Identified Risks
This table shows all the identified risks for this asset.
Filename | Message | Scanner |
|---|---|---|
attestation-resources/deployment.yaml | Readiness Probe Should be Configured | iac |
attestation-resources/deployment.yaml | CPU requests should be set | iac |
attestation-resources/deployment.yaml | Apply security context to your containers | iac |
attestation-resources/deployment.yaml | Minimize the admission of containers with the NET_RAW capability | iac |
attestation-resources/deployment.yaml | Ensure that Service Account Tokens are only mounted where necessary | iac |
attestation-resources/deployment.yaml | Apply security context to your pods and containers | iac |
attestation-resources/deployment.yaml | Minimize the admission of containers with capabilities assigned | iac |
attestation-resources/deployment.yaml | Image should use digest | iac |
attestation-resources/deployment.yaml | CPU limits should be set | iac |
attestation-resources/deployment.yaml | Minimize the admission of root containers | iac |
attestation-resources/cosign.key | private-key has detected secret for file attestation-resources/cosign.key at commit 87f606c188edc371acfc2ba587663b958da9a768. | secret-scanning |
leaks-baseline.json | private-key has detected secret for file leaks-baseline.json at commit 42a48857d3e06d2f18b0611d7f37cf98627ee4f9. | secret-scanning |
leaks-baseline.json | private-key has detected secret for file leaks-baseline.json at commit 42a48857d3e06d2f18b0611d7f37cf98627ee4f9. | secret-scanning |
src/pages/self-hosting-devguard/kubernetes.mdx | generic-api-key has detected secret for file src/pages/self-hosting-devguard/kubernetes.mdx at commit a557af3d6218f7eecde81dd44d6f4cac908a57b7. | secret-scanning |
attestation-resources/deployment.yaml | Memory requests should be set | iac |
attestation-resources/deployment.yaml | Use read-only filesystem for containers where possible | iac |
attestation-resources/deployment.yaml | Containers should run as a high UID to avoid host conflict | iac |
attestation-resources/deployment.yaml | Containers should not run with allowPrivilegeEscalation | iac |
attestation-resources/deployment.yaml | Memory limits should be set | iac |
attestation-resources/deployment.yaml | Ensure that the seccomp profile is set to docker/default or runtime/default | iac |
attestation-resources/deployment.yaml | Liveness Probe Should be Configured | iac |
attestation-resources/deployment.yaml | Minimize the admission of pods which lack an associated NetworkPolicy | iac |
Dockerfile | Ensure that HEALTHCHECK instructions have been added to container images | iac |
.github/workflows/licenses.yaml | Ensure top-level permissions are not set to write-all | iac |
.github/workflows/devsecops.yaml | Ensure top-level permissions are not set to write-all | iac |
Showing 1 of 2 pages (27 items)