Merge pull request #1 from cldcvr/security

security updates
ollionorg · Apr 7, 2020 · eba40c6 · eba40c6 · iacbot · Apr 29, 2021
2 parents b49fcf0 + ac536b8
commit eba40c6
Show file tree

Hide file tree

Showing 2 changed files with 115 additions and 93 deletions.
diff --git a/app/package-lock.json b/app/package-lock.json
diff --git a/app/package.json b/app/package.json
@@ -14,7 +14,7 @@
     "express": "^4.17.1"
   },
   "devDependencies": {
-    "mocha": "^6.2.1",
-    "axios": "^0.19.0"
+    "axios": "^0.19.2",
+    "mocha": "^6.2.3"
   }
 }
Title	Severity	File	Remediation
Minimize the admission of root containers	High	deployment-prod.yaml	VIEW
Containers should run as a high UID to avoid host conflict	High	deployment-prod.yaml	VIEW
Containers should not run with allowPrivilegeEscalation	High	deployment-prod.yaml	VIEW
Minimize the admission of containers with the NET_RAW capability	High	deployment-prod.yaml	VIEW
Use read-only filesystem for containers where possible	High	deployment-prod.yaml	VIEW
Minimize the admission of root containers	High	deployment.yaml	VIEW
Containers should run as a high UID to avoid host conflict	High	deployment.yaml	VIEW
Containers should not run with allowPrivilegeEscalation	High	deployment.yaml	VIEW
Minimize the admission of containers with the NET_RAW capability	High	deployment.yaml	VIEW
Use read-only filesystem for containers where possible	High	deployment.yaml	VIEW
The default namespace should not be used	Low	service.yaml	VIEW
The default namespace should not be used	Low	deployment-prod.yaml	VIEW
Ensure that the seccomp profile is set to docker/default or runtime/default	Low	deployment-prod.yaml	VIEW
Ensure that Service Account Tokens are only mounted where necessary	Low	deployment-prod.yaml	VIEW
Image Tag should be fixed - not latest or blank	Low	deployment-prod.yaml	VIEW
Liveness Probe Should be Configured	Low	deployment-prod.yaml	VIEW
Readiness Probe Should be Configured	Low	deployment-prod.yaml	VIEW
The default namespace should not be used	Low	deployment.yaml	VIEW
Ensure that the seccomp profile is set to docker/default or runtime/default	Low	deployment.yaml	VIEW
Ensure that Service Account Tokens are only mounted where necessary	Low	deployment.yaml	VIEW
Image Tag should be fixed - not latest or blank	Low	deployment.yaml	VIEW
Liveness Probe Should be Configured	Low	deployment.yaml	VIEW
Readiness Probe Should be Configured	Low	deployment.yaml	VIEW
The default namespace should not be used	Low	service-prod.yaml	VIEW
Apply security context to your pods and containers	Medium	deployment-prod.yaml	VIEW
CPU limits should be set	Medium	deployment-prod.yaml	VIEW
CPU requests should be set	Medium	deployment-prod.yaml	VIEW
Apply security context to your pods and containers	Medium	deployment-prod.yaml	VIEW
Image should use digest	Medium	deployment-prod.yaml	VIEW
Memory limits should be set	Medium	deployment-prod.yaml	VIEW
Memory requests should be set	Medium	deployment-prod.yaml	VIEW
Minimize the admission of containers with capabilities assigned	Medium	deployment-prod.yaml	VIEW
Apply security context to your pods and containers	Medium	deployment.yaml	VIEW
CPU limits should be set	Medium	deployment.yaml	VIEW
CPU requests should be set	Medium	deployment.yaml	VIEW
Apply security context to your pods and containers	Medium	deployment.yaml	VIEW
Image should use digest	Medium	deployment.yaml	VIEW
Memory limits should be set	Medium	deployment.yaml	VIEW
Memory requests should be set	Medium	deployment.yaml	VIEW
Minimize the admission of containers with capabilities assigned	Medium	deployment.yaml	VIEW