Elgato_dark/argo-cd
1
0
Fork 0
mirror of https://github.com/argoproj/argo-cd synced 2026-04-21 17:07:16 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 22
argo-cd/docs/snyk/v3.3.7/argocd-iac-install.html
github-actions[bot] 8038e0ec96
[Bot] docs: Update Snyk report (#27438) 
Signed-off-by: CI <ci@argoproj.com>
Co-authored-by: CI <ci@argoproj.com>
2026-04-19 09:41:10 +03:00

2891 lines
131 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-type" content="text/html; charset=utf-8">
<meta http-equiv="Content-Language" content="en-us">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Snyk test report</title>
<meta name="description" content=" known vulnerabilities found in .">
<base target="_blank">
<link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
sizes="194x194">
<link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
<style type="text/css">
body {
-moz-font-feature-settings: "pnum";
-webkit-font-feature-settings: "pnum";
font-variant-numeric: proportional-nums;
display: flex;
flex-direction: column;
font-feature-settings: "pnum";
font-size: 100%;
line-height: 1.5;
min-height: 100vh;
-webkit-text-size-adjust: 100%;
margin: 0;
padding: 0;
background-color: #F5F5F5;
font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
}
h1,
h2,
h3,
h4,
h5,
h6 {
font-weight: 500;
}
a,
a:link,
a:visited {
border-bottom: 1px solid #4b45a9;
text-decoration: none;
color: #4b45a9;
}
a:hover,
a:focus,
a:active {
border-bottom: 1px solid #4b45a9;
}
hr {
border: none;
margin: 1em 0;
border-top: 1px solid #c5c5c5;
}
ul {
padding: 0 1em;
margin: 1em 0;
}
code {
background-color: #EEE;
color: #333;
padding: 0.25em 0.5em;
border-radius: 0.25em;
}
pre {
background-color: #333;
font-family: monospace;
padding: 0.5em 1em 0.75em;
border-radius: 0.25em;
font-size: 14px;
}
pre code {
padding: 0;
background-color: transparent;
color: #fff;
}
a code {
border-radius: .125rem .125rem 0 0;
padding-bottom: 0;
color: #4b45a9;
}
a[href^="http://"]:after,
a[href^="https://"]:after {
background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
background-repeat: no-repeat;
background-size: .75rem;
content: "";
display: inline-block;
height: .75rem;
margin-left: .25rem;
width: .75rem;
}
/* Layout */
[class*=layout-container] {
margin: 0 auto;
max-width: 71.25em;
padding: 1.9em 1.3em;
position: relative;
}
.layout-container--short {
padding-top: 0;
padding-bottom: 0;
max-width: 48.75em;
}
.layout-container--short:after {
display: block;
content: "";
clear: both;
}
/* Header */
.header {
padding-bottom: 1px;
}
.paths {
margin-left: 8px;
}
.header-wrap {
display: flex;
flex-direction: row;
justify-content: space-between;
padding-top: 2em;
}
.project__header {
background-color: #030328;
color: #fff;
margin-bottom: -1px;
padding-top: 1em;
padding-bottom: 0.25em;
border-bottom: 2px solid #BBB;
}
.project__header__title {
overflow-wrap: break-word;
word-wrap: break-word;
word-break: break-all;
margin-bottom: .1em;
margin-top: 0;
}
.timestamp {
float: right;
clear: none;
margin-bottom: 0;
}
.meta-counts {
clear: both;
display: block;
flex-wrap: wrap;
justify-content: space-between;
margin: 0 0 1.5em;
color: #fff;
clear: both;
font-size: 1.1em;
}
.meta-count {
display: block;
flex-basis: 100%;
margin: 0 1em 1em 0;
float: left;
padding-right: 1em;
border-right: 2px solid #fff;
}
.meta-count:last-child {
border-right: 0;
padding-right: 0;
margin-right: 0;
}
/* Card */
.card {
background-color: #fff;
border: 1px solid #c5c5c5;
border-radius: .25rem;
margin: 0 0 2em 0;
position: relative;
min-height: 40px;
padding: 1.5em;
}
.card .label {
background-color: #767676;
border: 2px solid #767676;
color: white;
padding: 0.25rem 0.75rem;
font-size: 0.875rem;
text-transform: uppercase;
display: inline-block;
margin: 0;
border-radius: 0.25rem;
}
.card .label__text {
vertical-align: text-top;
font-weight: bold;
}
.card .label--critical {
background-color: #AB1A1A;
border-color: #AB1A1A;
}
.card .label--high {
background-color: #CE5019;
border-color: #CE5019;
}
.card .label--medium {
background-color: #D68000;
border-color: #D68000;
}
.card .label--low {
background-color: #88879E;
border-color: #88879E;
}
.severity--low {
border-color: #88879E;
}
.severity--medium {
border-color: #D68000;
}
.severity--high {
border-color: #CE5019;
}
.severity--critical {
border-color: #AB1A1A;
}
.card--vuln {
padding-top: 4em;
}
.card--vuln .label {
left: 0;
position: absolute;
top: 1.1em;
padding-left: 1.9em;
padding-right: 1.9em;
border-radius: 0 0.25rem 0.25rem 0;
}
.card--vuln .card__section h2 {
font-size: 22px;
margin-bottom: 0.5em;
}
.card--vuln .card__section p {
margin: 0 0 0.5em 0;
}
.card--vuln .card__meta {
padding: 0 0 0 1em;
margin: 0;
font-size: 1.1em;
}
.card .card__meta__paths {
font-size: 0.9em;
}
.card--vuln .card__title {
font-size: 28px;
margin-top: 0;
}
.card--vuln .card__cta p {
margin: 0;
text-align: right;
}
.source-panel {
clear: both;
display: flex;
justify-content: flex-start;
flex-direction: column;
align-items: flex-start;
padding: 0.5em 0;
width: fit-content;
}
</style>
<style type="text/css">
.metatable {
text-size-adjust: 100%;
