docs: updated kubescape reports

chgl · Jan 2, 2025 · bff5f37 · bff5f37
1 parent 881bac5
commit bff5f37
Show file tree

Hide file tree

Showing 2 changed files with 109 additions and 109 deletions.
diff --git a/kubescape-reports/cis-v1.23-t1.0.1.html b/kubescape-reports/cis-v1.23-t1.0.1.html
@@ -320,10 +320,10 @@ <h2>Failed Resources:</h2>
     </br>
 
 
-    <h3>Name: -magnifhir</h3>
-      <p>ApiVersion: apps/v1</p>
-      <p>Kind: Deployment</p>
-      <p>Name: -magnifhir</p>
+    <h3>Name: -fhir-server-exporter-test-metrics-endpoint</h3>
+      <p>ApiVersion: v1</p>
+      <p>Kind: Pod</p>
+      <p>Name: -fhir-server-exporter-test-metrics-endpoint</p>
       <p>Namespace: </p>
       <table>
         <thead>
@@ -340,7 +340,7 @@ <h3>Name: -magnifhir</h3>
           <td class="resourceSeverityCell">High</td>
           <td class="resourceNameCell">CIS-5.7.3 Apply Security Context to Your Pods and Containers</td>
           <td class="resourceURLCell"><a href="https://hub.armosec.io/docs/c-0211">C-0211</a></td>
-          <td class="resourceRemediationCell"> <p>spec.template.spec.containers[0].securityContext.seLinuxOptions=YOUR_VALUE</p>  <p>spec.template.spec.securityContext.fsGroup=YOUR_VALUE</p>  <p>spec.template.spec.securityContext.fsGroupChangePolicy=Always</p>  <p>spec.template.spec.securityContext.sysctls.name=YOUR_VALUE</p>  <p>spec.template.spec.securityContext.sysctls.value=YOUR_VALUE</p>  <p>spec.template.spec.securityContext.supplementalGroups=YOUR_VALUE</p> </td>
+          <td class="resourceRemediationCell"> <p>spec.containers[0].securityContext.seLinuxOptions=YOUR_VALUE</p>  <p>spec.securityContext.sysctls.name=YOUR_VALUE</p>  <p>spec.securityContext.sysctls.value=YOUR_VALUE</p>  <p>spec.securityContext.supplementalGroups=YOUR_VALUE</p> </td>
         </tr>
 
         </tbody>
@@ -374,33 +374,6 @@ <h3>Name: -fhir-server-exporter</h3>
       </table>
     </div>
 
-    <h3>Name: -fhir-server-exporter-test-metrics-endpoint</h3>
-      <p>ApiVersion: v1</p>
-      <p>Kind: Pod</p>
-      <p>Name: -fhir-server-exporter-test-metrics-endpoint</p>
-      <p>Namespace: </p>
-      <table>
-        <thead>
-        <tr>
-          <th class="resourceSeverityCell">Severity</th>
-          <th class="resourceNameCell">Name</th>
-          <th class="resourceURLCell">Docs</th>
-          <th class="resourceRemediationCell">Assisted Remediation</th>
-        </tr>
-        </thead>
-        <tbody>
-
-        <tr>
-          <td class="resourceSeverityCell">High</td>
-          <td class="resourceNameCell">CIS-5.7.3 Apply Security Context to Your Pods and Containers</td>
-          <td class="resourceURLCell"><a href="https://hub.armosec.io/docs/c-0211">C-0211</a></td>
-          <td class="resourceRemediationCell"> <p>spec.containers[0].securityContext.seLinuxOptions=YOUR_VALUE</p>  <p>spec.securityContext.sysctls.name=YOUR_VALUE</p>  <p>spec.securityContext.sysctls.value=YOUR_VALUE</p>  <p>spec.securityContext.supplementalGroups=YOUR_VALUE</p> </td>
-        </tr>
-
-        </tbody>
-      </table>
-    </div>
-
     <h3>Name: -pathling-server-test-connection</h3>
       <p>ApiVersion: v1</p>
       <p>Kind: Pod</p>
@@ -489,10 +462,10 @@ <h3>Name: -ohdsi-webapi</h3>
       </table>
     </div>
 
