrow">›</span> 1107 template 1108 <span class="list-paths__item__arrow">›</span> 1109 spec 1110 <span class="list-paths__item__arrow">›</span> 1111 containers[argocd-notifications-controller] 1112 <span class="list-paths__item__arrow">›</span> 1113 resources 1114 <span class="list-paths__item__arrow">›</span> 1115 limits 1116 <span class="list-paths__item__arrow">›</span> 1117 cpu 1118 1119 </li> 1120 1121 <li class="card__meta__item"> 1122 Line number: 1133 1123 </li> 1124 </ul> 1125 1126 <hr/> 1127 1128 <h2>Impact</h2> 1129 <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p> 1130 1131 <h2>Remediation</h2> 1132 <p>Add `resources.limits.cpu` field with required CPU limit value</p> 1133 1134 1135 <hr/> 1136 </div><!-- .card__section --> 1137 1138 <div class="cta card__cta"> 1139 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p> 1140 </div> 1141 1142 </div><!-- .card --> 1143 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1144 <h2 class="card__title">Container has no CPU limit</h2> 1145 <div class="card__section"> 1146 1147 <div class="label label--low"> 1148 <span class="label__text">low severity</span> 1149 </div> 1150 1151 <hr/> 1152 1153 <ul class="card__meta"> 1154 <li class="card__meta__item"> 1155 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 1156 </li> 1157 1158 <li class="card__meta__item">Introduced through: 1159 [DocId: 39] 1160 <span class="list-paths__item__arrow">›</span> 1161 input 1162 <span class="list-paths__item__arrow">›</span> 1163 spec 1164 <span class="list-paths__item__arrow">›</span> 1165 template 1166 <span class="list-paths__item__arrow">›</span> 1167 spec 1168 <span class="list-paths__item__arrow">›</span> 1169 containers[redis] 1170 <span class="list-paths__item__arrow">›</span> 1171 resources 1172 <span class="list-paths__item__arrow">›</span> 1173 limits 1174 <span class="list-paths__item__arrow">›</span> 1175 cpu 1176 1177 </li> 1178 1179 <li class="card__meta__item"> 1180 Line number: 1246 1181 </li> 1182 </ul> 1183 1184 <hr/> 1185 1186 <h2>Impact</h2> 1187 <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p> 1188 1189 <h2>Remediation</h2> 1190 <p>Add `resources.limits.cpu` field with required CPU limit value</p> 1191 1192 1193 <hr/> 1194 </div><!-- .card__section --> 1195 1196 <div class="cta card__cta"> 1197 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p> 1198 </div> 1199 1200 </div><!-- .card --> 1201 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1202 <h2 class="card__title">Container has no CPU limit</h2> 1203 <div class="card__section"> 1204 1205 <div class="label label--low"> 1206 <span class="label__text">low severity</span> 1207 </div> 1208 1209 <hr/> 1210 1211 <ul class="card__meta"> 1212 <li class="card__meta__item"> 1213 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 1214 </li> 1215 1216 <li class="card__meta__item">Introduced through: 1217 [DocId: 39] 1218 <span class="list-paths__item__arrow">›</span> 1219 input 1220 <span class="list-paths__item__arrow">›</span> 1221 spec 1222 <span class="list-paths__item__arrow">›</span> 1223 template 1224 <span class="list-paths__item__arrow">›</span> 1225 spec 1226 <span class="list-paths__item__arrow">›</span> 1227 initContainers[secret-init] 1228 <span class="list-paths__item__arrow">›</span> 1229 resources 1230 <span class="list-paths__item__arrow">›</span> 1231 limits 1232 <span class="list-paths__item__arrow">›</span> 1233 cpu 1234 1235 </li> 1236 1237 <li class="card__meta__item"> 1238 Line number: 1270 1239 </li> 1240 </ul> 1241 1242 <hr/> 1243 1244 <h2>Impact</h2> 1245 <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p> 1246 1247 <h2>Remediation</h2> 1248 <p>Add `resources.limits.cpu` field with required CPU limit value</p> 1249 1250 1251 <hr/> 1252 </div><!-- .card__section --> 1253 1254 <div class="cta card__cta"> 1255 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p> 1256 </div> 1257 1258 </div><!-- .card --> 1259 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1260 <h2 class="card__title">Container has no CPU limit</h2> 1261 <div class="card__section"> 1262 1263 <div class="label label--low"> 1264 <span class="label__text">low severity</span> 1265 </div> 1266 1267 <hr/> 1268 1269 <ul class="card__meta"> 1270 <li class="card__meta__item"> 1271 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 1272 </li> 1273 1274 <li class="card__meta__item">Introduced through: 1275 [DocId: 40] 1276 <span class="list-paths__item__arrow">›</span> 1277 input 1278 <span class="list-paths__item__arrow">›</span> 1279 spec 1280 <span class="list-paths__item__arrow">›</span> 1281 template 1282 <span class="list-paths__item__arrow">›</span> 1283 spec 1284 <span class="list-paths__item__arrow">›</span> 1285 initContainers[copyutil] 1286 <span class="list-paths__item__arrow">›</span> 1287 resources 1288 <span class="list-paths__item__arrow">›</span> 1289 limits 1290 <span class="list-paths__item__arrow">›</span> 1291 cpu 1292 1293 </li> 1294 1295 <li class="card__meta__item"> 1296 Line number: 1612 1297 </li> 1298 </ul> 1299 1300 <hr/> 1301 1302 <h2>Impact</h2> 1303 <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p> 1304 1305 <h2>Remediation</h2> 1306 <p>Add `resources.limits.cpu` field with required CPU limit value</p> 1307 1308 1309 <hr/> 1310 </div><!-- .card__section --> 1311 1312 <div class="cta card__cta"> 1313 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p> 1314 </div> 1315 1316 </div><!