From bff5f37f9bbb28b22c933321408a3cff7c4e63a0 Mon Sep 17 00:00:00 2001
From: chgl <chgl@users.noreply.github.com>
Date: Thu, 2 Jan 2025 18:25:43 +0000
Subject: [PATCH] docs: updated kubescape reports

---
 kubescape-reports/cis-v1.23-t1.0.1.html | 138 ++++++++++++------------
 kubescape-reports/nsa.html              |  80 +++++++-------
 2 files changed, 109 insertions(+), 109 deletions(-)
diff --git a/kubescape-reports/cis-v1.23-t1.0.1.html b/kubescape-reports/cis-v1.23-t1.0.1.html
index d8cc05fd..5936cc90 100644
--- a/kubescape-reports/cis-v1.23-t1.0.1.html
+++ b/kubescape-reports/cis-v1.23-t1.0.1.html
@@ -320,10 +320,10 @@ <h2>Failed Resources:</h2>
     </br>
     
     
-    <h3>Name: -magnifhir</h3>
-      <p>ApiVersion: apps/v1</p>
-      <p>Kind: Deployment</p>
-      <p>Name: -magnifhir</p>
+    <h3>Name: -fhir-server-exporter-test-metrics-endpoint</h3>
+      <p>ApiVersion: v1</p>
+      <p>Kind: Pod</p>
+      <p>Name: -fhir-server-exporter-test-metrics-endpoint</p>
       <p>Namespace: </p>
       <table>
         <thead>
@@ -340,7 +340,7 @@ <h3>Name: -magnifhir</h3>
           <td class="resourceSeverityCell">High</td>
           <td class="resourceNameCell">CIS-5.7.3 Apply Security Context to Your Pods and Containers</td>
           <td class="resourceURLCell"><a href="https://hub.armosec.io/docs/c-0211">C-0211</a></td>
-          <td class="resourceRemediationCell"> <p>spec.template.spec.containers[0].securityContext.seLinuxOptions=YOUR_VALUE</p>  <p>spec.template.spec.securityContext.fsGroup=YOUR_VALUE</p>  <p>spec.template.spec.securityContext.fsGroupChangePolicy=Always</p>  <p>spec.template.spec.securityContext.sysctls.name=YOUR_VALUE</p>  <p>spec.template.spec.securityContext.sysctls.value=YOUR_VALUE</p>  <p>spec.template.spec.securityContext.supplementalGroups=YOUR_VALUE</p> </td>
+          <td class="resourceRemediationCell"> <p>spec.containers[0].securityContext.seLinuxOptions=YOUR_VALUE</p>  <p>spec.securityContext.sysctls.name=YOUR_VALUE</p>  <p>spec.securityContext.sysctls.value=YOUR_VALUE</p>  <p>spec.securityContext.supplementalGroups=YOUR_VALUE</p> </td>
         </tr>
         
         </tbody>
@@ -374,33 +374,6 @@ <h3>Name: -fhir-server-exporter</h3>
       </table>
     </div>
     
-    <h3>Name: -fhir-server-exporter-test-metrics-endpoint</h3>
-      <p>ApiVersion: v1</p>
-      <p>Kind: Pod</p>
-      <p>Name: -fhir-server-exporter-test-metrics-endpoint</p>
-      <p>Namespace: </p>
-      <table>
-        <thead>
-        <tr>
-          <th class="resourceSeverityCell">Severity</th>
-          <th class="resourceNameCell">Name</th>
-          <th class="resourceURLCell">Docs</th>
-          <th class="resourceRemediationCell">Assisted Remediation</th>
-        </tr>
-        </thead>
-        <tbody>
-        
-        <tr>
-          <td class="resourceSeverityCell">High</td>
-          <td class="resourceNameCell">CIS-5.7.3 Apply Security Context to Your Pods and Containers</td>
-          <td class="resourceURLCell"><a href="https://hub.armosec.io/docs/c-0211">C-0211</a></td>
-          <td class="resourceRemediationCell"> <p>spec.containers[0].securityContext.seLinuxOptions=YOUR_VALUE</p>  <p>spec.securityContext.sysctls.name=YOUR_VALUE</p>  <p>spec.securityContext.sysctls.value=YOUR_VALUE</p>  <p>spec.securityContext.supplementalGroups=YOUR_VALUE</p> </td>
-        </tr>
-        
-        </tbody>
-      </table>
-    </div>
-    
     <h3>Name: -pathling-server-test-connection</h3>
       <p>ApiVersion: v1</p>
       <p>Kind: Pod</p>
@@ -489,10 +462,10 @@ <h3>Name: -ohdsi-webapi</h3>
       </table>
     </div>
     