-webkit-font-smoothing: antialiased;
-webkit-box-direction: normal;
color: inherit;
font-feature-settings: "pnum";
box-sizing: border-box;
background: transparent;
border: 0;
font: inherit;
font-size: 100%;
margin: 0;
outline: none;
padding: 0;
text-align: left;
text-decoration: none;
vertical-align: baseline;
z-index: auto;
margin-top: 12px;
border-collapse: collapse;
border-spacing: 0;
font-variant-numeric: tabular-nums;
max-width: 51.75em;
}
tbody {
text-size-adjust: 100%;
-webkit-font-smoothing: antialiased;
-webkit-box-direction: normal;
color: inherit;
font-feature-settings: "pnum";
border-collapse: collapse;
border-spacing: 0;
box-sizing: border-box;
background: transparent;
border: 0;
font: inherit;
font-size: 100%;
margin: 0;
outline: none;
padding: 0;
text-align: left;
text-decoration: none;
vertical-align: baseline;
z-index: auto;
display: flex;
flex-wrap: wrap;
}
.meta-row {
text-size-adjust: 100%;
-webkit-font-smoothing: antialiased;
-webkit-box-direction: normal;
color: inherit;
font-feature-settings: "pnum";
border-collapse: collapse;
border-spacing: 0;
box-sizing: border-box;
background: transparent;
border: 0;
font: inherit;
font-size: 100%;
outline: none;
text-align: left;
text-decoration: none;
vertical-align: baseline;
z-index: auto;
display: flex;
align-items: start;
border-top: 1px solid #d3d3d9;
padding: 8px 0 0 0;
border-bottom: none;
margin: 8px;
width: 47.75%;
}
.meta-row-label {
text-size-adjust: 100%;
-webkit-font-smoothing: antialiased;
-webkit-box-direction: normal;
font-feature-settings: "pnum";
border-collapse: collapse;
border-spacing: 0;
color: #4c4a73;
box-sizing: border-box;
background: transparent;
border: 0;
font: inherit;
margin: 0;
outline: none;
text-decoration: none;
z-index: auto;
align-self: start;
flex: 1;
font-size: 1rem;
line-height: 1.5rem;
padding: 0;
text-align: left;
vertical-align: top;
text-transform: none;
letter-spacing: 0;
}
.meta-row-value {
text-size-adjust: 100%;
-webkit-font-smoothing: antialiased;
-webkit-box-direction: normal;
color: inherit;
font-feature-settings: "pnum";
border-collapse: collapse;
border-spacing: 0;
word-break: break-word;
box-sizing: border-box;
background: transparent;
border: 0;
font: inherit;
font-size: 100%;
margin: 0;
outline: none;
padding: 0;
text-align: right;
text-decoration: none;
vertical-align: baseline;
z-index: auto;
}
</style>
</head>
<body class="section-projects">
<main class="layout-stacked">
<div class="layout-stacked__header header">
<header class="project__header">
<div class="layout-container">
<a class="brand" href="https://snyk.io" title="Snyk">
<svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
<title>Snyk - Open Source Security</title>
<g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
<g fill="#fff">
<path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
</g>
</g>
</svg>
</a>
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">April 19th 2026, 12:45:44 am (UTC+00:00)</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>
<ul>
<li class="paths">/argo-cd/manifests/install.yaml (Kubernetes)</li>
</ul>
</div>
<div class="meta-counts">
<div class="meta-count"><span>44</span> <span>total issues</span></div>
</div><!-- .meta-counts -->
</div><!-- .layout-container--short -->
</header><!-- .project__header -->
</div><!-- .layout-stacked__header -->
<section class="layout-container">
<table class="metatable">
<tbody>
<tr class="meta-row"><th class="meta-row-label">Project</th> <td class="meta-row-value">manifests/install.yaml</td></tr>
<tr class="meta-row"><th class="meta-row-label">Path</th> <td class="meta-row-value">/argo-cd/manifests/install.yaml</td></tr>
<tr class="meta-row"><th class="meta-row-label">Project Type</th> <td class="meta-row-value">Kubernetes</td></tr>
</tbody>
</table>
</section> <div class="layout-container" style="padding-top: 35px;">
<div class="cards--vuln filter--patch filter--ignore">
<div class="card card--vuln disclosure--not-new severity--high" data-snyk-test="high">
<h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
<div class="card__section">
<div class="label label--high">
<span class="label__text">high severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 17]
<span class="list-paths__item__arrow"></span>
rules[4]
<span class="list-paths__item__arrow"></span>
resources
</li>
<li class="card__meta__item">
Line number: 30936
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p>
<h2>Remediation</h2>
<p>Consider removing these permissions</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium">
<h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
<div class="card__section">
<div class="label label--medium">
<span class="label__text">medium severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 10]
<span class="list-paths__item__arrow"></span>
rules[0]
<span class="list-paths__item__arrow"></span>
resources
</li>
<li class="card__meta__item">
Line number: 30621
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p>
<h2>Remediation</h2>
<p>Consider removing these permissions</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium">