-- .card --> 1317 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1318 <h2 class="card__title">Container has no CPU limit</h2> 1319 <div class="card__section"> 1320 1321 <div class="label label--low"> 1322 <span class="label__text">low severity</span> 1323 </div> 1324 1325 <hr/> 1326 1327 <ul class="card__meta"> 1328 <li class="card__meta__item"> 1329 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 1330 </li> 1331 1332 <li class="card__meta__item">Introduced through: 1333 [DocId: 40] 1334 <span class="list-paths__item__arrow">›</span> 1335 input 1336 <span class="list-paths__item__arrow">›</span> 1337 spec 1338 <span class="list-paths__item__arrow">›</span> 1339 template 1340 <span class="list-paths__item__arrow">›</span> 1341 spec 1342 <span class="list-paths__item__arrow">›</span> 1343 containers[argocd-repo-server] 1344 <span class="list-paths__item__arrow">›</span> 1345 resources 1346 <span class="list-paths__item__arrow">›</span> 1347 limits 1348 <span class="list-paths__item__arrow">›</span> 1349 cpu 1350 1351 </li> 1352 1353 <li class="card__meta__item"> 1354 Line number: 1329 1355 </li> 1356 </ul> 1357 1358 <hr/> 1359 1360 <h2>Impact</h2> 1361 <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p> 1362 1363 <h2>Remediation</h2> 1364 <p>Add `resources.limits.cpu` field with required CPU limit value</p> 1365 1366 1367 <hr/> 1368 </div><!-- .card__section --> 1369 1370 <div class="cta card__cta"> 1371 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p> 1372 </div> 1373 1374 </div><!-- .card --> 1375 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1376 <h2 class="card__title">Container has no CPU limit</h2> 1377 <div class="card__section"> 1378 1379 <div class="label label--low"> 1380 <span class="label__text">low severity</span> 1381 </div> 1382 1383 <hr/> 1384 1385 <ul class="card__meta"> 1386 <li class="card__meta__item"> 1387 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 1388 </li> 1389 1390 <li class="card__meta__item">Introduced through: 1391 [DocId: 41] 1392 <span class="list-paths__item__arrow">›</span> 1393 input 1394 <span class="list-paths__item__arrow">›</span> 1395 spec 1396 <span class="list-paths__item__arrow">›</span> 1397 template 1398 <span class="list-paths__item__arrow">›</span> 1399 spec 1400 <span class="list-paths__item__arrow">›</span> 1401 containers[argocd-server] 1402 <span class="list-paths__item__arrow">›</span> 1403 resources 1404 <span class="list-paths__item__arrow">›</span> 1405 limits 1406 <span class="list-paths__item__arrow">›</span> 1407 cpu 1408 1409 </li> 1410 1411 <li class="card__meta__item"> 1412 Line number: 1699 1413 </li> 1414 </ul> 1415 1416 <hr/> 1417 1418 <h2>Impact</h2> 1419 <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p> 1420 1421 <h2>Remediation</h2> 1422 <p>Add `resources.limits.cpu` field with required CPU limit value</p> 1423 1424 1425 <hr/> 1426 </div><!-- .card__section --> 1427 1428 <div class="cta card__cta"> 1429 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p> 1430 </div> 1431 1432 </div><!-- .card --> 1433 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1434 <h2 class="card__title">Container has no CPU limit</h2> 1435 <div class="card__section"> 1436 1437 <div class="label label--low"> 1438 <span class="label__text">low severity</span> 1439 </div> 1440 1441 <hr/> 1442 1443 <ul class="card__meta"> 1444 <li class="card__meta__item"> 1445 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a> 1446 </li> 1447 1448 <li class="card__meta__item">Introduced through: 1449 [DocId: 42] 1450 <span class="list-paths__item__arrow">›</span> 1451 input 1452 <span class="list-paths__item__arrow">›</span> 1453 spec 1454 <span class="list-paths__item__arrow">›</span> 1455 template 1456 <span class="list-paths__item__arrow">›</span> 1457 spec 1458 <span class="list-paths__item__arrow">›</span> 1459 containers[argocd-application-controller] 1460 <span class="list-paths__item__arrow">›</span> 1461 resources 1462 <span class="list-paths__item__arrow">›</span> 1463 limits 1464 <span class="list-paths__item__arrow">›</span> 1465 cpu 1466 1467 </li> 1468 1469 <li class="card__meta__item"> 1470 Line number: 2109 1471 </li> 1472 </ul> 1473 1474 <hr/> 1475 1476 <h2>Impact</h2> 1477 <p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p> 1478 1479 <h2>Remediation</h2> 1480 <p>Add `resources.limits.cpu` field with required CPU limit value</p> 1481 1482 1483 <hr/> 1484 </div><!-- .card__section --> 1485 1486 <div class="cta card__cta"> 1487 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p> 1488 </div> 1489 1490 </div><!-- .card --> 1491 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1492 <h2 class="card__title">Container is running with multiple open ports</h2> 1493 <div class="card__section"> 1494 1495 <div class="label label--low"> 1496 <span class="label__text">low severity</span> 1497 </div> 1498 1499 <hr/> 1500 1501 <ul class="card__meta"> 1502 <li class="card__meta__item"> 1503 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-36">SNYK-CC-K8S-36</a> 1504 </li> 1505 1506 <li class="card__meta__item">Introduced through: 1507 [DocId: 37] 1508 <span class="list-paths__item__arrow">›</span> 1509 spec 1510 <span class="list-paths__item__arrow">›</span> 1511 template 1512 <span class="list-paths__item__arrow">›</span> 1513 spec 1514 <span class="list-paths__item__arrow">›</span> 1515 containers[dex] 1516 <span class="list-paths__item__arrow">›</span> 1517 ports 1518 1519 </li> 1520 1521 <li class="card__meta__item"> 1522 Line number: 1051 1523 </li> 1524 </ul> 1525 1526 <hr/> 1527 1528 <h2>Impact</h2> 1529 <p>Increases the attack surface of the application and the container.</p> 1530 1531 <h2>Remediation</h2> 1532 <p>Reduce `ports` count to 2</p> 1533 1534 1535 <hr/> 1536 </div><!-- .card__section --> 1537 1538 <div class="cta card__cta"> 1539 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-36">More about this issue</a></p> 1540 </div> 1541 1542 </div><!