|
21 | 21 | "Class": "config", |
22 | 22 | "Type": "helm", |
23 | 23 | "MisconfSummary": { |
24 | | - "Successes": 79, |
25 | | - "Failures": 21 |
| 24 | + "Successes": 78, |
| 25 | + "Failures": 18 |
26 | 26 | }, |
27 | 27 | "Misconfigurations": [ |
28 | 28 | { |
|
865 | 865 | "RenderedCause": {} |
866 | 866 | } |
867 | 867 | }, |
868 | | - { |
869 | | - "Type": "Helm Security Check", |
870 | | - "ID": "KSV032", |
871 | | - "AVDID": "AVD-KSV-0032", |
872 | | - "Title": "All container images must start with the *.azurecr.io domain", |
873 | | - "Description": "Containers should only use images from trusted registries.", |
874 | | - "Message": "container nginx of deployment nginx-deployment in default namespace should restrict container image to your specific registry domain. For Azure any domain ending in 'azurecr.io'", |
875 | | - "Namespace": "builtin.kubernetes.KSV032", |
876 | | - "Query": "data.builtin.kubernetes.KSV032.deny", |
877 | | - "Resolution": "Use images from trusted Azure registries.", |
878 | | - "Severity": "MEDIUM", |
879 | | - "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv032", |
880 | | - "References": [ |
881 | | - "https://avd.aquasec.com/misconfig/ksv032" |
882 | | - ], |
883 | | - "Status": "FAIL", |
884 | | - "Layer": {}, |
885 | | - "CauseMetadata": { |
886 | | - "Provider": "Kubernetes", |
887 | | - "Service": "general", |
888 | | - "StartLine": 19, |
889 | | - "EndLine": 22, |
890 | | - "Code": { |
891 | | - "Lines": [ |
892 | | - { |
893 | | - "Number": 19, |
894 | | - "Content": " - name: nginx", |
895 | | - "IsCause": true, |
896 | | - "Annotation": "", |
897 | | - "Truncated": false, |
898 | | - "Highlighted": " - \u001b[38;5;33mname\u001b[0m: nginx", |
899 | | - "FirstCause": true, |
900 | | - "LastCause": false |
901 | | - }, |
902 | | - { |
903 | | - "Number": 20, |
904 | | - "Content": " image: nginx:1.14.2", |
905 | | - "IsCause": true, |
906 | | - "Annotation": "", |
907 | | - "Truncated": false, |
908 | | - "Highlighted": " \u001b[38;5;33mimage\u001b[0m: nginx:1.14.2", |
909 | | - "FirstCause": false, |
910 | | - "LastCause": false |
911 | | - }, |
912 | | - { |
913 | | - "Number": 21, |
914 | | - "Content": " ports:", |
915 | | - "IsCause": true, |
916 | | - "Annotation": "", |
917 | | - "Truncated": false, |
918 | | - "Highlighted": " \u001b[38;5;33mports\u001b[0m:", |
919 | | - "FirstCause": false, |
920 | | - "LastCause": false |
921 | | - }, |
922 | | - { |
923 | | - "Number": 22, |
924 | | - "Content": " - containerPort: 80", |
925 | | - "IsCause": true, |
926 | | - "Annotation": "", |
927 | | - "Truncated": false, |
928 | | - "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m80\u001b[0m", |
929 | | - "FirstCause": false, |
930 | | - "LastCause": true |
931 | | - } |
932 | | - ] |
933 | | - }, |
934 | | - "RenderedCause": {} |
935 | | - } |
936 | | - }, |
937 | | - { |
938 | | - "Type": "Helm Security Check", |
939 | | - "ID": "KSV033", |
940 | | - "AVDID": "AVD-KSV-0033", |
941 | | - "Title": "All container images must start with a GCR domain", |
942 | | - "Description": "Containers should only use images from trusted GCR registries.", |
943 | | - "Message": "container nginx of deployment nginx-deployment in default namespace should restrict container image to your specific registry domain. See the full GCR list here: https://cloud.google.com/container-registry/docs/overview#registries", |
944 | | - "Namespace": "builtin.kubernetes.KSV033", |
945 | | - "Query": "data.builtin.kubernetes.KSV033.deny", |
946 | | - "Resolution": "Use images from trusted GCR registries.", |
947 | | - "Severity": "MEDIUM", |
948 | | - "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv033", |
949 | | - "References": [ |
950 | | - "https://avd.aquasec.com/misconfig/ksv033" |
951 | | - ], |
952 | | - "Status": "FAIL", |
953 | | - "Layer": {}, |
954 | | - "CauseMetadata": { |
955 | | - "Provider": "Kubernetes", |
956 | | - "Service": "general", |
957 | | - "StartLine": 19, |
958 | | - "EndLine": 22, |
959 | | - "Code": { |
960 | | - "Lines": [ |
961 | | - { |
962 | | - "Number": 19, |