<h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
<div class="card__section">
<div class="label label--medium">
<span class="label__text">medium severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 11]
<span class="list-paths__item__arrow"></span>
rules[4]
<span class="list-paths__item__arrow"></span>
resources
</li>
<li class="card__meta__item">
Line number: 30709
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p>
<h2>Remediation</h2>
<p>Consider removing these permissions</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium">
<h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
<div class="card__section">
<div class="label label--medium">
<span class="label__text">medium severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 12]
<span class="list-paths__item__arrow"></span>
rules[0]
<span class="list-paths__item__arrow"></span>
resources
</li>
<li class="card__meta__item">
Line number: 30744
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p>
<h2>Remediation</h2>
<p>Consider removing these permissions</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium">
<h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
<div class="card__section">
<div class="label label--medium">
<span class="label__text">medium severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 13]
<span class="list-paths__item__arrow"></span>
rules[1]
<span class="list-paths__item__arrow"></span>
resources
</li>
<li class="card__meta__item">
Line number: 30774
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p>
<h2>Remediation</h2>
<p>Consider removing these permissions</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium">
<h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
<div class="card__section">
<div class="label label--medium">
<span class="label__text">medium severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 13]
<span class="list-paths__item__arrow"></span>
rules[3]
<span class="list-paths__item__arrow"></span>
resources
</li>
<li class="card__meta__item">
Line number: 30792
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p>
<h2>Remediation</h2>
<p>Consider removing these permissions</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium">
<h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
<div class="card__section">
<div class="label label--medium">
<span class="label__text">medium severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 14]
<span class="list-paths__item__arrow"></span>
rules[0]
<span class="list-paths__item__arrow"></span>
resources
</li>
<li class="card__meta__item">
Line number: 30810
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p>
<h2>Remediation</h2>
<p>Consider removing these permissions</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium">
<h2 class="card__title">Role or ClusterRole with dangerous permissions</h2>
<div class="card__section">
<div class="label label--medium">
<span class="label__text">medium severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 15]
<span class="list-paths__item__arrow"></span>
rules[0]
<span class="list-paths__item__arrow"></span>
resources
</li>
<li class="card__meta__item">
Line number: 30832
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.</p>
<h2>Remediation</h2>
<p>Consider removing these permissions</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-47">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container could be running with outdated image</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-42">SNYK-CC-K8S-42</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 48]
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
initContainers[secret-init]
<span class="list-paths__item__arrow"></span>
imagePullPolicy
</li>
<li class="card__meta__item">
Line number: 32039
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>The container may run with outdated or unauthorized image</p>
<h2>Remediation</h2>
<p>Set &#x60;imagePullPolicy&#x60; attribute to &#x60;Always&#x60;</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-42">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container could be running with outdated image</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-42">SNYK-CC-K8S-42</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 49]
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
initContainers[copyutil]
<span class="list-paths__item__arrow"></span>
imagePullPolicy
</li>
<li class="card__meta__item">
Line number: 32382
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>The container may run with outdated or unauthorized image</p>
<h2>Remediation</h2>
<p>Set &#x60;imagePullPolicy&#x60; attribute to &#x60;Always&#x60;</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-42">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container has no CPU limit</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 45]
<span class="list-paths__item__arrow"></span>
input
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
containers[argocd-applicationset-controller]
<span class="list-paths__item__arrow"></span>
resources
<span class="list-paths__item__arrow"></span>
