added deployment logic #64
Conversation
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
| @@ -68,3 +69,16 @@ jobs: | |||
| --aqua-secret "${{ secrets.AQUA_SECRET }}" \ | |||
| --artifact-path "saargondocker/graphql-vuln:${{ github.sha }}" | |||
|
|
|||
| deploy: | |||
| name: deploy to k8s | |||
There was a problem hiding this comment.
⚠️ Aqua detected misconfiguration in your code
Misconfiguration ID: AVD-PIPELINE-0008
Check Name: Unrestricted dependency version
Severity: MEDIUM
Message: Dependency aws-actions/configure-aws-credentials v1 version should be pinned to the commit sha
[This comment was created by Aqua Pipeline]
| @@ -68,3 +69,16 @@ jobs: | |||
| --aqua-secret "${{ secrets.AQUA_SECRET }}" \ | |||
| --artifact-path "saargondocker/graphql-vuln:${{ github.sha }}" | |||
|
|
|||
| deploy: | |||
| name: deploy to k8s | |||
There was a problem hiding this comment.
⚠️ Aqua detected misconfiguration in your code
Misconfiguration ID: AVD-PIPELINE-0008
Check Name: Unrestricted dependency version
Severity: MEDIUM
Message: Dependency steebchen/kubectl-setup v1 version should be pinned to the commit sha
[This comment was created by Aqua Pipeline]
| @@ -68,3 +69,13 @@ jobs: | |||
| --aqua-secret "${{ secrets.AQUA_SECRET }}" \ | |||
| --artifact-path "saargondocker/graphql-vuln:${{ github.sha }}" | |||
|
|
|||
| deploy: | |||
| name: deploy to k8s | |||
There was a problem hiding this comment.
⚠️ Aqua detected misconfiguration in your code
Misconfiguration ID: AVD-PIPELINE-0008
Check Name: Unrestricted dependency version
Severity: MEDIUM
Message: Dependency aws-actions/configure-aws-credentials v2 version should be pinned to the commit sha
[This comment was created by Aqua Pipeline]
| name: deploy to k8s | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| id-token: write |
There was a problem hiding this comment.
⚠️ Aqua detected sensitive data in your code
Category: Env Generic
Description: Env Generic Credential
Severity: HIGH
Match: id-token: *****
[This comment was created by Aqua Pipeline]
| @@ -68,3 +68,16 @@ jobs: | |||
| --aqua-secret "${{ secrets.AQUA_SECRET }}" \ | |||
| --artifact-path "saargondocker/graphql-vuln:${{ github.sha }}" | |||
|
|
|||
| deploy: | |||
| name: deploy to k8s | |||
There was a problem hiding this comment.
⚠️ Aqua detected misconfiguration in your code
Misconfiguration ID: AVD-PIPELINE-0008
Check Name: Unrestricted dependency version
Severity: MEDIUM
Message: Dependency aws-actions/configure-aws-credentials v3 version should be pinned to the commit sha
[This comment was created by Aqua Pipeline]
| @@ -68,3 +68,19 @@ jobs: | |||
| --aqua-secret "${{ secrets.AQUA_SECRET }}" \ | |||
| --artifact-path "saargondocker/graphql-vuln:${{ github.sha }}" | |||
|
|
|||
| deploy: | |||
| name: deploy to k8s | |||
There was a problem hiding this comment.
⚠️ Aqua detected misconfiguration in your code
Misconfiguration ID: AVD-PIPELINE-0008
Check Name: Unrestricted dependency version
Severity: MEDIUM
Message: Dependency aws-actions/amazon-ecr-login v1 version should be pinned to the commit sha
[This comment was created by Aqua Pipeline]
for a shorter build
| IMAGE_TAG: ${{ github.sha }} | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v2 |
There was a problem hiding this comment.
⚠️ Aqua detected misconfiguration in your code
Misconfiguration ID: AVD-PIPELINE-0005
Check Name: persist-credentials is true
Severity: HIGH
Message: Consider adding persist-credentials: false to the checkout action in job 'build image & push to ECR' inputs
Resolution: Add persist-credentials: false to the checkout action
[This comment was created by Aqua Pipeline]
deployment.yml
Outdated
| - name: ${{ secrets.ECR_REPOSITORY }} | ||
| image: ${{ secrets.ECR_REGISTRY }}/${{ secrets.ECR_REPOSITORY }}:latest | ||
| ports: | ||
| - containerPort: 80 | ||
| protocol: TCP | ||
| - containerPort: 3000 | ||
| protocol: TCP | ||
| imagePullPolicy: Always |
There was a problem hiding this comment.
