Elgato_dark/argo-cd
1
0
Fork 0
mirror of https://github.com/argoproj/argo-cd synced 2026-04-21 17:07:16 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 22
argo-cd/docs/snyk/v2.4.7/argocd-iac-install.html
Michael Crenshaw e3940cd2bf
chore: add Snyk scans to docs (#9856) 
* chore: generate Snyk reports

Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>

sarif

Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>

dashboard

Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>

cron job

Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>

more consistent formatting

Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>

clarification

Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>

sarif files

Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>

fix naming, fix doc get text

Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>

apply suggestions

Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>

apply suggestions

Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>

blarn

Signed-off-by: CI <michael@crenshaw.dev>

ignore errors due to vulns

Signed-off-by: CI <michael@crenshaw.dev>

specify target branch in script

Signed-off-by: CI <michael@crenshaw.dev>

don't checkout before running script

Signed-off-by: CI <michael@crenshaw.dev>

make sure dest dir exists

Signed-off-by: CI <michael@crenshaw.dev>

fix workflow

Signed-off-by: CI <michael@crenshaw.dev>

* update scans

Signed-off-by: CI <michael@crenshaw.dev>

* update reports

Signed-off-by: CI <michael@crenshaw.dev>

* use latest ignore rules

Signed-off-by: CI <michael@crenshaw.dev>

* update reports

Signed-off-by: CI <michael@crenshaw.dev>

* update reports

Signed-off-by: CI <michael@crenshaw.dev>

* update reports, add link to latest, push to master instead of stable

Signed-off-by: CI <michael@crenshaw.dev>

* fix for double-digit patch versions

Signed-off-by: CI <michael@crenshaw.dev>

* clean up testing changes

Signed-off-by: CI <michael@crenshaw.dev>
2022-07-27 21:15:00 +00:00

2243 lines
97 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-type" content="text/html; charset=utf-8">
<meta http-equiv="Content-Language" content="en-us">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Snyk test report</title>
<meta name="description" content=" known vulnerabilities found in .">
<base target="_blank">
<link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
sizes="194x194">
<link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
<style type="text/css">
body {
-moz-font-feature-settings: "pnum";
-webkit-font-feature-settings: "pnum";
font-variant-numeric: proportional-nums;
display: flex;
flex-direction: column;
font-feature-settings: "pnum";
font-size: 100%;
line-height: 1.5;
min-height: 100vh;
-webkit-text-size-adjust: 100%;
margin: 0;
padding: 0;
background-color: #F5F5F5;
font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
}
h1,
h2,
h3,
h4,
h5,
h6 {
font-weight: 500;
}
a,
a:link,
a:visited {
border-bottom: 1px solid #4b45a9;
text-decoration: none;
color: #4b45a9;
}
a:hover,
a:focus,
a:active {
border-bottom: 1px solid #4b45a9;
}
hr {
border: none;
margin: 1em 0;
border-top: 1px solid #c5c5c5;
}
ul {
padding: 0 1em;
margin: 1em 0;
}
code {
background-color: #EEE;
color: #333;
padding: 0.25em 0.5em;
border-radius: 0.25em;
}
pre {
background-color: #333;
font-family: monospace;
padding: 0.5em 1em 0.75em;
border-radius: 0.25em;
font-size: 14px;
}
pre code {
padding: 0;
background-color: transparent;
color: #fff;
}
a code {
border-radius: .125rem .125rem 0 0;
padding-bottom: 0;
color: #4b45a9;
}
a[href^="http://"]:after,
a[href^="https://"]:after {
background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
background-repeat: no-repeat;
background-size: .75rem;
content: "";
display: inline-block;
height: .75rem;
margin-left: .25rem;
width: .75rem;
}
/* Layout */
[class*=layout-container] {
margin: 0 auto;
max-width: 71.25em;
padding: 1.9em 1.3em;
position: relative;
}
.layout-container--short {
padding-top: 0;
