github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/compliance/report/testdata/table_all.txt (about) 1 2 Deployment/metrics-server (kubernetes) 3 ====================================== 4 Tests: 1 (SUCCESSES: 1, FAILURES: 0, EXCEPTIONS: 0) 5 Failures: 0 () 6 7 MEDIUM: Container 'metrics-server' of Deployment 'metrics-server' should set 'securityContext.allowPrivilegeEscalation' to false 8 ════════════════════════════════════════ 9 A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node. 10 11 See https://avd.aquasec.com/misconfig/ksv001 12 ──────────────────────────────────────── 13 Deployment/metrics-server:132-140 14 ──────────────────────────────────────── 15 132 ┌ - image: rancher/metrics-server:v0.3.6 16 133 │ imagePullPolicy: IfNotPresent 17 134 │ name: metrics-server 18 135 │ resources: {} 19 136 │ terminationMessagePath: /dev/termination-log 20 137 │ terminationMessagePolicy: File 21 138 │ volumeMounts: 22 139 │ - mountPath: /tmp 23 140 └ name: tmp-dir 24 ──────────────────────────────────────── 25 26 27 28 Deployment/metrics-server (kubernetes) 29 ====================================== 30 Tests: 1 (SUCCESSES: 1, FAILURES: 0, EXCEPTIONS: 0) 31 Failures: 0 () 32 33 LOW: Container 'metrics-server' of Deployment 'metrics-server' should add 'ALL' to 'securityContext.capabilities.drop' 34 ════════════════════════════════════════ 35 The container should drop all default capabilities and add only those that are needed for its execution. 36 37 See https://avd.aquasec.com/misconfig/ksv003 38 ──────────────────────────────────────── 39 Deployment/metrics-server:132-140 40 ──────────────────────────────────────── 41 132 ┌ - image: rancher/metrics-server:v0.3.6 42 133 │ imagePullPolicy: IfNotPresent 43 134 │ name: metrics-server 44 135 │ resources: {} 45 136 │ terminationMessagePath: /dev/termination-log 46 137 │ terminationMessagePolicy: File 47 138 │ volumeMounts: 48 139 │ - mountPath: /tmp 49 140 └ name: tmp-dir 50 ──────────────────────────────────────── 51 52