⚠️ Aqua detected misconfiguration in your code
Misconfiguration ID: AVD-KSV-0001
Check Name: Process can elevate its own privileges
Severity: MEDIUM
Message: Container '${{ secrets.ECR_REPOSITORY }}' of Deployment '${{ secrets.ECR_REPOSITORY }}' should set 'securityContext.allowPrivilegeEscalation' to false
Resolution: Set 'set containers[].securityContext.allowPrivilegeEscalation' to 'false'.
[This comment was created by Aqua Pipeline]
Read more at https://avd.aquasec.com/misconfig/ksv001
| - name: ${{ secrets.ECR_REPOSITORY }} | ||
| image: ${{ secrets.ECR_REGISTRY }}/${{ secrets.ECR_REPOSITORY }}:latest | ||
| ports: | ||
| - containerPort: 80 | ||
| protocol: TCP | ||
| - containerPort: 3000 | ||
| protocol: TCP | ||
| imagePullPolicy: Always |
There was a problem hiding this comment.
⚠️ Aqua detected misconfiguration in your code
Misconfiguration ID: AVD-KSV-0020
Check Name: Runs with low user ID
Severity: LOW
Message: Container '${{ secrets.ECR_REPOSITORY }}' of Deployment '${{ secrets.ECR_REPOSITORY }}' should set 'securityContext.runAsUser' > 10000
Resolution: Set 'containers[].securityContext.runAsUser' to an integer > 10000.
[This comment was created by Aqua Pipeline]
Read more at https://avd.aquasec.com/misconfig/ksv020
| - name: ${{ secrets.ECR_REPOSITORY }} | ||
| image: ${{ secrets.ECR_REGISTRY }}/${{ secrets.ECR_REPOSITORY }}:latest | ||
| ports: | ||
| - containerPort: 80 | ||
| protocol: TCP | ||
| - containerPort: 3000 | ||
| protocol: TCP | ||
| imagePullPolicy: Always |
There was a problem hiding this comment.
⚠️ Aqua detected misconfiguration in your code
Misconfiguration ID: AVD-KSV-0021
Check Name: Runs with low group ID
Severity: LOW
Message: Container '${{ secrets.ECR_REPOSITORY }}' of Deployment '${{ secrets.ECR_REPOSITORY }}' should set 'securityContext.runAsGroup' > 10000
Resolution: Set 'containers[].securityContext.runAsGroup' to an integer > 10000.
[This comment was created by Aqua Pipeline]
Read more at https://avd.aquasec.com/misconfig/ksv021
| - name: ${{ secrets.ECR_REPOSITORY }} | ||
| image: ${{ secrets.ECR_REGISTRY }}/${{ secrets.ECR_REPOSITORY }}:latest | ||
| ports: | ||
| - containerPort: 80 | ||
| protocol: TCP | ||
| - containerPort: 3000 | ||
| protocol: TCP | ||
| imagePullPolicy: Always |
There was a problem hiding this comment.
⚠️ Aqua detected misconfiguration in your code
Misconfiguration ID: AVD-KSV-0030
Check Name: Default Seccomp profile not set
Severity: LOW
Message: Either Pod or Container should set 'securityContext.seccompProfile.type' to 'RuntimeDefault'
Resolution: Set 'spec.securityContext.seccompProfile.type', 'spec.containers[].securityContext.seccompProfile' and 'spec.initContainers[].securityContext.seccompProfile' to 'RuntimeDefault' or undefined.
[This comment was created by Aqua Pipeline]
Read more at https://avd.aquasec.com/misconfig/ksv030
| - name: ${{ secrets.ECR_REPOSITORY }} | ||
| image: ${{ secrets.ECR_REGISTRY }}/${{ secrets.ECR_REPOSITORY }}:latest | ||
| ports: | ||
| - containerPort: 80 | ||
| protocol: TCP | ||
| - containerPort: 3000 | ||
| protocol: TCP | ||
| imagePullPolicy: Always |
There was a problem hiding this comment.