padding-bottom: 0;
max-width: 48.75em;
}
.layout-container--short:after {
display: block;
content: "";
clear: both;
}
/* Header */
.header {
padding-bottom: 1px;
}
.paths {
margin-left: 8px;
}
.header-wrap {
display: flex;
flex-direction: row;
justify-content: space-between;
padding-top: 2em;
}
.project__header {
background-color: #4b45a9;
color: #fff;
margin-bottom: -1px;
padding-top: 1em;
padding-bottom: 0.25em;
border-bottom: 2px solid #BBB;
}
.project__header__title {
overflow-wrap: break-word;
word-wrap: break-word;
word-break: break-all;
margin-bottom: .1em;
margin-top: 0;
}
.timestamp {
float: right;
clear: none;
margin-bottom: 0;
}
.meta-counts {
clear: both;
display: block;
flex-wrap: wrap;
justify-content: space-between;
margin: 0 0 1.5em;
color: #fff;
clear: both;
font-size: 1.1em;
}
.meta-count {
display: block;
flex-basis: 100%;
margin: 0 1em 1em 0;
float: left;
padding-right: 1em;
border-right: 2px solid #fff;
}
.meta-count:last-child {
border-right: 0;
padding-right: 0;
margin-right: 0;
}
/* Card */
.card {
background-color: #fff;
border: 1px solid #c5c5c5;
border-radius: .25rem;
margin: 0 0 2em 0;
position: relative;
min-height: 40px;
padding: 1.5em;
}
.card .label {
background-color: #767676;
border: 2px solid #767676;
color: white;
padding: 0.25rem 0.75rem;
font-size: 0.875rem;
text-transform: uppercase;
display: inline-block;
margin: 0;
border-radius: 0.25rem;
}
.card .label__text {
vertical-align: text-top;
font-weight: bold;
}
.card .label--critical {
background-color: #AB1A1A;
border-color: #AB1A1A;
}
.card .label--high {
background-color: #CE5019;
border-color: #CE5019;
}
.card .label--medium {
background-color: #D68000;
border-color: #D68000;
}
.card .label--low {
background-color: #88879E;
border-color: #88879E;
}
.severity--low {
border-color: #88879E;
}
.severity--medium {
border-color: #D68000;
}
.severity--high {
border-color: #CE5019;
}
.severity--critical {
border-color: #AB1A1A;
}
.card--vuln {
padding-top: 4em;
}
.card--vuln .label {
left: 0;
position: absolute;
top: 1.1em;
padding-left: 1.9em;
padding-right: 1.9em;
border-radius: 0 0.25rem 0.25rem 0;
}
.card--vuln .card__section h2 {
font-size: 22px;
margin-bottom: 0.5em;
}
.card--vuln .card__section p {
margin: 0 0 0.5em 0;
}
.card--vuln .card__meta {
padding: 0 0 0 1em;
margin: 0;
font-size: 1.1em;
}
.card .card__meta__paths {
font-size: 0.9em;
}
.card--vuln .card__title {
font-size: 28px;
margin-top: 0;
}
.card--vuln .card__cta p {
margin: 0;
text-align: right;
}
.source-panel {
clear: both;
display: flex;
justify-content: flex-start;
flex-direction: column;
align-items: flex-start;
padding: 0.5em 0;
width: fit-content;
}
</style>
<style type="text/css">
.metatable {
text-size-adjust: 100%;
-webkit-font-smoothing: antialiased;
-webkit-box-direction: normal;
color: inherit;
font-feature-settings: "pnum";
box-sizing: border-box;
background: transparent;
border: 0;
font: inherit;
font-size: 100%;
margin: 0;
outline: none;
padding: 0;
text-align: left;
text-decoration: none;
vertical-align: baseline;
z-index: auto;
margin-top: 12px;
border-collapse: collapse;
border-spacing: 0;
font-variant-numeric: tabular-nums;
max-width: 51.75em;
}
tbody {
text-size-adjust: 100%;
-webkit-font-smoothing: antialiased;
-webkit-box-direction: normal;
color: inherit;
font-feature-settings: "pnum";
border-collapse: collapse;
border-spacing: 0;
box-sizing: border-box;
background: transparent;
border: 0;
font: inherit;
font-size: 100%;
margin: 0;
outline: none;
padding: 0;
text-align: left;
text-decoration: none;
vertical-align: baseline;
z-index: auto;
display: flex;
flex-wrap: wrap;
}
.meta-row {
text-size-adjust: 100%;
-webkit-font-smoothing: antialiased;
-webkit-box-direction: normal;
color: inherit;
font-feature-settings: "pnum";
border-collapse: collapse;
border-spacing: 0;
box-sizing: border-box;
background: transparent;
border: 0;
font: inherit;
font-size: 100%;
outline: none;
text-align: left;
text-decoration: none;
vertical-align: baseline;
z-index: auto;
display: flex;