-- .card --> 1543 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1544 <h2 class="card__title">Container is running without liveness probe</h2> 1545 <div class="card__section"> 1546 1547 <div class="label label--low"> 1548 <span class="label__text">low severity</span> 1549 </div> 1550 1551 <hr/> 1552 1553 <ul class="card__meta"> 1554 <li class="card__meta__item"> 1555 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">SNYK-CC-K8S-41</a> 1556 </li> 1557 1558 <li class="card__meta__item">Introduced through: 1559 [DocId: 36] 1560 <span class="list-paths__item__arrow">›</span> 1561 spec 1562 <span class="list-paths__item__arrow">›</span> 1563 template 1564 <span class="list-paths__item__arrow">›</span> 1565 spec 1566 <span class="list-paths__item__arrow">›</span> 1567 containers[argocd-applicationset-controller] 1568 <span class="list-paths__item__arrow">›</span> 1569 livenessProbe 1570 1571 </li> 1572 1573 <li class="card__meta__item"> 1574 Line number: 770 1575 </li> 1576 </ul> 1577 1578 <hr/> 1579 1580 <h2>Impact</h2> 1581 <p>Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods</p> 1582 1583 <h2>Remediation</h2> 1584 <p>Add `livenessProbe` attribute</p> 1585 1586 1587 <hr/> 1588 </div><!-- .card__section --> 1589 1590 <div class="cta card__cta"> 1591 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">More about this issue</a></p> 1592 </div> 1593 1594 </div><!-- .card --> 1595 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1596 <h2 class="card__title">Container is running without liveness probe</h2> 1597 <div class="card__section"> 1598 1599 <div class="label label--low"> 1600 <span class="label__text">low severity</span> 1601 </div> 1602 1603 <hr/> 1604 1605 <ul class="card__meta"> 1606 <li class="card__meta__item"> 1607 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">SNYK-CC-K8S-41</a> 1608 </li> 1609 1610 <li class="card__meta__item">Introduced through: 1611 [DocId: 37] 1612 <span class="list-paths__item__arrow">›</span> 1613 spec 1614 <span class="list-paths__item__arrow">›</span> 1615 template 1616 <span class="list-paths__item__arrow">›</span> 1617 spec 1618 <span class="list-paths__item__arrow">›</span> 1619 containers[dex] 1620 <span class="list-paths__item__arrow">›</span> 1621 livenessProbe 1622 1623 </li> 1624 1625 <li class="card__meta__item"> 1626 Line number: 1019 1627 </li> 1628 </ul> 1629 1630 <hr/> 1631 1632 <h2>Impact</h2> 1633 <p>Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods</p> 1634 1635 <h2>Remediation</h2> 1636 <p>Add `livenessProbe` attribute</p> 1637 1638 1639 <hr/> 1640 </div><!-- .card__section --> 1641 1642 <div class="cta card__cta"> 1643 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">More about this issue</a></p> 1644 </div> 1645 1646 </div><!-- .card --> 1647 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1648 <h2 class="card__title">Container is running without liveness probe</h2> 1649 <div class="card__section"> 1650 1651 <div class="label label--low"> 1652 <span class="label__text">low severity</span> 1653 </div> 1654 1655 <hr/> 1656 1657 <ul class="card__meta"> 1658 <li class="card__meta__item"> 1659 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">SNYK-CC-K8S-41</a> 1660 </li> 1661 1662 <li class="card__meta__item">Introduced through: 1663 [DocId: 39] 1664 <span class="list-paths__item__arrow">›</span> 1665 spec 1666 <span class="list-paths__item__arrow">›</span> 1667 template 1668 <span class="list-paths__item__arrow">›</span> 1669 spec 1670 <span class="list-paths__item__arrow">›</span> 1671 containers[redis] 1672 <span class="list-paths__item__arrow">›</span> 1673 livenessProbe 1674 1675 </li> 1676 1677 <li class="card__meta__item"> 1678 Line number: 1246 1679 </li> 1680 </ul> 1681 1682 <hr/> 1683 1684 <h2>Impact</h2> 1685 <p>Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods</p> 1686 1687 <h2>Remediation</h2> 1688 <p>Add `livenessProbe` attribute</p> 1689 1690 1691 <hr/> 1692 </div><!-- .card__section --> 1693 1694 <div class="cta card__cta"> 1695 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">More about this issue</a></p> 1696 </div> 1697 1698 </div><!-- .card --> 1699 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1700 <h2 class="card__title">Container is running without memory limit</h2> 1701 <div class="card__section"> 1702 1703 <div class="label label--low"> 1704 <span class="label__text">low severity</span> 1705 </div> 1706 1707 <hr/> 1708 1709 <ul class="card__meta"> 1710 <li class="card__meta__item"> 1711 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 1712 </li> 1713 1714 <li class="card__meta__item">Introduced through: 1715 [DocId: 36] 1716 <span class="list-paths__item__arrow">›</span> 1717 input 1718 <span class="list-paths__item__arrow">›</span> 1719 spec 1720 <span class="list-paths__item__arrow">›</span> 1721 template 1722 <span class="list-paths__item__arrow">›</span> 1723 spec 1724 <span class="list-paths__item__arrow">›</span> 1725 containers[argocd-applicationset-controller] 1726 <span class="list-paths__item__arrow">›</span> 1727 resources 1728 <span class="list-paths__item__arrow">›</span> 1729 limits 1730 <span class="list-paths__item__arrow">›</span> 1731 memory 1732 1733 </li> 1734 1735 <li class="card__meta__item"> 1736 Line number: 770 1737 </li> 1738 </ul> 1739 1740 <hr/> 1741 1742 <h2>Impact</h2> 1743 <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p> 1744 1745 <h2>Remediation</h2> 1746 <p>Set `resources.limits.memory` value</p> 1747 1748 1749 <hr/> 1750 </div><!-- .card__section --> 1751 1752 <div class="cta card__cta"> 1753 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p> 1754 </div> 1755 1756 </div><!