-    <h3>Name: -ohdsi-test-connection</h3>
+    <h3>Name: -fhir-server-test-connection</h3>
       <p>ApiVersion: v1</p>
       <p>Kind: Pod</p>
-      <p>Name: -ohdsi-test-connection</p>
+      <p>Name: -fhir-server-test-connection</p>
       <p>Namespace: </p>
       <table>
         <thead>
@@ -516,10 +489,10 @@ <h3>Name: -ohdsi-test-connection</h3>
       </table>
     </div>
     
-    <h3>Name: -ohdsi-atlas</h3>
+    <h3>Name: -fhir-server</h3>
       <p>ApiVersion: apps/v1</p>
       <p>Kind: Deployment</p>
-      <p>Name: -ohdsi-atlas</p>
+      <p>Name: -fhir-server</p>
       <p>Namespace: </p>
       <table>
         <thead>
@@ -532,21 +505,28 @@ <h3>Name: -ohdsi-atlas</h3>
         </thead>
         <tbody>
         
+        <tr>
+          <td class="resourceSeverityCell">Medium</td>
+          <td class="resourceNameCell">CIS-5.4.1 Prefer using secrets as files over secrets as environment variables</td>
+          <td class="resourceURLCell"><a href="https://hub.armosec.io/docs/c-0207">C-0207</a></td>
+          <td class="resourceRemediationCell"> <p>spec.template.spec.containers[0].env[10].name</p>  <p>spec.template.spec.containers[0].env[11].name</p>  <p>spec.template.spec.containers[0].env[9].name</p> </td>
+        </tr>
+        
         <tr>
           <td class="resourceSeverityCell">High</td>
           <td class="resourceNameCell">CIS-5.7.3 Apply Security Context to Your Pods and Containers</td>
           <td class="resourceURLCell"><a href="https://hub.armosec.io/docs/c-0211">C-0211</a></td>
-          <td class="resourceRemediationCell"> <p>spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem=true</p>  <p>spec.template.spec.containers[0].securityContext.seLinuxOptions=YOUR_VALUE</p>  <p>spec.template.spec.securityContext.sysctls.name=YOUR_VALUE</p>  <p>spec.template.spec.securityContext.sysctls.value=YOUR_VALUE</p>  <p>spec.template.spec.securityContext.supplementalGroups=YOUR_VALUE</p> </td>
+          <td class="resourceRemediationCell"> <p>spec.template.spec.containers[0].securityContext.seLinuxOptions=YOUR_VALUE</p>  <p>spec.template.spec.securityContext.fsGroup=YOUR_VALUE</p>  <p>spec.template.spec.securityContext.fsGroupChangePolicy=Always</p>  <p>spec.template.spec.securityContext.sysctls.name=YOUR_VALUE</p>  <p>spec.template.spec.securityContext.sysctls.value=YOUR_VALUE</p>  <p>spec.template.spec.securityContext.supplementalGroups=YOUR_VALUE</p> </td>
         </tr>
         