limits
<span class="list-paths__item__arrow"></span>
cpu
</li>
<li class="card__meta__item">
Line number: 31519
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
<h2>Remediation</h2>
<p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container has no CPU limit</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 46]
<span class="list-paths__item__arrow"></span>
input
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
initContainers[copyutil]
<span class="list-paths__item__arrow"></span>
resources
<span class="list-paths__item__arrow"></span>
limits
<span class="list-paths__item__arrow"></span>
cpu
</li>
<li class="card__meta__item">
Line number: 31835
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
<h2>Remediation</h2>
<p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container has no CPU limit</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 46]
<span class="list-paths__item__arrow"></span>
input
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
containers[dex]
<span class="list-paths__item__arrow"></span>
resources
<span class="list-paths__item__arrow"></span>
limits
<span class="list-paths__item__arrow"></span>
cpu
</li>
<li class="card__meta__item">
Line number: 31783
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
<h2>Remediation</h2>
<p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container has no CPU limit</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 47]
<span class="list-paths__item__arrow"></span>
input
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
containers[argocd-notifications-controller]
<span class="list-paths__item__arrow"></span>
resources
<span class="list-paths__item__arrow"></span>
limits
<span class="list-paths__item__arrow"></span>
cpu
</li>
<li class="card__meta__item">
Line number: 31897
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
<h2>Remediation</h2>
<p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container has no CPU limit</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 48]
<span class="list-paths__item__arrow"></span>
input
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
containers[redis]
<span class="list-paths__item__arrow"></span>
resources
<span class="list-paths__item__arrow"></span>
limits
<span class="list-paths__item__arrow"></span>
cpu
</li>
<li class="card__meta__item">
Line number: 32010
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
<h2>Remediation</h2>
<p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container has no CPU limit</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 48]
<span class="list-paths__item__arrow"></span>
input
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
initContainers[secret-init]
<span class="list-paths__item__arrow"></span>
resources
<span class="list-paths__item__arrow"></span>
limits
<span class="list-paths__item__arrow"></span>
cpu
</li>
<li class="card__meta__item">
Line number: 32034
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
<h2>Remediation</h2>
<p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container has no CPU limit</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 49]
<span class="list-paths__item__arrow"></span>
input
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
initContainers[copyutil]
<span class="list-paths__item__arrow"></span>
resources
<span class="list-paths__item__arrow"></span>
limits
<span class="list-paths__item__arrow"></span>
cpu
</li>
<li class="card__meta__item">
Line number: 32382
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
<h2>Remediation</h2>
<p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container has no CPU limit</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 49]
<span class="list-paths__item__arrow"></span>
input
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
containers[argocd-repo-server]
<span class="list-paths__item__arrow"></span>
resources
<span class="list-paths__item__arrow"></span>
limits
<span class="list-paths__item__arrow"></span>
cpu
</li>
<li class="card__meta__item">
Line number: 32093
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
<h2>Remediation</h2>
<p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container has no CPU limit</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 50]
<span class="list-paths__item__arrow"></span>
input
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
containers[argocd-server]
<span class="list-paths__item__arrow"></span>
resources
<span class="list-paths__item__arrow"></span>
limits
<span class="list-paths__item__arrow"></span>
cpu
</li>
<li class="card__meta__item">
Line number: 32470
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
<h2>Remediation</h2>
<p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container has no CPU limit</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 51]
<span class="list-paths__item__arrow"></span>
input
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
containers[argocd-application-controller]
<span class="list-paths__item__arrow"></span>
resources
<span class="list-paths__item__arrow"></span>
limits
