diff --git a/examples/output_mocks/html-format.html b/examples/output_mocks/html-format.html index af1c5fda..15b2b01d 100644 --- a/examples/output_mocks/html-format.html +++ b/examples/output_mocks/html-format.html @@ -708,14 +708,14 @@ Low Network mapping - C-0049 + C-0049 Medium Cluster internal networking - C-0054 + C-0054 @@ -742,77 +742,77 @@ Medium Allow privilege escalation - C-0016 + C-0016

spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation=false

Medium Ingress and Egress blocked - C-0030 + C-0030 High Resource limits - C-0009 + C-0009

spec.template.spec.containers[0].resources.limits.cpu=YOUR_VALUE

spec.template.spec.containers[0].resources.limits.memory=YOUR_VALUE

Low Configured readiness probe - C-0018 + C-0018

spec.template.spec.containers[0].readinessProbe=YOUR_VALUE

Medium Non-root containers - C-0013 + C-0013

spec.template.spec.containers[0].securityContext.runAsNonRoot=true

spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation=false

Medium Automatic mapping of service account - C-0034 + C-0034

spec.template.spec.automountServiceAccountToken=false

Medium Linux hardening - C-0055 + C-0055

spec.template.spec.containers[0].securityContext.seccompProfile=YOUR_VALUE

spec.template.spec.containers[0].securityContext.seLinuxOptions=YOUR_VALUE

spec.template.spec.containers[0].securityContext.capabilities.drop[0]=YOUR_VALUE

Medium Configured liveness probe - C-0056 + C-0056

spec.template.spec.containers[0].livenessProbe=YOUR_VALUE

Low K8s common labels usage - C-0077 + C-0077

metadata.labels=YOUR_VALUE

spec.template.metadata.labels=YOUR_VALUE

Low Pods in default namespace - C-0061 + C-0061

metadata.namespace

Low Immutable container filesystem - C-0017 + C-0017

spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem=true

@@ -839,7 +839,7 @@ Medium Access container service account - C-0053 + C-0053 @@ -866,7 +866,7 @@ Medium Automatic mapping of service account - C-0034 + C-0034

automountServiceAccountToken=false

@@ -893,77 +893,77 @@ Medium Allow privilege escalation - C-0016 + C-0016

spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation=false

Medium Ingress and Egress blocked - C-0030 + C-0030 High Resource limits - C-0009 + C-0009

spec.template.spec.containers[0].resources.limits.cpu=YOUR_VALUE

spec.template.spec.containers[0].resources.limits.memory=YOUR_VALUE

Low Configured readiness probe - C-0018 + C-0018

spec.template.spec.containers[0].readinessProbe=YOUR_VALUE

Medium Non-root containers - C-0013 + C-0013

spec.template.spec.containers[0].securityContext.runAsNonRoot=true

spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation=false

Medium Automatic mapping of service account - C-0034 + C-0034

spec.template.spec.automountServiceAccountToken=false

Medium Linux hardening - C-0055 + C-0055

spec.template.spec.containers[0].securityContext.seccompProfile=YOUR_VALUE

spec.template.spec.containers[0].securityContext.seLinuxOptions=YOUR_VALUE

spec.template.spec.containers[0].securityContext.capabilities.drop[0]=YOUR_VALUE

Medium Configured liveness probe - C-0056 + C-0056

spec.template.spec.containers[0].livenessProbe=YOUR_VALUE

Low K8s common labels usage - C-0077 + C-0077

metadata.labels=YOUR_VALUE

spec.template.metadata.labels=YOUR_VALUE

Low Pods in default namespace - C-0061 + C-0061

metadata.namespace

Low Immutable container filesystem - C-0017 + C-0017

spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem=true

@@ -990,21 +990,21 @@ Medium Audit logs enabled - C-0067 + C-0067

spec.containers[0].command

Low PSP enabled - C-0068 + C-0068

spec.containers[0].command[5]

Medium Secret/ETCD encryption enabled - C-0066 + C-0066

spec.containers[0].command

@@ -1031,14 +1031,14 @@ Medium Data Destruction - C-0007 + C-0007

relatedObjects[1].rules[1].resources[1]

relatedObjects[1].rules[1].verbs[0]

relatedObjects[1].rules[1].apiGroups[0]

relatedObjects[1].rules[1].apiGroups[1]

relatedObjects[0].subjects[0]

relatedObjects[0].roleRef.name

High List Kubernetes secrets - C-0015 + C-0015

relatedObjects[1].rules[0].resources[0]

relatedObjects[1].rules[0].verbs[0]

relatedObjects[1].rules[0].verbs[1]

relatedObjects[1].rules[0].verbs[3]

relatedObjects[1].rules[0].apiGroups[0]

relatedObjects[0].subjects[0]

relatedObjects[0].roleRef.name

@@ -1065,7 +1065,7 @@ Medium Automatic mapping of service account - C-0034 + C-0034

automountServiceAccountToken=false

@@ -1092,56 +1092,56 @@ Medium Ingress and Egress blocked - C-0030 + C-0030 High Resource limits - C-0009 + C-0009

spec.jobTemplate.spec.template.spec.containers[0].resources.limits.cpu=YOUR_VALUE

spec.jobTemplate.spec.template.spec.containers[0].resources.limits.memory=YOUR_VALUE