         </tbody>
       </table>
     </div>
     
-    <h3>Name: -postgresql</h3>
+    <h3>Name: -pathling-server</h3>
       <p>ApiVersion: apps/v1</p>
-      <p>Kind: StatefulSet</p>
-      <p>Name: -postgresql</p>
+      <p>Kind: Deployment</p>
+      <p>Name: -pathling-server</p>
       <p>Namespace: </p>
       <table>
         <thead>
@@ -563,17 +543,24 @@ <h3>Name: -postgresql</h3>
           <td class="resourceSeverityCell">Medium</td>
           <td class="resourceNameCell">CIS-5.4.1 Prefer using secrets as files over secrets as environment variables</td>
           <td class="resourceURLCell"><a href="https://hub.armosec.io/docs/c-0207">C-0207</a></td>
-          <td class="resourceRemediationCell"> <p>spec.template.spec.containers[0].env[4].name</p> </td>
+          <td class="resourceRemediationCell"> <p>spec.template.spec.containers[0].env[4].name</p>  <p>spec.template.spec.containers[0].env[5].name</p> </td>
+        </tr>
+        
+        <tr>
+          <td class="resourceSeverityCell">High</td>
+          <td class="resourceNameCell">CIS-5.7.3 Apply Security Context to Your Pods and Containers</td>
+          <td class="resourceURLCell"><a href="https://hub.armosec.io/docs/c-0211">C-0211</a></td>
+          <td class="resourceRemediationCell"> <p>spec.template.spec.containers[0].securityContext.seLinuxOptions=YOUR_VALUE</p>  <p>spec.template.spec.securityContext.fsGroup=YOUR_VALUE</p>  <p>spec.template.spec.securityContext.fsGroupChangePolicy=Always</p>  <p>spec.template.spec.securityContext.sysctls.name=YOUR_VALUE</p>  <p>spec.template.spec.securityContext.sysctls.value=YOUR_VALUE</p>  <p>spec.template.spec.securityContext.supplementalGroups=YOUR_VALUE</p> </td>
         </tr>
         
         </tbody>
       </table>
     </div>
     
-    <h3>Name: -pathling-server</h3>
-      <p>ApiVersion: apps/v1</p>
-      <p>Kind: Deployment</p>
-      <p>Name: -pathling-server</p>
+    <h3>Name: -magnifhir-test</h3>
+      <p>ApiVersion: v1</p>
+      <p>Kind: Pod</p>
+      <p>Name: -magnifhir-test</p>
       <p>Namespace: </p>
       <table>
         <thead>
@@ -586,28 +573,21 @@ <h3>Name: -pathling-server</h3>
         </thead>
         <tbody>
         
-        <tr>
-          <td class="resourceSeverityCell">Medium</td>
-          <td class="resourceNameCell">CIS-5.4.1 Prefer using secrets as files over secrets as environment variables</td>
-          <td class="resourceURLCell"><a href="https://hub.armosec.io/docs/c-0207">C-0207</a></td>
-          <td class="resourceRemediationCell"> <p>spec.template.spec.containers[0].env[4].name</p>  <p>spec.template.spec.containers[0].env[5].name</p> </td>
-        </tr>
-        
         <tr>
           <td class="resourceSeverityCell">High</td>
           <td class="resourceNameCell">CIS-5.7.3 Apply Security Context to Your Pods and Containers</td>
           <td class="resourceURLCell"><a href="https://hub.armosec.io/docs/c-0211">C-0211</a></td>
-          <td class="resourceRemediationCell"> <p>spec.template.spec.containers[0].securityContext.seLinuxOptions=YOUR_VALUE</p>  <p>spec.template.spec.securityContext.fsGroup=YOUR_VALUE</p>  <p>spec.template.spec.securityContext.fsGroupChangePolicy=Always</p>  <p>spec.template.spec.securityContext.sysctls.name=YOUR_VALUE</p>  <p>spec.template.spec.securityContext.sysctls.value=YOUR_VALUE</p>  <p>spec.template.spec.securityContext.supplementalGroups=YOUR_VALUE</p> </td>
+          <td class="resourceRemediationCell"> <p>spec.containers[0].securityContext.seLinuxOptions=YOUR_VALUE</p>  <p>spec.containers[1].securityContext.seLinuxOptions=YOUR_VALUE</p>  <p>spec.securityContext.sysctls.name=YOUR_VALUE</p>  <p>spec.securityContext.sysctls.value=YOUR_VALUE</p>  <p>spec.securityContext.supplementalGroups=YOUR_VALUE</p> </td>
         </tr>
         