⚠️ Aqua detected misconfiguration in your code
Misconfiguration ID: AVD-KSV-0106
Check Name: Container capabilities must only include NET_BIND_SERVICE
Severity: LOW
Message: container should drop all
Resolution: Set 'spec.containers[].securityContext.capabilities.drop' to 'ALL' and only add 'NET_BIND_SERVICE' to 'spec.containers[].securityContext.capabilities.add'.
[This comment was created by Aqua Pipeline]
Read more at https://avd.aquasec.com/misconfig/ksv106
| - name: ${{ secrets.ECR_REPOSITORY }} | ||
| image: ${{ secrets.ECR_REGISTRY }}/${{ secrets.ECR_REPOSITORY }}:latest | ||
| ports: | ||
| - containerPort: 80 | ||
| protocol: TCP | ||
| - containerPort: 3000 | ||
| protocol: TCP | ||
| imagePullPolicy: Always |
There was a problem hiding this comment.
⚠️ Aqua detected misconfiguration in your code
Misconfiguration ID: AVD-KSV-0018
Check Name: Memory not limited
Severity: LOW
Message: Container '${{ secrets.ECR_REPOSITORY }}' of Deployment '${{ secrets.ECR_REPOSITORY }}' should set 'resources.limits.memory'
Resolution: Set a limit value under 'containers[].resources.limits.memory'.
[This comment was created by Aqua Pipeline]
Read more at https://avd.aquasec.com/misconfig/ksv018
| - name: ${{ secrets.ECR_REPOSITORY }} | ||
| image: ${{ secrets.ECR_REGISTRY }}/${{ secrets.ECR_REPOSITORY }}:latest | ||
| ports: | ||
| - containerPort: 80 | ||
| protocol: TCP | ||
| - containerPort: 3000 | ||
| protocol: TCP | ||
| imagePullPolicy: Always |
There was a problem hiding this comment.
⚠️ Aqua detected misconfiguration in your code
Misconfiguration ID: AVD-KSV-0020
Check Name: Runs with low user ID
Severity: LOW
Message: Container '${{ secrets.ECR_REPOSITORY }}' of Deployment '${{ secrets.ECR_REPOSITORY }}' should set 'securityContext.runAsUser' > 10000
Resolution: Set 'containers[].securityContext.runAsUser' to an integer > 10000.
[This comment was created by Aqua Pipeline]
Read more at https://avd.aquasec.com/misconfig/ksv020
| - name: ${{ secrets.ECR_REPOSITORY }} | ||
| image: ${{ secrets.ECR_REGISTRY }}/${{ secrets.ECR_REPOSITORY }}:latest | ||
| ports: | ||
| - containerPort: 80 | ||
| protocol: TCP | ||
| - containerPort: 3000 | ||
| protocol: TCP | ||
| imagePullPolicy: Always |
There was a problem hiding this comment.
⚠️ Aqua detected misconfiguration in your code
Misconfiguration ID: AVD-KSV-0021
Check Name: Runs with low group ID
Severity: LOW
Message: Container '${{ secrets.ECR_REPOSITORY }}' of Deployment '${{ secrets.ECR_REPOSITORY }}' should set 'securityContext.runAsGroup' > 10000
Resolution: Set 'containers[].securityContext.runAsGroup' to an integer > 10000.
[This comment was created by Aqua Pipeline]
Read more at https://avd.aquasec.com/misconfig/ksv021
| - name: ${{ secrets.ECR_REPOSITORY }} | ||
| image: ${{ secrets.ECR_REGISTRY }}/${{ secrets.ECR_REPOSITORY }}:latest | ||
| ports: | ||
| - containerPort: 80 | ||
| protocol: TCP | ||
| - containerPort: 3000 | ||
| protocol: TCP | ||
| imagePullPolicy: Always |
There was a problem hiding this comment.