-- .card --> 1757 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1758 <h2 class="card__title">Container is running without memory limit</h2> 1759 <div class="card__section"> 1760 1761 <div class="label label--low"> 1762 <span class="label__text">low severity</span> 1763 </div> 1764 1765 <hr/> 1766 1767 <ul class="card__meta"> 1768 <li class="card__meta__item"> 1769 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 1770 </li> 1771 1772 <li class="card__meta__item">Introduced through: 1773 [DocId: 37] 1774 <span class="list-paths__item__arrow">›</span> 1775 input 1776 <span class="list-paths__item__arrow">›</span> 1777 spec 1778 <span class="list-paths__item__arrow">›</span> 1779 template 1780 <span class="list-paths__item__arrow">›</span> 1781 spec 1782 <span class="list-paths__item__arrow">›</span> 1783 containers[dex] 1784 <span class="list-paths__item__arrow">›</span> 1785 resources 1786 <span class="list-paths__item__arrow">›</span> 1787 limits 1788 <span class="list-paths__item__arrow">›</span> 1789 memory 1790 1791 </li> 1792 1793 <li class="card__meta__item"> 1794 Line number: 1019 1795 </li> 1796 </ul> 1797 1798 <hr/> 1799 1800 <h2>Impact</h2> 1801 <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p> 1802 1803 <h2>Remediation</h2> 1804 <p>Set `resources.limits.memory` value</p> 1805 1806 1807 <hr/> 1808 </div><!-- .card__section --> 1809 1810 <div class="cta card__cta"> 1811 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p> 1812 </div> 1813 1814 </div><!-- .card --> 1815 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1816 <h2 class="card__title">Container is running without memory limit</h2> 1817 <div class="card__section"> 1818 1819 <div class="label label--low"> 1820 <span class="label__text">low severity</span> 1821 </div> 1822 1823 <hr/> 1824 1825 <ul class="card__meta"> 1826 <li class="card__meta__item"> 1827 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 1828 </li> 1829 1830 <li class="card__meta__item">Introduced through: 1831 [DocId: 37] 1832 <span class="list-paths__item__arrow">›</span> 1833 input 1834 <span class="list-paths__item__arrow">›</span> 1835 spec 1836 <span class="list-paths__item__arrow">›</span> 1837 template 1838 <span class="list-paths__item__arrow">›</span> 1839 spec 1840 <span class="list-paths__item__arrow">›</span> 1841 initContainers[copyutil] 1842 <span class="list-paths__item__arrow">›</span> 1843 resources 1844 <span class="list-paths__item__arrow">›</span> 1845 limits 1846 <span class="list-paths__item__arrow">›</span> 1847 memory 1848 1849 </li> 1850 1851 <li class="card__meta__item"> 1852 Line number: 1071 1853 </li> 1854 </ul> 1855 1856 <hr/> 1857 1858 <h2>Impact</h2> 1859 <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p> 1860 1861 <h2>Remediation</h2> 1862 <p>Set `resources.limits.memory` value</p> 1863 1864 1865 <hr/> 1866 </div><!-- .card__section --> 1867 1868 <div class="cta card__cta"> 1869 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p> 1870 </div> 1871 1872 </div><!-- .card --> 1873 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1874 <h2 class="card__title">Container is running without memory limit</h2> 1875 <div class="card__section"> 1876 1877 <div class="label label--low"> 1878 <span class="label__text">low severity</span> 1879 </div> 1880 1881 <hr/> 1882 1883 <ul class="card__meta"> 1884 <li class="card__meta__item"> 1885 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 1886 </li> 1887 1888 <li class="card__meta__item">Introduced through: 1889 [DocId: 38] 1890 <span class="list-paths__item__arrow">›</span> 1891 input 1892 <span class="list-paths__item__arrow">›</span> 1893 spec 1894 <span class="list-paths__item__arrow">›</span> 1895 template 1896 <span class="list-paths__item__arrow">›</span> 1897 spec 1898 <span class="list-paths__item__arrow">›</span> 1899 containers[argocd-notifications-controller] 1900 <span class="list-paths__item__arrow">›</span> 1901 resources 1902 <span class="list-paths__item__arrow">›</span> 1903 limits 1904 <span class="list-paths__item__arrow">›</span> 1905 memory 1906 1907 </li> 1908 1909 <li class="card__meta__item"> 1910 Line number: 1133 1911 </li> 1912 </ul> 1913 1914 <hr/> 1915 1916 <h2>Impact</h2> 1917 <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p> 1918 1919 <h2>Remediation</h2> 1920 <p>Set `resources.limits.memory` value</p> 1921 1922 1923 <hr/> 1924 </div><!-- .card__section --> 1925 1926 <div class="cta card__cta"> 1927 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p> 1928 </div> 1929 1930 </div><!-- .card --> 1931 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1932 <h2 class="card__title">Container is running without memory limit</h2> 1933 <div class="card__section"> 1934 1935 <div class="label label--low"> 1936 <span class="label__text">low severity</span> 1937 </div> 1938 1939 <hr/> 1940 1941 <ul class="card__meta"> 1942 <li class="card__meta__item"> 1943 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 1944 </li> 1945 1946 <li class="card__meta__item">Introduced through: 1947 [DocId: 39] 1948 <span class="list-paths__item__arrow">›</span> 1949 input 1950 <span class="list-paths__item__arrow">›</span> 1951 spec 1952 <span class="list-paths__item__arrow">›</span> 1953 template 1954 <span class="list-paths__item__arrow">›</span> 1955 spec 1956 <span class="list-paths__item__arrow">›</span> 1957 containers[redis] 1958 <span class="list-paths__item__arrow">›</span> 1959 resources 1960 <span class="list-paths__item__arrow">›</span> 1961 limits 1962 <span class="list-paths__item__arrow">›</span> 1963 memory 1964 1965 </li> 1966 1967 <li class="card__meta__item"> 1968 Line number: 1246 1969 </li> 1970 </ul> 1971 1972 <hr/> 1973 1974 <h2>Impact</h2> 1975 <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p> 1976 1977 <h2>Remediation</h2> 1978 <p>Set `resources.limits.memory` value</p> 1979 1980 1981 <hr/> 1982 </div><!