         </tbody>
       </table>
     </div>
     
-    <h3>Name: -fhir-server</h3>
+    <h3>Name: -ohdsi-atlas</h3>
       <p>ApiVersion: apps/v1</p>
       <p>Kind: Deployment</p>
-      <p>Name: -fhir-server</p>
+      <p>Name: -ohdsi-atlas</p>
       <p>Namespace: </p>
       <table>
         <thead>
@@ -621,12 +601,32 @@ <h3>Name: -fhir-server</h3>
         <tbody>
         
         <tr>
-          <td class="resourceSeverityCell">Medium</td>
-          <td class="resourceNameCell">CIS-5.4.1 Prefer using secrets as files over secrets as environment variables</td>
-          <td class="resourceURLCell"><a href="https://hub.armosec.io/docs/c-0207">C-0207</a></td>
-          <td class="resourceRemediationCell"> <p>spec.template.spec.containers[0].env[10].name</p>  <p>spec.template.spec.containers[0].env[11].name</p>  <p>spec.template.spec.containers[0].env[9].name</p> </td>
+          <td class="resourceSeverityCell">High</td>
+          <td class="resourceNameCell">CIS-5.7.3 Apply Security Context to Your Pods and Containers</td>
+          <td class="resourceURLCell"><a href="https://hub.armosec.io/docs/c-0211">C-0211</a></td>
+          <td class="resourceRemediationCell"> <p>spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem=true</p>  <p>spec.template.spec.containers[0].securityContext.seLinuxOptions=YOUR_VALUE</p>  <p>spec.template.spec.securityContext.sysctls.name=YOUR_VALUE</p>  <p>spec.template.spec.securityContext.sysctls.value=YOUR_VALUE</p>  <p>spec.template.spec.securityContext.supplementalGroups=YOUR_VALUE</p> </td>
         </tr>
         
+        </tbody>
+      </table>
+    </div>
+    
+    <h3>Name: -magnifhir</h3>
+      <p>ApiVersion: apps/v1</p>
+      <p>Kind: Deployment</p>
+      <p>Name: -magnifhir</p>
+      <p>Namespace: </p>
+      <table>
+        <thead>
+        <tr>
+          <th class="resourceSeverityCell">Severity</th>
+          <th class="resourceNameCell">Name</th>
+          <th class="resourceURLCell">Docs</th>
+          <th class="resourceRemediationCell">Assisted Remediation</th>
+        </tr>
+        </thead>
+        <tbody>
+        
         <tr>
           <td class="resourceSeverityCell">High</td>
           <td class="resourceNameCell">CIS-5.7.3 Apply Security Context to Your Pods and Containers</td>
@@ -638,10 +638,10 @@ <h3>Name: -fhir-server</h3>
       </table>
     </div>
     
-    <h3>Name: -fhir-server-test-connection</h3>
+    <h3>Name: -ohdsi-test-connection</h3>
       <p>ApiVersion: v1</p>
       <p>Kind: Pod</p>
-      <p>Name: -fhir-server-test-connection</p>
+      <p>Name: -ohdsi-test-connection</p>
       <p>Namespace: </p>
       <table>
         <thead>
@@ -665,10 +665,10 @@ <h3>Name: -fhir-server-test-connection</h3>
       </table>
     </div>
     
-    <h3>Name: -magnifhir-test</h3>
-      <p>ApiVersion: v1</p>
-      <p>Kind: Pod</p>
-      <p>Name: -magnifhir-test</p>
+    <h3>Name: -postgresql</h3>
+      <p>ApiVersion: apps/v1</p>
+      <p>Kind: StatefulSet</p>
+      <p>Name: -postgresql</p>
       <p>Namespace: </p>
       <table>
         <thead>
@@ -682,10 +682,10 @@ <h3>Name: -magnifhir-test</h3>
         <tbody>
         