⚠️ Aqua detected misconfiguration in your code
Misconfiguration ID: AVD-KSV-0030
Check Name: Default Seccomp profile not set
Severity: LOW
Message: Either Pod or Container should set 'securityContext.seccompProfile.type' to 'RuntimeDefault'
Resolution: Set 'spec.securityContext.seccompProfile.type', 'spec.containers[].securityContext.seccompProfile' and 'spec.initContainers[].securityContext.seccompProfile' to 'RuntimeDefault' or undefined.
[This comment was created by Aqua Pipeline]
Read more at https://avd.aquasec.com/misconfig/ksv030
| - name: ${{ secrets.ECR_REPOSITORY }} | ||
| image: ${{ secrets.ECR_REGISTRY }}/${{ secrets.ECR_REPOSITORY }}:latest | ||
| ports: | ||
| - containerPort: 80 | ||
| protocol: TCP | ||
| - containerPort: 3000 | ||
| protocol: TCP | ||
| imagePullPolicy: Always |
There was a problem hiding this comment.
⚠️ Aqua detected misconfiguration in your code
Misconfiguration ID: AVD-KSV-0106
Check Name: Container capabilities must only include NET_BIND_SERVICE
Severity: LOW
Message: container should drop all
Resolution: Set 'spec.containers[].securityContext.capabilities.drop' to 'ALL' and only add 'NET_BIND_SERVICE' to 'spec.containers[].securityContext.capabilities.add'.
[This comment was created by Aqua Pipeline]
Read more at https://avd.aquasec.com/misconfig/ksv106
| - name: ${{ secrets.ECR_REPOSITORY }} | ||
| image: ${{ secrets.ECR_REGISTRY }}/${{ secrets.ECR_REPOSITORY }}:latest | ||
| ports: | ||
| - containerPort: 80 | ||
| protocol: TCP | ||
| - containerPort: 3000 | ||
| protocol: TCP | ||
| imagePullPolicy: Always |
There was a problem hiding this comment.
⚠️ Aqua detected misconfiguration in your code
Misconfiguration ID: AVD-KSV-0018
Check Name: Memory not limited
Severity: LOW
Message: Container '${{ secrets.ECR_REPOSITORY }}' of Deployment '${{ secrets.ECR_REPOSITORY }}' should set 'resources.limits.memory'
Resolution: Set a limit value under 'containers[].resources.limits.memory'.
[This comment was created by Aqua Pipeline]
Read more at https://avd.aquasec.com/misconfig/ksv018
| - name: ${{ secrets.ECR_REPOSITORY }} | ||
| image: ${{ secrets.ECR_REGISTRY }}/${{ secrets.ECR_REPOSITORY }}:latest | ||
| ports: | ||
| - containerPort: 80 | ||
| protocol: TCP | ||
| - containerPort: 3000 | ||
| protocol: TCP | ||
| imagePullPolicy: Always |
There was a problem hiding this comment.
⚠️ Aqua detected misconfiguration in your code
Misconfiguration ID: AVD-KSV-0020
Check Name: Runs with low user ID
Severity: LOW
Message: Container '${{ secrets.ECR_REPOSITORY }}' of Deployment '${{ secrets.ECR_REPOSITORY }}' should set 'securityContext.runAsUser' > 10000
Resolution: Set 'containers[].securityContext.runAsUser' to an integer > 10000.
[This comment was created by Aqua Pipeline]
Read more at https://avd.aquasec.com/misconfig/ksv020
| - name: ${{ secrets.ECR_REPOSITORY }} | ||
| image: ${{ secrets.ECR_REGISTRY }}/${{ secrets.ECR_REPOSITORY }}:latest | ||
| ports: | ||
| - containerPort: 80 | ||
| protocol: TCP | ||
| - containerPort: 3000 | ||
| protocol: TCP | ||
| imagePullPolicy: Always |
There was a problem hiding this comment.
⚠️ Aqua detected misconfiguration in your code
Misconfiguration ID: AVD-KSV-0021
Check Name: Runs with low group ID
Severity: LOW
Message: Container '${{ secrets.ECR_REPOSITORY }}' of Deployment '${{ secrets.ECR_REPOSITORY }}' should set 'securityContext.runAsGroup' > 10000
Resolution: Set 'containers[].securityContext.runAsGroup' to an integer > 10000.