-- .card__section --> 1983 1984 <div class="cta card__cta"> 1985 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p> 1986 </div> 1987 1988 </div><!-- .card --> 1989 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 1990 <h2 class="card__title">Container is running without memory limit</h2> 1991 <div class="card__section"> 1992 1993 <div class="label label--low"> 1994 <span class="label__text">low severity</span> 1995 </div> 1996 1997 <hr/> 1998 1999 <ul class="card__meta"> 2000 <li class="card__meta__item"> 2001 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 2002 </li> 2003 2004 <li class="card__meta__item">Introduced through: 2005 [DocId: 39] 2006 <span class="list-paths__item__arrow">›</span> 2007 input 2008 <span class="list-paths__item__arrow">›</span> 2009 spec 2010 <span class="list-paths__item__arrow">›</span> 2011 template 2012 <span class="list-paths__item__arrow">›</span> 2013 spec 2014 <span class="list-paths__item__arrow">›</span> 2015 initContainers[secret-init] 2016 <span class="list-paths__item__arrow">›</span> 2017 resources 2018 <span class="list-paths__item__arrow">›</span> 2019 limits 2020 <span class="list-paths__item__arrow">›</span> 2021 memory 2022 2023 </li> 2024 2025 <li class="card__meta__item"> 2026 Line number: 1270 2027 </li> 2028 </ul> 2029 2030 <hr/> 2031 2032 <h2>Impact</h2> 2033 <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p> 2034 2035 <h2>Remediation</h2> 2036 <p>Set `resources.limits.memory` value</p> 2037 2038 2039 <hr/> 2040 </div><!-- .card__section --> 2041 2042 <div class="cta card__cta"> 2043 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p> 2044 </div> 2045 2046 </div><!-- .card --> 2047 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2048 <h2 class="card__title">Container is running without memory limit</h2> 2049 <div class="card__section"> 2050 2051 <div class="label label--low"> 2052 <span class="label__text">low severity</span> 2053 </div> 2054 2055 <hr/> 2056 2057 <ul class="card__meta"> 2058 <li class="card__meta__item"> 2059 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 2060 </li> 2061 2062 <li class="card__meta__item">Introduced through: 2063 [DocId: 40] 2064 <span class="list-paths__item__arrow">›</span> 2065 input 2066 <span class="list-paths__item__arrow">›</span> 2067 spec 2068 <span class="list-paths__item__arrow">›</span> 2069 template 2070 <span class="list-paths__item__arrow">›</span> 2071 spec 2072 <span class="list-paths__item__arrow">›</span> 2073 initContainers[copyutil] 2074 <span class="list-paths__item__arrow">›</span> 2075 resources 2076 <span class="list-paths__item__arrow">›</span> 2077 limits 2078 <span class="list-paths__item__arrow">›</span> 2079 memory 2080 2081 </li> 2082 2083 <li class="card__meta__item"> 2084 Line number: 1612 2085 </li> 2086 </ul> 2087 2088 <hr/> 2089 2090 <h2>Impact</h2> 2091 <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p> 2092 2093 <h2>Remediation</h2> 2094 <p>Set `resources.limits.memory` value</p> 2095 2096 2097 <hr/> 2098 </div><!-- .card__section --> 2099 2100 <div class="cta card__cta"> 2101 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p> 2102 </div> 2103 2104 </div><!-- .card --> 2105 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2106 <h2 class="card__title">Container is running without memory limit</h2> 2107 <div class="card__section"> 2108 2109 <div class="label label--low"> 2110 <span class="label__text">low severity</span> 2111 </div> 2112 2113 <hr/> 2114 2115 <ul class="card__meta"> 2116 <li class="card__meta__item"> 2117 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 2118 </li> 2119 2120 <li class="card__meta__item">Introduced through: 2121 [DocId: 40] 2122 <span class="list-paths__item__arrow">›</span> 2123 input 2124 <span class="list-paths__item__arrow">›</span> 2125 spec 2126 <span class="list-paths__item__arrow">›</span> 2127 template 2128 <span class="list-paths__item__arrow">›</span> 2129 spec 2130 <span class="list-paths__item__arrow">›</span> 2131 containers[argocd-repo-server] 2132 <span class="list-paths__item__arrow">›</span> 2133 resources 2134 <span class="list-paths__item__arrow">›</span> 2135 limits 2136 <span class="list-paths__item__arrow">›</span> 2137 memory 2138 2139 </li> 2140 2141 <li class="card__meta__item"> 2142 Line number: 1329 2143 </li> 2144 </ul> 2145 2146 <hr/> 2147 2148 <h2>Impact</h2> 2149 <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p> 2150 2151 <h2>Remediation</h2> 2152 <p>Set `resources.limits.memory` value</p> 2153 2154 2155 <hr/> 2156 </div><!-- .card__section --> 2157 2158 <div class="cta card__cta"> 2159 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p> 2160 </div> 2161 2162 </div><!-- .card --> 2163 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2164 <h2 class="card__title">Container is running without memory limit</h2> 2165 <div class="card__section"> 2166 2167 <div class="label label--low"> 2168 <span class="label__text">low severity</span> 2169 </div> 2170 2171 <hr/> 2172 2173 <ul class="card__meta"> 2174 <li class="card__meta__item"> 2175 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 2176 </li> 2177 2178 <li class="card__meta__item">Introduced through: 2179 [DocId: 41] 2180 <span class="list-paths__item__arrow">›</span> 2181 input 2182 <span class="list-paths__item__arrow">›</span> 2183 spec 2184 <span class="list-paths__item__arrow">›</span> 2185 template 2186 <span class="list-paths__item__arrow">›</span> 2187 spec 2188 <span class="list-paths__item__arrow">›</span> 2189 containers[argocd-server] 2190 <span class="list-paths__item__arrow">›</span> 2191 resources 2192 <span class="list-paths__item__arrow">›</span> 2193 limits 2194 <span class="list-paths__item__arrow">›</span> 2195 memory 2196 2197 </li> 2198 2199 <li class="card__meta__item"> 2200 Line number: 1699 2201 </li> 2202 </ul> 2203 2204 <hr/> 2205 2206 <h2>Impact</h2> 2207 <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p> 2208 2209 <h2>Remediation</h2> 2210 <p>Set `resources.limits.memory` value</p> 2211 2212 2213 <hr/> 2214 </div><!