-    <h3>Name: -ohdsi-test-connection</h3>
+    <h3>Name: -fhir-server-test-connection</h3>
       <p>ApiVersion: v1</p>
       <p>Kind: Pod</p>
-      <p>Name: -ohdsi-test-connection</p>
+      <p>Name: -fhir-server-test-connection</p>
       <p>Namespace: </p>
       <table>
         <thead>
@@ -516,10 +489,10 @@ <h3>Name: -ohdsi-test-connection</h3>
       </table>
     </div>
 
-    <h3>Name: -ohdsi-atlas</h3>
+    <h3>Name: -fhir-server</h3>
       <p>ApiVersion: apps/v1</p>
       <p>Kind: Deployment</p>
-      <p>Name: -ohdsi-atlas</p>
+      <p>Name: -fhir-server</p>
       <p>Namespace: </p>
       <table>
         <thead>
@@ -532,21 +505,28 @@ <h3>Name: -ohdsi-atlas</h3>
         </thead>
         <tbody>
 
+        <tr>
+          <td class="resourceSeverityCell">Medium</td>
+          <td class="resourceNameCell">CIS-5.4.1 Prefer using secrets as files over secrets as environment variables</td>
+          <td class="resourceURLCell"><a href="https://hub.armosec.io/docs/c-0207">C-0207</a></td>
+          <td class="resourceRemediationCell"> <p>spec.template.spec.containers[0].env[10].name</p>  <p>spec.template.spec.containers[0].env[11].name</p>  <p>spec.template.spec.containers[0].env[9].name</p> </td>
+        </tr>
+
         <tr>
           <td class="resourceSeverityCell">High</td>
           <td class="resourceNameCell">CIS-5.7.3 Apply Security Context to Your Pods and Containers</td>
           <td class="resourceURLCell"><a href="https://hub.armosec.io/docs/c-0211">C-0211</a></td>
-          <td class="resourceRemediationCell"> <p>spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem=true</p>  <p>spec.template.spec.containers[0].securityContext.seLinuxOptions=YOUR_VALUE</p>  <p>spec.template.spec.securityContext.sysctls.name=YOUR_VALUE</p>  <p>spec.template.spec.securityContext.sysctls.value=YOUR_VALUE</p>  <p>spec.template.spec.securityContext.supplementalGroups=YOUR_VALUE</p> </td>
+          <td class="resourceRemediationCell"> <p>spec.template.spec.containers[0].securityContext.seLinuxOptions=YOUR_VALUE</p>  <p>spec.template.spec.securityContext.fsGroup=YOUR_VALUE</p>  <p>spec.template.spec.securityContext.fsGroupChangePolicy=Always</p>  <p>spec.template.spec.securityContext.sysctls.name=YOUR_VALUE</p>  <p>spec.template.spec.securityContext.sysctls.value=YOUR_VALUE</p>  <p>spec.template.spec.securityContext.supplementalGroups=YOUR_VALUE</p> </td>
         </tr>
 
         </tbody>
       </table>
     </div>
 
-    <h3>Name: -postgresql</h3>
+    <h3>Name: -pathling-server</h3>
       <p>ApiVersion: apps/v1</p>
-      <p>Kind: StatefulSet</p>
-      <p>Name: -postgresql</p>
+      <p>Kind: Deployment</p>
+      <p>Name: -pathling-server</p>
       <p>Namespace: </p>
       <table>
         <thead>
@@ -563,17 +543,24 @@ <h3>Name: -postgresql</h3>
           <td class="resourceSeverityCell">Medium</td>
           <td class="resourceNameCell">CIS-5.4.1 Prefer using secrets as files over secrets as environment variables</td>
           <td class="resourceURLCell"><a href="https://hub.armosec.io/docs/c-0207">C-0207</a></td>
-          <td class="resourceRemediationCell"> <p>spec.template.spec.containers[0].env[4].name</p> </td>
+          <td class="resourceRemediationCell"> <p>spec.template.spec.containers[0].env[4].name</p>  <p>spec.template.spec.containers[0].env[5].name</p> </td>
+        </tr>
+
+        <tr>
+          <td class="resourceSeverityCell">High</td>
+          <td class="resourceNameCell">CIS-5.7.3 Apply Security Context to Your Pods and Containers</td>
+          <td class="resourceURLCell"><a href="https://hub.armosec.io/docs/c-0211">C-0211</a></td>
+          <td class="resourceRemediationCell"> <p>spec.template.spec.containers[0].securityContext.seLinuxOptions=YOUR_VALUE</p>  <p>spec.template.spec.securityContext.fsGroup=YOUR_VALUE</p>  <p>spec.template.spec.securityContext.fsGroupChangePolicy=Always</p>  <p>spec.template.spec.securityContext.sysctls.name=YOUR_VALUE</p>  <p>spec.template.spec.securityContext.sysctls.value=YOUR_VALUE</p>  <p>spec.template.spec.securityContext.supplementalGroups=YOUR_VALUE</p> </td>
         </tr>
 