[This comment was created by Aqua Pipeline]
Read more at https://avd.aquasec.com/misconfig/ksv021
| - name: ${{ secrets.ECR_REPOSITORY }} | ||
| image: ${{ secrets.ECR_REGISTRY }}/${{ secrets.ECR_REPOSITORY }}:latest | ||
| ports: | ||
| - containerPort: 80 | ||
| protocol: TCP | ||
| - containerPort: 3000 | ||
| protocol: TCP | ||
| imagePullPolicy: Always |
There was a problem hiding this comment.
⚠️ Aqua detected misconfiguration in your code
Misconfiguration ID: AVD-KSV-0030
Check Name: Default Seccomp profile not set
Severity: LOW
Message: Either Pod or Container should set 'securityContext.seccompProfile.type' to 'RuntimeDefault'
Resolution: Set 'spec.securityContext.seccompProfile.type', 'spec.containers[].securityContext.seccompProfile' and 'spec.initContainers[].securityContext.seccompProfile' to 'RuntimeDefault' or undefined.
[This comment was created by Aqua Pipeline]
Read more at https://avd.aquasec.com/misconfig/ksv030
| - name: ${{ secrets.ECR_REPOSITORY }} | ||
| image: ${{ secrets.ECR_REGISTRY }}/${{ secrets.ECR_REPOSITORY }}:latest | ||
| ports: | ||
| - containerPort: 80 | ||
| protocol: TCP | ||
| - containerPort: 3000 | ||
| protocol: TCP | ||
| imagePullPolicy: Always |
There was a problem hiding this comment.
⚠️ Aqua detected misconfiguration in your code
Misconfiguration ID: AVD-KSV-0106
Check Name: Container capabilities must only include NET_BIND_SERVICE
Severity: LOW
Message: container should drop all
Resolution: Set 'spec.containers[].securityContext.capabilities.drop' to 'ALL' and only add 'NET_BIND_SERVICE' to 'spec.containers[].securityContext.capabilities.add'.
[This comment was created by Aqua Pipeline]
Read more at https://avd.aquasec.com/misconfig/ksv106
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | ||
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest | ||
| deploy: | ||
| name: deploy to k8s |
There was a problem hiding this comment.
⚠️ Aqua detected misconfiguration in your code
Misconfiguration ID: AVD-PIPELINE-0008
Check Name: Unrestricted dependency version
Severity: MEDIUM
Message: Dependency kodermax/kubectl-aws-eks master version should be pinned to the commit sha
[This comment was created by Aqua Pipeline]
| - name: ${{ secrets.ECR_REPOSITORY }} | ||
| image: ${{ secrets.ECR_REGISTRY }}/${{ secrets.ECR_REPOSITORY }}:latest | ||
| ports: | ||
| - containerPort: 80 | ||
| protocol: TCP | ||
| - containerPort: 3000 | ||
| protocol: TCP | ||
| imagePullPolicy: Always |
There was a problem hiding this comment.
⚠️ Aqua detected misconfiguration in your code
Misconfiguration ID: AVD-KSV-0018
Check Name: Memory not limited
Severity: LOW
Message: Container '${{ secrets.ECR_REPOSITORY }}' of Deployment '${{ secrets.ECR_REPOSITORY }}' should set 'resources.limits.memory'
Resolution: Set a limit value under 'containers[].resources.limits.memory'.
[This comment was created by Aqua Pipeline]
Read more at https://avd.aquasec.com/misconfig/ksv018
| - name: ${{ secrets.ECR_REPOSITORY }} | ||
| image: ${{ secrets.ECR_REGISTRY }}/${{ secrets.ECR_REPOSITORY }}:latest | ||
| ports: | ||
| - containerPort: 80 | ||
| protocol: TCP | ||
| - containerPort: 3000 | ||
| protocol: TCP | ||
| imagePullPolicy: Always |
There was a problem hiding this comment.
⚠️ Aqua detected misconfiguration in your code
Misconfiguration ID: AVD-KSV-0020
Check Name: Runs with low user ID
Severity: LOW
Message: Container '${{ secrets.ECR_REPOSITORY }}' of Deployment '${{ secrets.ECR_REPOSITORY }}' should set 'securityContext.runAsUser' > 10000
Resolution: Set 'containers[].securityContext.runAsUser' to an integer > 10000.