         <tr>
-          <td class="resourceSeverityCell">High</td>
-          <td class="resourceNameCell">CIS-5.7.3 Apply Security Context to Your Pods and Containers</td>
-          <td class="resourceURLCell"><a href="https://hub.armosec.io/docs/c-0211">C-0211</a></td>
-          <td class="resourceRemediationCell"> <p>spec.containers[0].securityContext.seLinuxOptions=YOUR_VALUE</p>  <p>spec.containers[1].securityContext.seLinuxOptions=YOUR_VALUE</p>  <p>spec.securityContext.sysctls.name=YOUR_VALUE</p>  <p>spec.securityContext.sysctls.value=YOUR_VALUE</p>  <p>spec.securityContext.supplementalGroups=YOUR_VALUE</p> </td>
+          <td class="resourceSeverityCell">Medium</td>
+          <td class="resourceNameCell">CIS-5.4.1 Prefer using secrets as files over secrets as environment variables</td>
+          <td class="resourceURLCell"><a href="https://hub.armosec.io/docs/c-0207">C-0207</a></td>
+          <td class="resourceRemediationCell"> <p>spec.template.spec.containers[0].env[4].name</p> </td>
         </tr>
         
         </tbody>
diff --git a/kubescape-reports/nsa.html b/kubescape-reports/nsa.html
index 3f768327..dc59c2f6 100644
--- a/kubescape-reports/nsa.html
+++ b/kubescape-reports/nsa.html
@@ -284,10 +284,10 @@ <h2>Failed Resources:</h2>
     </br>
     
     
-    <h3>Name: -magnifhir-test</h3>
-      <p>ApiVersion: v1</p>
-      <p>Kind: Pod</p>
-      <p>Name: -magnifhir-test</p>
+    <h3>Name: -pathling-server</h3>
+      <p>ApiVersion: apps/v1</p>
+      <p>Kind: Deployment</p>
+      <p>Name: -pathling-server</p>
       <p>Namespace: </p>
       <table>
         <thead>
@@ -300,6 +300,13 @@ <h3>Name: -magnifhir-test</h3>
         </thead>
         <tbody>
         
+        <tr>
+          <td class="resourceSeverityCell">High</td>
+          <td class="resourceNameCell">Applications credentials in configuration files</td>
+          <td class="resourceURLCell"><a href="https://hub.armosec.io/docs/c-0012">C-0012</a></td>
+          <td class="resourceRemediationCell"> <p>spec.template.spec.containers[0].env[3].name</p>  <p>spec.template.spec.containers[0].env[3].value</p> </td>
+        </tr>
+        
         <tr>
           <td class="resourceSeverityCell">Medium</td>
           <td class="resourceNameCell">Ingress and Egress blocked</td>
@@ -311,10 +318,10 @@ <h3>Name: -magnifhir-test</h3>
       </table>
     </div>
     
-    <h3>Name: -pathling-server-test-connection</h3>
-      <p>ApiVersion: v1</p>
-      <p>Kind: Pod</p>
-      <p>Name: -pathling-server-test-connection</p>
+    <h3>Name: -ohdsi-atlas</h3>
+      <p>ApiVersion: apps/v1</p>
+      <p>Kind: Deployment</p>
+      <p>Name: -ohdsi-atlas</p>
       <p>Namespace: </p>
       <table>
         <thead>
@@ -327,6 +334,13 @@ <h3>Name: -pathling-server-test-connection</h3>
         </thead>
         <tbody>
         
+        <tr>
+          <td class="resourceSeverityCell">Low</td>
+          <td class="resourceNameCell">Immutable container filesystem</td>
+          <td class="resourceURLCell"><a href="https://hub.armosec.io/docs/c-0017">C-0017</a></td>
+          <td class="resourceRemediationCell"> <p>spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem=true</p> </td>
+        </tr>
+        
         <tr>
           <td class="resourceSeverityCell">Medium</td>
           <td class="resourceNameCell">Ingress and Egress blocked</td>
@@ -365,10 +379,10 @@ <h3>Name: -fhir-server</h3>
       </table>
     </div>
     
-    <h3>Name: -fhir-server-exporter</h3>
+    <h3>Name: -magnifhir</h3>
       <p>ApiVersion: apps/v1</p>
       <p>Kind: Deployment</p>
-      <p>Name: -fhir-server-exporter</p>
+      <p>Name: -magnifhir</p>
       <p>Namespace: </p>
       <table>
         <thead>
@@ -392,10 +406,10 @@ <h3>Name: -fhir-server-exporter</h3>
       </table>
     </div>
     