<span class="list-paths__item__arrow"></span>
cpu
</li>
<li class="card__meta__item">
Line number: 32880
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
<h2>Remediation</h2>
<p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-5">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container is running with multiple open ports</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-36">SNYK-CC-K8S-36</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 46]
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
containers[dex]
<span class="list-paths__item__arrow"></span>
ports
</li>
<li class="card__meta__item">
Line number: 31815
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>Increases the attack surface of the application and the container.</p>
<h2>Remediation</h2>
<p>Reduce &#x60;ports&#x60; count to 2</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-36">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container is running without liveness probe</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">SNYK-CC-K8S-41</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 45]
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
containers[argocd-applicationset-controller]
<span class="list-paths__item__arrow"></span>
livenessProbe
</li>
<li class="card__meta__item">
Line number: 31519
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods</p>
<h2>Remediation</h2>
<p>Add &#x60;livenessProbe&#x60; attribute</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container is running without liveness probe</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">SNYK-CC-K8S-41</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 46]
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
containers[dex]
<span class="list-paths__item__arrow"></span>
livenessProbe
</li>
<li class="card__meta__item">
Line number: 31783
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods</p>
<h2>Remediation</h2>
<p>Add &#x60;livenessProbe&#x60; attribute</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container is running without liveness probe</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">SNYK-CC-K8S-41</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 48]
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
containers[redis]
<span class="list-paths__item__arrow"></span>
livenessProbe
</li>
<li class="card__meta__item">
Line number: 32010
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods</p>
<h2>Remediation</h2>
<p>Add &#x60;livenessProbe&#x60; attribute</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-41">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container is running without memory limit</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 45]
<span class="list-paths__item__arrow"></span>
input
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
containers[argocd-applicationset-controller]
<span class="list-paths__item__arrow"></span>
resources
<span class="list-paths__item__arrow"></span>
limits
<span class="list-paths__item__arrow"></span>
memory
</li>
<li class="card__meta__item">
Line number: 31519
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
<h2>Remediation</h2>
<p>Set &#x60;resources.limits.memory&#x60; value</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container is running without memory limit</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 46]
<span class="list-paths__item__arrow"></span>
input
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
containers[dex]
<span class="list-paths__item__arrow"></span>
resources
<span class="list-paths__item__arrow"></span>
limits
<span class="list-paths__item__arrow"></span>
memory
</li>
<li class="card__meta__item">
Line number: 31783
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
<h2>Remediation</h2>
<p>Set &#x60;resources.limits.memory&#x60; value</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container is running without memory limit</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 46]
<span class="list-paths__item__arrow"></span>
input
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
initContainers[copyutil]
<span class="list-paths__item__arrow"></span>
resources
<span class="list-paths__item__arrow"></span>
limits
<span class="list-paths__item__arrow"></span>
memory
</li>
<li class="card__meta__item">
Line number: 31835
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
<h2>Remediation</h2>
<p>Set &#x60;resources.limits.memory&#x60; value</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container is running without memory limit</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 47]
<span class="list-paths__item__arrow"></span>
input
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
containers[argocd-notifications-controller]
<span class="list-paths__item__arrow"></span>
resources
<span class="list-paths__item__arrow"></span>
limits
<span class="list-paths__item__arrow"></span>
memory
</li>
<li class="card__meta__item">
Line number: 31897
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
<h2>Remediation</h2>