[This comment was created by Aqua Pipeline]
Read more at https://avd.aquasec.com/misconfig/ksv020
| - name: ${{ secrets.ECR_REPOSITORY }} | ||
| image: ${{ secrets.ECR_REGISTRY }}/${{ secrets.ECR_REPOSITORY }}:latest | ||
| ports: | ||
| - containerPort: 80 | ||
| protocol: TCP | ||
| - containerPort: 3000 | ||
| protocol: TCP | ||
| imagePullPolicy: Always |
There was a problem hiding this comment.
⚠️ Aqua detected misconfiguration in your code
Misconfiguration ID: AVD-KSV-0021
Check Name: Runs with low group ID
Severity: LOW
Message: Container '${{ secrets.ECR_REPOSITORY }}' of Deployment '${{ secrets.ECR_REPOSITORY }}' should set 'securityContext.runAsGroup' > 10000
Resolution: Set 'containers[].securityContext.runAsGroup' to an integer > 10000.
[This comment was created by Aqua Pipeline]
Read more at https://avd.aquasec.com/misconfig/ksv021
| - name: ${{ secrets.ECR_REPOSITORY }} | ||
| image: ${{ secrets.ECR_REGISTRY }}/${{ secrets.ECR_REPOSITORY }}:latest | ||
| ports: | ||
| - containerPort: 80 | ||
| protocol: TCP | ||
| - containerPort: 3000 | ||
| protocol: TCP | ||
| imagePullPolicy: Always |
There was a problem hiding this comment.
⚠️ Aqua detected misconfiguration in your code
Misconfiguration ID: AVD-KSV-0030
Check Name: Default Seccomp profile not set
Severity: LOW
Message: Either Pod or Container should set 'securityContext.seccompProfile.type' to 'RuntimeDefault'
Resolution: Set 'spec.securityContext.seccompProfile.type', 'spec.containers[].securityContext.seccompProfile' and 'spec.initContainers[].securityContext.seccompProfile' to 'RuntimeDefault' or undefined.
[This comment was created by Aqua Pipeline]
Read more at https://avd.aquasec.com/misconfig/ksv030
| - name: ${{ secrets.ECR_REPOSITORY }} | ||
| image: ${{ secrets.ECR_REGISTRY }}/${{ secrets.ECR_REPOSITORY }}:latest | ||
| ports: | ||
| - containerPort: 80 | ||
| protocol: TCP | ||
| - containerPort: 3000 | ||
| protocol: TCP | ||
| imagePullPolicy: Always |
There was a problem hiding this comment.
⚠️ Aqua detected misconfiguration in your code
Misconfiguration ID: AVD-KSV-0106
Check Name: Container capabilities must only include NET_BIND_SERVICE
Severity: LOW
Message: container should drop all
Resolution: Set 'spec.containers[].securityContext.capabilities.drop' to 'ALL' and only add 'NET_BIND_SERVICE' to 'spec.containers[].securityContext.capabilities.add'.
[This comment was created by Aqua Pipeline]
Read more at https://avd.aquasec.com/misconfig/ksv106
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | ||
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest | ||
| deploy: | ||
| name: deploy to k8s |
There was a problem hiding this comment.
⚠️ Aqua detected misconfiguration in your code
Misconfiguration ID: AVD-PIPELINE-0008
Check Name: Unrestricted dependency version
Severity: MEDIUM
Message: Dependency kodermax/kubectl-aws-eks master version should be pinned to the commit sha
[This comment was created by Aqua Pipeline]
| - name: ${{ secrets.ECR_REPOSITORY }} | ||
| image: ${{ secrets.ECR_REGISTRY }}/${{ secrets.ECR_REPOSITORY }}:latest | ||
| ports: | ||
| - containerPort: 80 | ||
| protocol: TCP | ||
| - containerPort: 3000 | ||
| protocol: TCP | ||
| imagePullPolicy: Always |
There was a problem hiding this comment.
⚠️ Aqua detected misconfiguration in your code
Misconfiguration ID: AVD-KSV-0018
Check Name: Memory not limited
Severity: LOW
Message: Container '${{ secrets.ECR_REPOSITORY }}' of Deployment '${{ secrets.ECR_REPOSITORY }}' should set 'resources.limits.memory'
Resolution: Set a limit value under 'containers[].resources.limits.memory'.