-    <h3>Name: -ohdsi-webapi</h3>
-      <p>ApiVersion: apps/v1</p>
-      <p>Kind: Deployment</p>
-      <p>Name: -ohdsi-webapi</p>
+    <h3>Name: -ohdsi-test-connection</h3>
+      <p>ApiVersion: v1</p>
+      <p>Kind: Pod</p>
+      <p>Name: -ohdsi-test-connection</p>
       <p>Namespace: </p>
       <table>
         <thead>
@@ -419,10 +433,10 @@ <h3>Name: -ohdsi-webapi</h3>
       </table>
     </div>
     
-    <h3>Name: -fhir-server-test-connection</h3>
+    <h3>Name: -pathling-server-test-connection</h3>
       <p>ApiVersion: v1</p>
       <p>Kind: Pod</p>
-      <p>Name: -fhir-server-test-connection</p>
+      <p>Name: -pathling-server-test-connection</p>
       <p>Namespace: </p>
       <table>
         <thead>
@@ -446,10 +460,10 @@ <h3>Name: -fhir-server-test-connection</h3>
       </table>
     </div>
     
-    <h3>Name: -ohdsi-test-connection</h3>
+    <h3>Name: -fhir-server-test-connection</h3>
       <p>ApiVersion: v1</p>
       <p>Kind: Pod</p>
-      <p>Name: -ohdsi-test-connection</p>
+      <p>Name: -fhir-server-test-connection</p>
       <p>Namespace: </p>
       <table>
         <thead>
@@ -473,10 +487,10 @@ <h3>Name: -ohdsi-test-connection</h3>
       </table>
     </div>
     
-    <h3>Name: -pathling-server</h3>
-      <p>ApiVersion: apps/v1</p>
-      <p>Kind: Deployment</p>
-      <p>Name: -pathling-server</p>
+    <h3>Name: -magnifhir-test</h3>
+      <p>ApiVersion: v1</p>
+      <p>Kind: Pod</p>
+      <p>Name: -magnifhir-test</p>
       <p>Namespace: </p>
       <table>
         <thead>
@@ -496,21 +510,14 @@ <h3>Name: -pathling-server</h3>
           <td class="resourceRemediationCell"></td>
         </tr>
         
-        <tr>
-          <td class="resourceSeverityCell">High</td>
-          <td class="resourceNameCell">Applications credentials in configuration files</td>
-          <td class="resourceURLCell"><a href="https://hub.armosec.io/docs/c-0012">C-0012</a></td>
-          <td class="resourceRemediationCell"> <p>spec.template.spec.containers[0].env[3].name</p>  <p>spec.template.spec.containers[0].env[3].value</p> </td>
-        </tr>
-        
         </tbody>
       </table>
     </div>
     
-    <h3>Name: -magnifhir</h3>
+    <h3>Name: -ohdsi-webapi</h3>
       <p>ApiVersion: apps/v1</p>
       <p>Kind: Deployment</p>
-      <p>Name: -magnifhir</p>
+      <p>Name: -ohdsi-webapi</p>
       <p>Namespace: </p>
       <table>
         <thead>
@@ -561,10 +568,10 @@ <h3>Name: -fhir-server-exporter-test-metrics-endpoint</h3>
       </table>
     </div>
     
-    <h3>Name: -ohdsi-atlas</h3>
+    <h3>Name: -fhir-server-exporter</h3>
       <p>ApiVersion: apps/v1</p>
       <p>Kind: Deployment</p>
-      <p>Name: -ohdsi-atlas</p>
+      <p>Name: -fhir-server-exporter</p>
       <p>Namespace: </p>
       <table>
         <thead>
@@ -584,13 +591,6 @@ <h3>Name: -ohdsi-atlas</h3>
           <td class="resourceRemediationCell"></td>
         </tr>
         
-        <tr>
-          <td class="resourceSeverityCell">Low</td>
-          <td class="resourceNameCell">Immutable container filesystem</td>
-          <td class="resourceURLCell"><a href="https://hub.armosec.io/docs/c-0017">C-0017</a></td>
-          <td class="resourceRemediationCell"> <p>spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem=true</p> </td>
-        </tr>
-        
         </tbody>
       </table>
     </div>

Low	Immutable container filesystem	C-0017	spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem=true
Medium	Ingress and Egress blocked