963 | | - "Content": " - name: nginx", |
964 | | - "IsCause": true, |
965 | | - "Annotation": "", |
966 | | - "Truncated": false, |
967 | | - "Highlighted": " - \u001b[38;5;33mname\u001b[0m: nginx", |
968 | | - "FirstCause": true, |
969 | | - "LastCause": false |
970 | | - }, |
971 | | - { |
972 | | - "Number": 20, |
973 | | - "Content": " image: nginx:1.14.2", |
974 | | - "IsCause": true, |
975 | | - "Annotation": "", |
976 | | - "Truncated": false, |
977 | | - "Highlighted": " \u001b[38;5;33mimage\u001b[0m: nginx:1.14.2", |
978 | | - "FirstCause": false, |
979 | | - "LastCause": false |
980 | | - }, |
981 | | - { |
982 | | - "Number": 21, |
983 | | - "Content": " ports:", |
984 | | - "IsCause": true, |
985 | | - "Annotation": "", |
986 | | - "Truncated": false, |
987 | | - "Highlighted": " \u001b[38;5;33mports\u001b[0m:", |
988 | | - "FirstCause": false, |
989 | | - "LastCause": false |
990 | | - }, |
991 | | - { |
992 | | - "Number": 22, |
993 | | - "Content": " - containerPort: 80", |
994 | | - "IsCause": true, |
995 | | - "Annotation": "", |
996 | | - "Truncated": false, |
997 | | - "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m80\u001b[0m", |
998 | | - "FirstCause": false, |
999 | | - "LastCause": true |
1000 | | - } |
1001 | | - ] |
1002 | | - }, |
1003 | | - "RenderedCause": {} |
1004 | | - } |
1005 | | - }, |
1006 | | - { |
1007 | | - "Type": "Helm Security Check", |
1008 | | - "ID": "KSV035", |
1009 | | - "AVDID": "AVD-KSV-0035", |
1010 | | - "Title": "All container images must start with an ECR domain", |
1011 | | - "Description": "Container images from non-ECR registries should be forbidden.", |
1012 | | - "Message": "Container 'nginx' of Deployment 'nginx-deployment' should restrict images to own ECR repository. See the full ECR list here: https://docs.aws.amazon.com/general/latest/gr/ecr.html", |
1013 | | - "Namespace": "builtin.kubernetes.KSV035", |
1014 | | - "Query": "data.builtin.kubernetes.KSV035.deny", |
1015 | | - "Resolution": "Container image should be used from Amazon container Registry", |
1016 | | - "Severity": "MEDIUM", |
1017 | | - "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv035", |
1018 | | - "References": [ |
1019 | | - "https://avd.aquasec.com/misconfig/ksv035" |
1020 | | - ], |
1021 | | - "Status": "FAIL", |
1022 | | - "Layer": {}, |
1023 | | - "CauseMetadata": { |
1024 | | - "Provider": "Kubernetes", |
1025 | | - "Service": "general", |
1026 | | - "StartLine": 19, |
1027 | | - "EndLine": 22, |
1028 | | - "Code": { |
1029 | | - "Lines": [ |
1030 | | - { |
1031 | | - "Number": 19, |
1032 | | - "Content": " - name: nginx", |
1033 | | - "IsCause": true, |
1034 | | - "Annotation": "", |
1035 | | - "Truncated": false, |
1036 | | - "Highlighted": " - \u001b[38;5;33mname\u001b[0m: nginx", |
1037 | | - "FirstCause": true, |
1038 | | - "LastCause": false |
1039 | | - }, |
1040 | | - { |
1041 | | - "Number": 20, |
1042 | | - "Content": " image: nginx:1.14.2", |
1043 | | - "IsCause": true, |
1044 | | - "Annotation": "", |
1045 | | - "Truncated": false, |
1046 | | - "Highlighted": " \u001b[38;5;33mimage\u001b[0m: nginx:1.14.2", |
1047 | | - "FirstCause": false, |
1048 | | - "LastCause": false |
1049 | | - }, |
1050 | | - { |
1051 | | - "Number": 21, |
1052 | | - "Content": " ports:", |
1053 | | - "IsCause": true, |
1054 | | - "Annotation": "", |
1055 | | - "Truncated": false, |
1056 | | - "Highlighted": " \u001b[38;5;33mports\u001b[0m:", |
1057 | | - "FirstCause": false, |
1058 | | - "LastCause": false |
1059 | | - }, |
1060 | | - { |
1061 | | - "Number": 22, |
1062 | | - "Content": " - containerPort: 80", |
1063 | | - "IsCause": true, |
1064 | | - "Annotation": "", |
1065 | | - "Truncated": false, |
1066 | | - "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m80\u001b[0m", |
1067 | | - "FirstCause": false, |
1068 | | - "LastCause": true |
1069 | | - } |
1070 | | - ] |
1071 | | - }, |
1072 | | - "RenderedCause": {} |
1073 | | - } |
1074 | | - }, |
1075 | 868 | { |
1076 | 869 | "Type": "Helm Security Check", |
1077 | 870 | "ID": "KSV104", |
|
0 commit comments