-- .card__section --> 2215 2216 <div class="cta card__cta"> 2217 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p> 2218 </div> 2219 2220 </div><!-- .card --> 2221 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2222 <h2 class="card__title">Container is running without memory limit</h2> 2223 <div class="card__section"> 2224 2225 <div class="label label--low"> 2226 <span class="label__text">low severity</span> 2227 </div> 2228 2229 <hr/> 2230 2231 <ul class="card__meta"> 2232 <li class="card__meta__item"> 2233 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a> 2234 </li> 2235 2236 <li class="card__meta__item">Introduced through: 2237 [DocId: 42] 2238 <span class="list-paths__item__arrow">›</span> 2239 input 2240 <span class="list-paths__item__arrow">›</span> 2241 spec 2242 <span class="list-paths__item__arrow">›</span> 2243 template 2244 <span class="list-paths__item__arrow">›</span> 2245 spec 2246 <span class="list-paths__item__arrow">›</span> 2247 containers[argocd-application-controller] 2248 <span class="list-paths__item__arrow">›</span> 2249 resources 2250 <span class="list-paths__item__arrow">›</span> 2251 limits 2252 <span class="list-paths__item__arrow">›</span> 2253 memory 2254 2255 </li> 2256 2257 <li class="card__meta__item"> 2258 Line number: 2109 2259 </li> 2260 </ul> 2261 2262 <hr/> 2263 2264 <h2>Impact</h2> 2265 <p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p> 2266 2267 <h2>Remediation</h2> 2268 <p>Set `resources.limits.memory` value</p> 2269 2270 2271 <hr/> 2272 </div><!-- .card__section --> 2273 2274 <div class="cta card__cta"> 2275 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p> 2276 </div> 2277 2278 </div><!-- .card --> 2279 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2280 <h2 class="card__title">Container's or Pod's UID could clash with host's UID</h2> 2281 <div class="card__section"> 2282 2283 <div class="label label--low"> 2284 <span class="label__text">low severity</span> 2285 </div> 2286 2287 <hr/> 2288 2289 <ul class="card__meta"> 2290 <li class="card__meta__item"> 2291 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 2292 </li> 2293 2294 <li class="card__meta__item">Introduced through: 2295 [DocId: 36] 2296 <span class="list-paths__item__arrow">›</span> 2297 input 2298 <span class="list-paths__item__arrow">›</span> 2299 spec 2300 <span class="list-paths__item__arrow">›</span> 2301 template 2302 <span class="list-paths__item__arrow">›</span> 2303 spec 2304 <span class="list-paths__item__arrow">›</span> 2305 containers[argocd-applicationset-controller] 2306 <span class="list-paths__item__arrow">›</span> 2307 securityContext 2308 <span class="list-paths__item__arrow">›</span> 2309 runAsUser 2310 2311 </li> 2312 2313 <li class="card__meta__item"> 2314 Line number: 941 2315 </li> 2316 </ul> 2317 2318 <hr/> 2319 2320 <h2>Impact</h2> 2321 <p>UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass</p> 2322 2323 <h2>Remediation</h2> 2324 <p>Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence</p> 2325 2326 2327 <hr/> 2328 </div><!-- .card__section --> 2329 2330 <div class="cta card__cta"> 2331 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p> 2332 </div> 2333 2334 </div><!-- .card --> 2335 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2336 <h2 class="card__title">Container's or Pod's UID could clash with host's UID</h2> 2337 <div class="card__section"> 2338 2339 <div class="label label--low"> 2340 <span class="label__text">low severity</span> 2341 </div> 2342 2343 <hr/> 2344 2345 <ul class="card__meta"> 2346 <li class="card__meta__item"> 2347 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 2348 </li> 2349 2350 <li class="card__meta__item">Introduced through: 2351 [DocId: 37] 2352 <span class="list-paths__item__arrow">›</span> 2353 input 2354 <span class="list-paths__item__arrow">›</span> 2355 spec 2356 <span class="list-paths__item__arrow">›</span> 2357 template 2358 <span class="list-paths__item__arrow">›</span> 2359 spec 2360 <span class="list-paths__item__arrow">›</span> 2361 initContainers[copyutil] 2362 <span class="list-paths__item__arrow">›</span> 2363 securityContext 2364 <span class="list-paths__item__arrow">›</span> 2365 runAsUser 2366 2367 </li> 2368 2369 <li class="card__meta__item"> 2370 Line number: 1079 2371 </li> 2372 </ul> 2373 2374 <hr/> 2375 2376 <h2>Impact</h2> 2377 <p>UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass</p> 2378 2379 <h2>Remediation</h2> 2380 <p>Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence</p> 2381 2382 2383 <hr/> 2384 </div><!-- .card__section --> 2385 2386 <div class="cta card__cta"> 2387 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p> 2388 </div> 2389 2390 </div><!-- .card --> 2391 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2392 <h2 class="card__title">Container's or Pod's UID could clash with host's UID</h2> 2393 <div class="card__section"> 2394 2395 <div class="label label--low"> 2396 <span class="label__text">low severity</span> 2397 </div> 2398 2399 <hr/> 2400 2401 <ul class="card__meta"> 2402 <li class="card__meta__item"> 2403 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 2404 </li> 2405 2406 <li class="card__meta__item">Introduced through: 2407 [DocId: 37] 2408 <span class="list-paths__item__arrow">›</span> 2409 input 2410 <span class="list-paths__item__arrow">›</span> 2411 spec 2412 <span class="list-paths__item__arrow">›</span> 2413 template 2414 <span class="list-paths__item__arrow">›</span> 2415 spec 2416 <span class="list-paths__item__arrow">›</span> 2417 containers[dex] 2418 <span class="list-paths__item__arrow">›</span> 2419 securityContext 2420 <span class="list-paths__item__arrow">›</span> 2421 runAsUser 2422 2423 </li> 2424 2425 <li class="card__meta__item"> 2426 Line number: 1054 2427 </li> 2428 </ul> 2429 2430 <hr/> 2431 2432 <h2>Impact</h2> 2433 <p>UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass</p> 2434 2435 <h2>Remediation</h2> 2436 <p>Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence</p> 2437 2438 2439 <hr/> 2440 </div><!