<p>Set &#x60;resources.limits.memory&#x60; value</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container is running without memory limit</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 48]
<span class="list-paths__item__arrow"></span>
input
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
containers[redis]
<span class="list-paths__item__arrow"></span>
resources
<span class="list-paths__item__arrow"></span>
limits
<span class="list-paths__item__arrow"></span>
memory
</li>
<li class="card__meta__item">
Line number: 32010
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
<h2>Remediation</h2>
<p>Set &#x60;resources.limits.memory&#x60; value</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container is running without memory limit</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 48]
<span class="list-paths__item__arrow"></span>
input
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
initContainers[secret-init]
<span class="list-paths__item__arrow"></span>
resources
<span class="list-paths__item__arrow"></span>
limits
<span class="list-paths__item__arrow"></span>
memory
</li>
<li class="card__meta__item">
Line number: 32034
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
<h2>Remediation</h2>
<p>Set &#x60;resources.limits.memory&#x60; value</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container is running without memory limit</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 49]
<span class="list-paths__item__arrow"></span>
input
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
initContainers[copyutil]
<span class="list-paths__item__arrow"></span>
resources
<span class="list-paths__item__arrow"></span>
limits
<span class="list-paths__item__arrow"></span>
memory
</li>
<li class="card__meta__item">
Line number: 32382
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
<h2>Remediation</h2>
<p>Set &#x60;resources.limits.memory&#x60; value</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container is running without memory limit</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 49]
<span class="list-paths__item__arrow"></span>
input
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
containers[argocd-repo-server]
<span class="list-paths__item__arrow"></span>
resources
<span class="list-paths__item__arrow"></span>
limits
<span class="list-paths__item__arrow"></span>
memory
</li>
<li class="card__meta__item">
Line number: 32093
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
<h2>Remediation</h2>
<p>Set &#x60;resources.limits.memory&#x60; value</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container is running without memory limit</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 50]
<span class="list-paths__item__arrow"></span>
input
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
containers[argocd-server]
<span class="list-paths__item__arrow"></span>
resources
<span class="list-paths__item__arrow"></span>
limits
<span class="list-paths__item__arrow"></span>
memory
</li>
<li class="card__meta__item">
Line number: 32470
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
<h2>Remediation</h2>
<p>Set &#x60;resources.limits.memory&#x60; value</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container is running without memory limit</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 51]
<span class="list-paths__item__arrow"></span>
input
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
containers[argocd-application-controller]
<span class="list-paths__item__arrow"></span>
resources
<span class="list-paths__item__arrow"></span>
limits
<span class="list-paths__item__arrow"></span>
memory
</li>
<li class="card__meta__item">
Line number: 32880
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
<h2>Remediation</h2>
<p>Set &#x60;resources.limits.memory&#x60; value</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-4">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container&#x27;s or Pod&#x27;s UID could clash with host&#x27;s UID</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 45]
<span class="list-paths__item__arrow"></span>
input
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
containers[argocd-applicationset-controller]
<span class="list-paths__item__arrow"></span>
securityContext
<span class="list-paths__item__arrow"></span>
runAsUser
</li>
<li class="card__meta__item">
Line number: 31696
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
<h2>Remediation</h2>
<p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container&#x27;s or Pod&#x27;s UID could clash with host&#x27;s UID</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 46]
<span class="list-paths__item__arrow"></span>
input
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
initContainers[copyutil]
<span class="list-paths__item__arrow"></span>
securityContext
<span class="list-paths__item__arrow"></span>
runAsUser
</li>
<li class="card__meta__item">
Line number: 31843
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
<h2>Remediation</h2>
<p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container&#x27;s or Pod&#x27;s UID could clash with host&#x27;s UID</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 46]