         </tbody>
       </table>
     </div>
 
-    <h3>Name: -pathling-server</h3>
-      <p>ApiVersion: apps/v1</p>
-      <p>Kind: Deployment</p>
-      <p>Name: -pathling-server</p>
+    <h3>Name: -magnifhir-test</h3>
+      <p>ApiVersion: v1</p>
+      <p>Kind: Pod</p>
+      <p>Name: -magnifhir-test</p>
       <p>Namespace: </p>
       <table>
         <thead>
@@ -586,28 +573,21 @@ <h3>Name: -pathling-server</h3>
         </thead>
         <tbody>
 
-        <tr>
-          <td class="resourceSeverityCell">Medium</td>
-          <td class="resourceNameCell">CIS-5.4.1 Prefer using secrets as files over secrets as environment variables</td>
-          <td class="resourceURLCell"><a href="https://hub.armosec.io/docs/c-0207">C-0207</a></td>
-          <td class="resourceRemediationCell"> <p>spec.template.spec.containers[0].env[4].name</p>  <p>spec.template.spec.containers[0].env[5].name</p> </td>
-        </tr>
-
         <tr>
           <td class="resourceSeverityCell">High</td>
           <td class="resourceNameCell">CIS-5.7.3 Apply Security Context to Your Pods and Containers</td>
           <td class="resourceURLCell"><a href="https://hub.armosec.io/docs/c-0211">C-0211</a></td>
-          <td class="resourceRemediationCell"> <p>spec.template.spec.containers[0].securityContext.seLinuxOptions=YOUR_VALUE</p>  <p>spec.template.spec.securityContext.fsGroup=YOUR_VALUE</p>  <p>spec.template.spec.securityContext.fsGroupChangePolicy=Always</p>  <p>spec.template.spec.securityContext.sysctls.name=YOUR_VALUE</p>  <p>spec.template.spec.securityContext.sysctls.value=YOUR_VALUE</p>  <p>spec.template.spec.securityContext.supplementalGroups=YOUR_VALUE</p> </td>
+          <td class="resourceRemediationCell"> <p>spec.containers[0].securityContext.seLinuxOptions=YOUR_VALUE</p>  <p>spec.containers[1].securityContext.seLinuxOptions=YOUR_VALUE</p>  <p>spec.securityContext.sysctls.name=YOUR_VALUE</p>  <p>spec.securityContext.sysctls.value=YOUR_VALUE</p>  <p>spec.securityContext.supplementalGroups=YOUR_VALUE</p> </td>
         </tr>
 
         </tbody>
       </table>
     </div>
 
-    <h3>Name: -fhir-server</h3>
+    <h3>Name: -ohdsi-atlas</h3>
       <p>ApiVersion: apps/v1</p>
       <p>Kind: Deployment</p>
-      <p>Name: -fhir-server</p>
+      <p>Name: -ohdsi-atlas</p>
       <p>Namespace: </p>
       <table>
         <thead>
@@ -621,12 +601,32 @@ <h3>Name: -fhir-server</h3>
         <tbody>
 
