github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/compliance/report/testdata/table_all.txt

github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/compliance/report/testdata/table_all.txt (about)

     1  
     2  Deployment/metrics-server (kubernetes)
     3  ======================================
     4  Tests: 1 (SUCCESSES: 1, FAILURES: 0, EXCEPTIONS: 0)
     5  Failures: 0 ()
     6  
     7  MEDIUM: Container 'metrics-server' of Deployment 'metrics-server' should set 'securityContext.allowPrivilegeEscalation' to false
     8  ════════════════════════════════════════
     9  A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.
    10  
    11  See https://avd.aquasec.com/misconfig/ksv001
    12  ────────────────────────────────────────
    13   Deployment/metrics-server:132-140
    14  ────────────────────────────────────────
    15   132 ┌                 - image: rancher/metrics-server:v0.3.6
    16   133 │                   imagePullPolicy: IfNotPresent
    17   134 │                   name: metrics-server
    18   135 │                   resources: {}
    19   136 │                   terminationMessagePath: /dev/termination-log
    20   137 │                   terminationMessagePolicy: File
    21   138 │                   volumeMounts:
    22   139 │                     - mountPath: /tmp
    23   140 └                       name: tmp-dir
    24  ────────────────────────────────────────
    25  
    26  
    27  
    28  Deployment/metrics-server (kubernetes)
    29  ======================================
    30  Tests: 1 (SUCCESSES: 1, FAILURES: 0, EXCEPTIONS: 0)
    31  Failures: 0 ()
    32  
    33  LOW: Container 'metrics-server' of Deployment 'metrics-server' should add 'ALL' to 'securityContext.capabilities.drop'
    34  ════════════════════════════════════════
    35  The container should drop all default capabilities and add only those that are needed for its execution.
    36  
    37  See https://avd.aquasec.com/misconfig/ksv003
    38  ────────────────────────────────────────
    39   Deployment/metrics-server:132-140
    40  ────────────────────────────────────────
    41   132 ┌                 - image: rancher/metrics-server:v0.3.6
    42   133 │                   imagePullPolicy: IfNotPresent
    43   134 │                   name: metrics-server
    44   135 │                   resources: {}
    45   136 │                   terminationMessagePath: /dev/termination-log
    46   137 │                   terminationMessagePolicy: File
    47   138 │                   volumeMounts:
    48   139 │                     - mountPath: /tmp
    49   140 └                       name: tmp-dir
    50  ────────────────────────────────────────
    51  
    52