<span class="list-paths__item__arrow"></span>
input
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
containers[dex]
<span class="list-paths__item__arrow"></span>
securityContext
<span class="list-paths__item__arrow"></span>
runAsUser
</li>
<li class="card__meta__item">
Line number: 31818
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
<h2>Remediation</h2>
<p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container&#x27;s or Pod&#x27;s UID could clash with host&#x27;s UID</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 47]
<span class="list-paths__item__arrow"></span>
input
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
containers[argocd-notifications-controller]
<span class="list-paths__item__arrow"></span>
securityContext
<span class="list-paths__item__arrow"></span>
runAsUser
</li>
<li class="card__meta__item">
Line number: 31942
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
<h2>Remediation</h2>
<p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container&#x27;s or Pod&#x27;s UID could clash with host&#x27;s UID</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 48]
<span class="list-paths__item__arrow"></span>
input
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
containers[redis]
<span class="list-paths__item__arrow"></span>
securityContext
<span class="list-paths__item__arrow"></span>
runAsUser
</li>
<li class="card__meta__item">
Line number: 32027
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
<h2>Remediation</h2>
<p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container&#x27;s or Pod&#x27;s UID could clash with host&#x27;s UID</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 48]
<span class="list-paths__item__arrow"></span>
input
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
initContainers[secret-init]
<span class="list-paths__item__arrow"></span>
securityContext
<span class="list-paths__item__arrow"></span>
runAsUser
</li>
<li class="card__meta__item">
Line number: 32041
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
<h2>Remediation</h2>
<p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container&#x27;s or Pod&#x27;s UID could clash with host&#x27;s UID</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 49]
<span class="list-paths__item__arrow"></span>
input
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
initContainers[copyutil]
<span class="list-paths__item__arrow"></span>
securityContext
<span class="list-paths__item__arrow"></span>
runAsUser
</li>
<li class="card__meta__item">
Line number: 32390
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
<h2>Remediation</h2>
<p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container&#x27;s or Pod&#x27;s UID could clash with host&#x27;s UID</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 49]
<span class="list-paths__item__arrow"></span>
input
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
containers[argocd-repo-server]
<span class="list-paths__item__arrow"></span>
securityContext
<span class="list-paths__item__arrow"></span>
runAsUser
</li>
<li class="card__meta__item">
Line number: 32355
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
<h2>Remediation</h2>
<p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container&#x27;s or Pod&#x27;s UID could clash with host&#x27;s UID</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 50]
<span class="list-paths__item__arrow"></span>
input
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
containers[argocd-server]
<span class="list-paths__item__arrow"></span>
securityContext
<span class="list-paths__item__arrow"></span>
runAsUser
</li>
<li class="card__meta__item">
Line number: 32779
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
<h2>Remediation</h2>
<p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container&#x27;s or Pod&#x27;s UID could clash with host&#x27;s UID</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">SNYK-CC-K8S-11</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 51]
<span class="list-paths__item__arrow"></span>
input
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
containers[argocd-application-controller]
<span class="list-paths__item__arrow"></span>
securityContext
<span class="list-paths__item__arrow"></span>
runAsUser
</li>
<li class="card__meta__item">
Line number: 33155
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>UID of the container processes could clash with host&#x27;s UIDs and lead to unintentional authorization bypass</p>
<h2>Remediation</h2>
<p>Set &#x60;securityContext.runAsUser&#x60; value to greater or equal than 10&#x27;000. SecurityContext can be set on both &#x60;pod&#x60; and &#x60;container&#x60; level. If both are set, then the container level takes precedence</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://security.snyk.io/rules/cloud/SNYK-CC-K8S-11">More about this issue</a></p>
</div>
</div><!-- .card -->
</div>
</div>
</main><!-- .layout-stacked__content -->
</body>
</html>
Reference in a new issue View git blame Copy permalink