[This comment was created by Aqua Pipeline]
Read more at https://avd.aquasec.com/misconfig/ksv018
| - name: ${{ secrets.ECR_REPOSITORY }} | ||
| image: ${{ secrets.ECR_REGISTRY }}/${{ secrets.ECR_REPOSITORY }}:latest | ||
| ports: | ||
| - containerPort: 80 | ||
| protocol: TCP | ||
| - containerPort: 3000 | ||
| protocol: TCP | ||
| imagePullPolicy: Always |
There was a problem hiding this comment.
⚠️ Aqua detected misconfiguration in your code
Misconfiguration ID: AVD-KSV-0020
Check Name: Runs with low user ID
Severity: LOW
Message: Container '${{ secrets.ECR_REPOSITORY }}' of Deployment '${{ secrets.ECR_REPOSITORY }}' should set 'securityContext.runAsUser' > 10000
Resolution: Set 'containers[].securityContext.runAsUser' to an integer > 10000.
[This comment was created by Aqua Pipeline]
Read more at https://avd.aquasec.com/misconfig/ksv020
| - name: ${{ secrets.ECR_REPOSITORY }} | ||
| image: ${{ secrets.ECR_REGISTRY }}/${{ secrets.ECR_REPOSITORY }}:latest | ||
| ports: | ||
| - containerPort: 80 | ||
| protocol: TCP | ||
| - containerPort: 3000 | ||
| protocol: TCP | ||
| imagePullPolicy: Always |
There was a problem hiding this comment.
⚠️ Aqua detected misconfiguration in your code
Misconfiguration ID: AVD-KSV-0021
Check Name: Runs with low group ID
Severity: LOW
Message: Container '${{ secrets.ECR_REPOSITORY }}' of Deployment '${{ secrets.ECR_REPOSITORY }}' should set 'securityContext.runAsGroup' > 10000
Resolution: Set 'containers[].securityContext.runAsGroup' to an integer > 10000.
[This comment was created by Aqua Pipeline]
Read more at https://avd.aquasec.com/misconfig/ksv021
| - name: ${{ secrets.ECR_REPOSITORY }} | ||
| image: ${{ secrets.ECR_REGISTRY }}/${{ secrets.ECR_REPOSITORY }}:latest | ||
| ports: | ||
| - containerPort: 80 | ||
| protocol: TCP | ||
| - containerPort: 3000 | ||
| protocol: TCP | ||
| imagePullPolicy: Always |
There was a problem hiding this comment.
⚠️ Aqua detected misconfiguration in your code
Misconfiguration ID: AVD-KSV-0030
Check Name: Default Seccomp profile not set
Severity: LOW
Message: Either Pod or Container should set 'securityContext.seccompProfile.type' to 'RuntimeDefault'
Resolution: Set 'spec.securityContext.seccompProfile.type', 'spec.containers[].securityContext.seccompProfile' and 'spec.initContainers[].securityContext.seccompProfile' to 'RuntimeDefault' or undefined.
[This comment was created by Aqua Pipeline]
Read more at https://avd.aquasec.com/misconfig/ksv030
| - name: ${{ secrets.ECR_REPOSITORY }} | ||
| image: ${{ secrets.ECR_REGISTRY }}/${{ secrets.ECR_REPOSITORY }}:latest | ||
| ports: | ||
| - containerPort: 80 | ||
| protocol: TCP | ||
| - containerPort: 3000 | ||
| protocol: TCP | ||
| imagePullPolicy: Always |
There was a problem hiding this comment.
⚠️ Aqua detected misconfiguration in your code
Misconfiguration ID: AVD-KSV-0106
Check Name: Container capabilities must only include NET_BIND_SERVICE
Severity: LOW
Message: container should drop all
Resolution: Set 'spec.containers[].securityContext.capabilities.drop' to 'ALL' and only add 'NET_BIND_SERVICE' to 'spec.containers[].securityContext.capabilities.add'.
[This comment was created by Aqua Pipeline]
Read more at https://avd.aquasec.com/misconfig/ksv106
No description provided.