Low Configured readiness probe - C-0018 + C-0018

spec.jobTemplate.spec.template.spec.containers[0].readinessProbe=YOUR_VALUE

Low Kubernetes CronJob - C-0026 + C-0026 Low Label usage for resources - C-0076 + C-0076

spec.jobTemplate.spec.template.metadata.labels=YOUR_VALUE

Medium Linux hardening - C-0055 + C-0055

spec.jobTemplate.spec.template.spec.containers[0].securityContext.seccompProfile=YOUR_VALUE

spec.jobTemplate.spec.template.spec.containers[0].securityContext.seLinuxOptions=YOUR_VALUE

spec.jobTemplate.spec.template.spec.containers[0].securityContext.capabilities.drop[0]=YOUR_VALUE

Medium Configured liveness probe - C-0056 + C-0056

spec.jobTemplate.spec.template.spec.containers[0].livenessProbe=YOUR_VALUE

Low K8s common labels usage - C-0077 + C-0077

metadata.labels=YOUR_VALUE

spec.jobTemplate.spec.template.metadata.labels=YOUR_VALUE

@@ -1168,63 +1168,63 @@ Medium Allow privilege escalation - C-0016 + C-0016

spec.jobTemplate.spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation=false

Medium Ingress and Egress blocked - C-0030 + C-0030 High Resource limits - C-0009 + C-0009

spec.jobTemplate.spec.template.spec.containers[0].resources.limits.cpu=YOUR_VALUE

spec.jobTemplate.spec.template.spec.containers[0].resources.limits.memory=YOUR_VALUE

Low Configured readiness probe - C-0018 + C-0018

spec.jobTemplate.spec.template.spec.containers[0].readinessProbe=YOUR_VALUE

Low Kubernetes CronJob - C-0026 + C-0026 Medium Non-root containers - C-0013 + C-0013

spec.jobTemplate.spec.template.spec.containers[0].securityContext.runAsNonRoot=true

spec.jobTemplate.spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation=false

Medium Linux hardening - C-0055 + C-0055

spec.jobTemplate.spec.template.spec.containers[0].securityContext.seccompProfile=YOUR_VALUE

spec.jobTemplate.spec.template.spec.containers[0].securityContext.seLinuxOptions=YOUR_VALUE

spec.jobTemplate.spec.template.spec.containers[0].securityContext.capabilities.drop[0]=YOUR_VALUE

Medium Configured liveness probe - C-0056 + C-0056

spec.jobTemplate.spec.template.spec.containers[0].livenessProbe=YOUR_VALUE

Low Immutable container filesystem - C-0017 + C-0017

spec.jobTemplate.spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem=true

@@ -1251,21 +1251,21 @@ Medium Data Destruction - C-0007 + C-0007

relatedObjects[1].rules[1].resources[0]

relatedObjects[1].rules[1].verbs[0]

relatedObjects[1].rules[1].apiGroups[0]

relatedObjects[0].subjects[0]

relatedObjects[0].roleRef.name

relatedObjects[1].rules[2].resources[1]

relatedObjects[1].rules[2].verbs[0]

relatedObjects[1].rules[2].apiGroups[0]

relatedObjects[0].subjects[0]

relatedObjects[0].roleRef.name

Medium CoreDNS poisoning - C-0037 + C-0037

relatedObjects[1].rules[2].resources[0]

relatedObjects[1].rules[2].verbs[0]

relatedObjects[1].rules[2].apiGroups[0]

relatedObjects[0].subjects[0]

relatedObjects[0].roleRef.name

High List Kubernetes secrets - C-0015 + C-0015

relatedObjects[1].rules[0].resources[0]

relatedObjects[1].rules[0].verbs[0]

relatedObjects[1].rules[0].verbs[1]

relatedObjects[1].rules[0].apiGroups[0]

relatedObjects[0].subjects[0]

relatedObjects[0].roleRef.name

relatedObjects[1].rules[2].resources[1]

relatedObjects[1].rules[2].verbs[0]

relatedObjects[1].rules[2].apiGroups[0]

relatedObjects[0].subjects[0]

relatedObjects[0].roleRef.name

@@ -1292,56 +1292,56 @@ Medium Ingress and Egress blocked - C-0030 + C-0030 High Resource limits - C-0009 + C-0009

spec.jobTemplate.spec.template.spec.containers[0].resources.limits.cpu=YOUR_VALUE

spec.jobTemplate.spec.template.spec.containers[0].resources.limits.memory=YOUR_VALUE