-- .card__section --> 2441 2442 <div class="cta card__cta"> 2443 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p> 2444 </div> 2445 2446 </div><!-- .card --> 2447 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2448 <h2 class="card__title">Container's or Pod's UID could clash with host's UID</h2> 2449 <div class="card__section"> 2450 2451 <div class="label label--low"> 2452 <span class="label__text">low severity</span> 2453 </div> 2454 2455 <hr/> 2456 2457 <ul class="card__meta"> 2458 <li class="card__meta__item"> 2459 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 2460 </li> 2461 2462 <li class="card__meta__item">Introduced through: 2463 [DocId: 38] 2464 <span class="list-paths__item__arrow">›</span> 2465 input 2466 <span class="list-paths__item__arrow">›</span> 2467 spec 2468 <span class="list-paths__item__arrow">›</span> 2469 template 2470 <span class="list-paths__item__arrow">›</span> 2471 spec 2472 <span class="list-paths__item__arrow">›</span> 2473 containers[argocd-notifications-controller] 2474 <span class="list-paths__item__arrow">›</span> 2475 securityContext 2476 <span class="list-paths__item__arrow">›</span> 2477 runAsUser 2478 2479 </li> 2480 2481 <li class="card__meta__item"> 2482 Line number: 1178 2483 </li> 2484 </ul> 2485 2486 <hr/> 2487 2488 <h2>Impact</h2> 2489 <p>UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass</p> 2490 2491 <h2>Remediation</h2> 2492 <p>Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence</p> 2493 2494 2495 <hr/> 2496 </div><!-- .card__section --> 2497 2498 <div class="cta card__cta"> 2499 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p> 2500 </div> 2501 2502 </div><!-- .card --> 2503 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2504 <h2 class="card__title">Container's or Pod's UID could clash with host's UID</h2> 2505 <div class="card__section"> 2506 2507 <div class="label label--low"> 2508 <span class="label__text">low severity</span> 2509 </div> 2510 2511 <hr/> 2512 2513 <ul class="card__meta"> 2514 <li class="card__meta__item"> 2515 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 2516 </li> 2517 2518 <li class="card__meta__item">Introduced through: 2519 [DocId: 39] 2520 <span class="list-paths__item__arrow">›</span> 2521 input 2522 <span class="list-paths__item__arrow">›</span> 2523 spec 2524 <span class="list-paths__item__arrow">›</span> 2525 template 2526 <span class="list-paths__item__arrow">›</span> 2527 spec 2528 <span class="list-paths__item__arrow">›</span> 2529 containers[redis] 2530 <span class="list-paths__item__arrow">›</span> 2531 securityContext 2532 <span class="list-paths__item__arrow">›</span> 2533 runAsUser 2534 2535 </li> 2536 2537 <li class="card__meta__item"> 2538 Line number: 1263 2539 </li> 2540 </ul> 2541 2542 <hr/> 2543 2544 <h2>Impact</h2> 2545 <p>UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass</p> 2546 2547 <h2>Remediation</h2> 2548 <p>Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence</p> 2549 2550 2551 <hr/> 2552 </div><!-- .card__section --> 2553 2554 <div class="cta card__cta"> 2555 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p> 2556 </div> 2557 2558 </div><!-- .card --> 2559 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2560 <h2 class="card__title">Container's or Pod's UID could clash with host's UID</h2> 2561 <div class="card__section"> 2562 2563 <div class="label label--low"> 2564 <span class="label__text">low severity</span> 2565 </div> 2566 2567 <hr/> 2568 2569 <ul class="card__meta"> 2570 <li class="card__meta__item"> 2571 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 2572 </li> 2573 2574 <li class="card__meta__item">Introduced through: 2575 [DocId: 39] 2576 <span class="list-paths__item__arrow">›</span> 2577 input 2578 <span class="list-paths__item__arrow">›</span> 2579 spec 2580 <span class="list-paths__item__arrow">›</span> 2581 template 2582 <span class="list-paths__item__arrow">›</span> 2583 spec 2584 <span class="list-paths__item__arrow">›</span> 2585 initContainers[secret-init] 2586 <span class="list-paths__item__arrow">›</span> 2587 securityContext 2588 <span class="list-paths__item__arrow">›</span> 2589 runAsUser 2590 2591 </li> 2592 2593 <li class="card__meta__item"> 2594 Line number: 1277 2595 </li> 2596 </ul> 2597 2598 <hr/> 2599 2600 <h2>Impact</h2> 2601 <p>UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass</p> 2602 2603 <h2>Remediation</h2> 2604 <p>Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence</p> 2605 2606 2607 <hr/> 2608 </div><!-- .card__section --> 2609 2610 <div class="cta card__cta"> 2611 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p> 2612 </div> 2613 2614 </div><!