         <tr>
-          <td class="resourceSeverityCell">Medium</td>
-          <td class="resourceNameCell">CIS-5.4.1 Prefer using secrets as files over secrets as environment variables</td>
-          <td class="resourceURLCell"><a href="https://hub.armosec.io/docs/c-0207">C-0207</a></td>
-          <td class="resourceRemediationCell"> <p>spec.template.spec.containers[0].env[10].name</p>  <p>spec.template.spec.containers[0].env[11].name</p>  <p>spec.template.spec.containers[0].env[9].name</p> </td>
+          <td class="resourceSeverityCell">High</td>
+          <td class="resourceNameCell">CIS-5.7.3 Apply Security Context to Your Pods and Containers</td>
+          <td class="resourceURLCell"><a href="https://hub.armosec.io/docs/c-0211">C-0211</a></td>
+          <td class="resourceRemediationCell"> <p>spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem=true</p>  <p>spec.template.spec.containers[0].securityContext.seLinuxOptions=YOUR_VALUE</p>  <p>spec.template.spec.securityContext.sysctls.name=YOUR_VALUE</p>  <p>spec.template.spec.securityContext.sysctls.value=YOUR_VALUE</p>  <p>spec.template.spec.securityContext.supplementalGroups=YOUR_VALUE</p> </td>
         </tr>
 
+        </tbody>
+      </table>
+    </div>
+
+    <h3>Name: -magnifhir</h3>
+      <p>ApiVersion: apps/v1</p>
+      <p>Kind: Deployment</p>
+      <p>Name: -magnifhir</p>
+      <p>Namespace: </p>
+      <table>
+        <thead>
+        <tr>
+          <th class="resourceSeverityCell">Severity</th>
+          <th class="resourceNameCell">Name</th>
+          <th class="resourceURLCell">Docs</th>
+          <th class="resourceRemediationCell">Assisted Remediation</th>
+        </tr>
+        </thead>
+        <tbody>
+
         <tr>
           <td class="resourceSeverityCell">High</td>
           <td class="resourceNameCell">CIS-5.7.3 Apply Security Context to Your Pods and Containers</td>
@@ -638,10 +638,10 @@ <h3>Name: -fhir-server</h3>
       </table>
     </div>
 
-    <h3>Name: -fhir-server-test-connection</h3>
+    <h3>Name: -ohdsi-test-connection</h3>
       <p>ApiVersion: v1</p>
       <p>Kind: Pod</p>
-      <p>Name: -fhir-server-test-connection</p>
+      <p>Name: -ohdsi-test-connection</p>
       <p>Namespace: </p>
       <table>
         <thead>
@@ -665,10 +665,10 @@ <h3>Name: -fhir-server-test-connection</h3>
       </table>
     </div>
 
-    <h3>Name: -magnifhir-test</h3>
-      <p>ApiVersion: v1</p>
-      <p>Kind: Pod</p>
-      <p>Name: -magnifhir-test</p>
+    <h3>Name: -postgresql</h3>
+      <p>ApiVersion: apps/v1</p>
+      <p>Kind: StatefulSet</p>
+      <p>Name: -postgresql</p>
       <p>Namespace: </p>
       <table>
         <thead>
@@ -682,10 +682,10 @@ <h3>Name: -magnifhir-test</h3>
         <tbody>
 
         <tr>
-          <td class="resourceSeverityCell">High</td>
-          <td class="resourceNameCell">CIS-5.7.3 Apply Security Context to Your Pods and Containers</td>
-          <td class="resourceURLCell"><a href="https://hub.armosec.io/docs/c-0211">C-0211</a></td>
-          <td class="resourceRemediationCell"> <p>spec.containers[0].securityContext.seLinuxOptions=YOUR_VALUE</p>  <p>spec.containers[1].securityContext.seLinuxOptions=YOUR_VALUE</p>  <p>spec.securityContext.sysctls.name=YOUR_VALUE</p>  <p>spec.securityContext.sysctls.value=YOUR_VALUE</p>  <p>spec.securityContext.supplementalGroups=YOUR_VALUE</p> </td>
+          <td class="resourceSeverityCell">Medium</td>
+          <td class="resourceNameCell">CIS-5.4.1 Prefer using secrets as files over secrets as environment variables</td>
+          <td class="resourceURLCell"><a href="https://hub.armosec.io/docs/c-0207">C-0207</a></td>
+          <td class="resourceRemediationCell"> <p>spec.template.spec.containers[0].env[4].name</p> </td>
         </tr>
 
         </tbody>