Low Configured readiness probe - C-0018 + C-0018

spec.jobTemplate.spec.template.spec.containers[0].readinessProbe=YOUR_VALUE

Low Kubernetes CronJob - C-0026 + C-0026 Low Label usage for resources - C-0076 + C-0076

spec.jobTemplate.spec.template.metadata.labels=YOUR_VALUE

Medium Linux hardening - C-0055 + C-0055

spec.jobTemplate.spec.template.spec.containers[0].securityContext.seccompProfile=YOUR_VALUE

spec.jobTemplate.spec.template.spec.containers[0].securityContext.seLinuxOptions=YOUR_VALUE

spec.jobTemplate.spec.template.spec.containers[0].securityContext.capabilities.drop[0]=YOUR_VALUE

Medium Configured liveness probe - C-0056 + C-0056

spec.jobTemplate.spec.template.spec.containers[0].livenessProbe=YOUR_VALUE

Low K8s common labels usage - C-0077 + C-0077

metadata.labels=YOUR_VALUE

spec.jobTemplate.spec.template.metadata.labels=YOUR_VALUE

@@ -1368,56 +1368,56 @@ Medium Ingress and Egress blocked - C-0030 + C-0030 High Resource limits - C-0009 + C-0009

spec.jobTemplate.spec.template.spec.containers[0].resources.limits.cpu=YOUR_VALUE

spec.jobTemplate.spec.template.spec.containers[0].resources.limits.memory=YOUR_VALUE

Low Configured readiness probe - C-0018 + C-0018

spec.jobTemplate.spec.template.spec.containers[0].readinessProbe=YOUR_VALUE

Low Kubernetes CronJob - C-0026 + C-0026 Low Label usage for resources - C-0076 + C-0076

spec.jobTemplate.spec.template.metadata.labels=YOUR_VALUE

Medium Linux hardening - C-0055 + C-0055

spec.jobTemplate.spec.template.spec.containers[0].securityContext.seccompProfile=YOUR_VALUE

spec.jobTemplate.spec.template.spec.containers[0].securityContext.seLinuxOptions=YOUR_VALUE

spec.jobTemplate.spec.template.spec.containers[0].securityContext.capabilities.drop[0]=YOUR_VALUE

Medium Configured liveness probe - C-0056 + C-0056

spec.jobTemplate.spec.template.spec.containers[0].livenessProbe=YOUR_VALUE

Low K8s common labels usage - C-0077 + C-0077

metadata.labels=YOUR_VALUE

spec.jobTemplate.spec.template.metadata.labels=YOUR_VALUE

@@ -1444,7 +1444,7 @@ High List Kubernetes secrets - C-0015 + C-0015

relatedObjects[1].rules[0].resources[0]

relatedObjects[1].rules[0].verbs[0]

relatedObjects[1].rules[0].verbs[1]

relatedObjects[1].rules[0].verbs[2]

relatedObjects[1].rules[0].apiGroups[0]

relatedObjects[0].subjects[0]

relatedObjects[0].roleRef.name

@@ -1471,63 +1471,63 @@ Medium Allow privilege escalation - C-0016 + C-0016

spec.jobTemplate.spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation=false

Medium Ingress and Egress blocked - C-0030 + C-0030 High Resource limits - C-0009 + C-0009

spec.jobTemplate.spec.template.spec.containers[0].resources.limits.cpu=YOUR_VALUE

spec.jobTemplate.spec.template.spec.containers[0].resources.limits.memory=YOUR_VALUE

Low Configured readiness probe - C-0018 + C-0018

spec.jobTemplate.spec.template.spec.containers[0].readinessProbe=YOUR_VALUE

Low Kubernetes CronJob - C-0026 + C-0026 Medium Non-root containers - C-0013 + C-0013

spec.jobTemplate.spec.template.spec.containers[0].securityContext.runAsNonRoot=true

spec.jobTemplate.spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation=false

Medium Linux hardening - C-0055 + C-0055

spec.jobTemplate.spec.template.spec.containers[0].securityContext.seccompProfile=YOUR_VALUE

spec.jobTemplate.spec.template.spec.containers[0].securityContext.seLinuxOptions=YOUR_VALUE

spec.jobTemplate.spec.template.spec.containers[0].securityContext.capabilities.drop[0]=YOUR_VALUE

Medium Configured liveness probe - C-0056 + C-0056

spec.jobTemplate.spec.template.spec.containers[0].livenessProbe=YOUR_VALUE

Low Immutable container filesystem - C-0017 + C-0017

spec.jobTemplate.spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem=true