-- .card --> 2615 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2616 <h2 class="card__title">Container's or Pod's UID could clash with host's UID</h2> 2617 <div class="card__section"> 2618 2619 <div class="label label--low"> 2620 <span class="label__text">low severity</span> 2621 </div> 2622 2623 <hr/> 2624 2625 <ul class="card__meta"> 2626 <li class="card__meta__item"> 2627 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 2628 </li> 2629 2630 <li class="card__meta__item">Introduced through: 2631 [DocId: 40] 2632 <span class="list-paths__item__arrow">›</span> 2633 input 2634 <span class="list-paths__item__arrow">›</span> 2635 spec 2636 <span class="list-paths__item__arrow">›</span> 2637 template 2638 <span class="list-paths__item__arrow">›</span> 2639 spec 2640 <span class="list-paths__item__arrow">›</span> 2641 initContainers[copyutil] 2642 <span class="list-paths__item__arrow">›</span> 2643 securityContext 2644 <span class="list-paths__item__arrow">›</span> 2645 runAsUser 2646 2647 </li> 2648 2649 <li class="card__meta__item"> 2650 Line number: 1619 2651 </li> 2652 </ul> 2653 2654 <hr/> 2655 2656 <h2>Impact</h2> 2657 <p>UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass</p> 2658 2659 <h2>Remediation</h2> 2660 <p>Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence</p> 2661 2662 2663 <hr/> 2664 </div><!-- .card__section --> 2665 2666 <div class="cta card__cta"> 2667 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p> 2668 </div> 2669 2670 </div><!-- .card --> 2671 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2672 <h2 class="card__title">Container's or Pod's UID could clash with host's UID</h2> 2673 <div class="card__section"> 2674 2675 <div class="label label--low"> 2676 <span class="label__text">low severity</span> 2677 </div> 2678 2679 <hr/> 2680 2681 <ul class="card__meta"> 2682 <li class="card__meta__item"> 2683 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 2684 </li> 2685 2686 <li class="card__meta__item">Introduced through: 2687 [DocId: 40] 2688 <span class="list-paths__item__arrow">›</span> 2689 input 2690 <span class="list-paths__item__arrow">›</span> 2691 spec 2692 <span class="list-paths__item__arrow">›</span> 2693 template 2694 <span class="list-paths__item__arrow">›</span> 2695 spec 2696 <span class="list-paths__item__arrow">›</span> 2697 containers[argocd-repo-server] 2698 <span class="list-paths__item__arrow">›</span> 2699 securityContext 2700 <span class="list-paths__item__arrow">›</span> 2701 runAsUser 2702 2703 </li> 2704 2705 <li class="card__meta__item"> 2706 Line number: 1585 2707 </li> 2708 </ul> 2709 2710 <hr/> 2711 2712 <h2>Impact</h2> 2713 <p>UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass</p> 2714 2715 <h2>Remediation</h2> 2716 <p>Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence</p> 2717 2718 2719 <hr/> 2720 </div><!-- .card__section --> 2721 2722 <div class="cta card__cta"> 2723 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p> 2724 </div> 2725 2726 </div><!-- .card --> 2727 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2728 <h2 class="card__title">Container's or Pod's UID could clash with host's UID</h2> 2729 <div class="card__section"> 2730 2731 <div class="label label--low"> 2732 <span class="label__text">low severity</span> 2733 </div> 2734 2735 <hr/> 2736 2737 <ul class="card__meta"> 2738 <li class="card__meta__item"> 2739 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 2740 </li> 2741 2742 <li class="card__meta__item">Introduced through: 2743 [DocId: 41] 2744 <span class="list-paths__item__arrow">›</span> 2745 input 2746 <span class="list-paths__item__arrow">›</span> 2747 spec 2748 <span class="list-paths__item__arrow">›</span> 2749 template 2750 <span class="list-paths__item__arrow">›</span> 2751 spec 2752 <span class="list-paths__item__arrow">›</span> 2753 containers[argocd-server] 2754 <span class="list-paths__item__arrow">›</span> 2755 securityContext 2756 <span class="list-paths__item__arrow">›</span> 2757 runAsUser 2758 2759 </li> 2760 2761 <li class="card__meta__item"> 2762 Line number: 2008 2763 </li> 2764 </ul> 2765 2766 <hr/> 2767 2768 <h2>Impact</h2> 2769 <p>UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass</p> 2770 2771 <h2>Remediation</h2> 2772 <p>Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence</p> 2773 2774 2775 <hr/> 2776 </div><!-- .card__section --> 2777 2778 <div class="cta card__cta"> 2779 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p> 2780 </div> 2781 2782 </div><!-- .card --> 2783 <div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low"> 2784 <h2 class="card__title">Container's or Pod's UID could clash with host's UID</h2> 2785 <div class="card__section"> 2786 2787 <div class="label label--low"> 2788 <span class="label__text">low severity</span> 2789 </div> 2790 2791 <hr/> 2792 2793 <ul class="card__meta"> 2794 <li class="card__meta__item"> 2795 Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a> 2796 </li> 2797 2798 <li class="card__meta__item">Introduced through: 2799 [DocId: 42] 2800 <span class="list-paths__item__arrow">›</span> 2801 input 2802 <span class="list-paths__item__arrow">›</span> 2803 spec 2804 <span class="list-paths__item__arrow">›</span> 2805 template 2806 <span class="list-paths__item__arrow">›</span> 2807 spec 2808 <span class="list-paths__item__arrow">›</span> 2809 containers[argocd-application-controller] 2810 <span class="list-paths__item__arrow">›</span> 2811 securityContext 2812 <span class="list-paths__item__arrow">›</span> 2813 runAsUser 2814 2815 </li> 2816 2817 <li class="card__meta__item"> 2818 Line number: 2378 2819 </li> 2820 </ul> 2821 2822 <hr/> 2823 2824 <h2>Impact</h2> 2825 <p>UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass</p> 2826 2827 <h2>Remediation</h2> 2828 <p>Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence</p> 2829 2830 2831 <hr/> 2832 </div><!-- .card__section --> 2833 2834 <div class="cta card__cta"> 2835 <p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p> 2836 </div> 2837 2838 </div><!-- .card --> 2839 </div> 2840 </div> 2841 2842 </main><!-- .layout-stacked__content --> 2843 </body> 2844 2845 </html>