align-items: start;
border-top: 1px solid #d3d3d9;
padding: 8px 0 0 0;
border-bottom: none;
margin: 8px;
width: 47.75%;
}
.meta-row-label {
text-size-adjust: 100%;
-webkit-font-smoothing: antialiased;
-webkit-box-direction: normal;
font-feature-settings: "pnum";
border-collapse: collapse;
border-spacing: 0;
color: #4c4a73;
box-sizing: border-box;
background: transparent;
border: 0;
font: inherit;
margin: 0;
outline: none;
text-decoration: none;
z-index: auto;
align-self: start;
flex: 1;
font-size: 1rem;
line-height: 1.5rem;
padding: 0;
text-align: left;
vertical-align: top;
text-transform: none;
letter-spacing: 0;
}
.meta-row-value {
text-size-adjust: 100%;
-webkit-font-smoothing: antialiased;
-webkit-box-direction: normal;
color: inherit;
font-feature-settings: "pnum";
border-collapse: collapse;
border-spacing: 0;
word-break: break-word;
box-sizing: border-box;
background: transparent;
border: 0;
font: inherit;
font-size: 100%;
margin: 0;
outline: none;
padding: 0;
text-align: right;
text-decoration: none;
vertical-align: baseline;
z-index: auto;
}
</style>
</head>
<body class="section-projects">
<main class="layout-stacked">
<div class="layout-stacked__header header">
<header class="project__header">
<div class="layout-container">
<a class="brand" href="https://snyk.io" title="Snyk">
<svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
<title>Snyk - Open Source Security</title>
<g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
<g fill="#fff">
<path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
</g>
</g>
</svg>
</a>
<div class="header-wrap">
<h1 class="project__header__title">Snyk test report</h1>
<p class="timestamp">July 27th 2022, 3:01:54 pm</p>
</div>
<div class="source-panel">
<span>Scanned the following path:</span>
<ul>
<li class="paths">/private/argo-cd/manifests/install.yaml (Kubernetes)</li>
</ul>
</div>
<div class="meta-counts">
<div class="meta-count"><span>32</span> <span>total issues</span></div>
</div><!-- .meta-counts -->
</div><!-- .layout-container--short -->
</header><!-- .project__header -->
</div><!-- .layout-stacked__header -->
<section class="layout-container">
<table class="metatable">
<tbody>
<tr class="meta-row"><th class="meta-row-label">Project</th> <td class="meta-row-value">manifests/install.yaml</td></tr>
<tr class="meta-row"><th class="meta-row-label">Path</th> <td class="meta-row-value">/private/argo-cd/manifests/install.yaml</td></tr>
<tr class="meta-row"><th class="meta-row-label">Project Type</th> <td class="meta-row-value">Kubernetes</td></tr>
</tbody>
</table>
</section> <div class="layout-container" style="padding-top: 35px;">
<div class="cards--vuln filter--patch filter--ignore">
<div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium">
<h2 class="card__title">Role with dangerous permissions</h2>
<div class="card__section">
<div class="label label--medium">
<span class="label__text">medium severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://snyk.io/security-rules/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 10]
<span class="list-paths__item__arrow"></span>
role
<span class="list-paths__item__arrow"></span>
rules[0]
<span class="list-paths__item__arrow"></span>
resources
</li>
<li class="card__meta__item">
Line number: 9052
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>Using this role grants dangerous permissions</p>
<h2>Remediation</h2>
<p>Consider removing this permissions</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://snyk.io/security-rules/SNYK-CC-K8S-47">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium">
<h2 class="card__title">Role with dangerous permissions</h2>
<div class="card__section">
<div class="label label--medium">
<span class="label__text">medium severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://snyk.io/security-rules/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 11]
<span class="list-paths__item__arrow"></span>
role
<span class="list-paths__item__arrow"></span>
rules[4]
<span class="list-paths__item__arrow"></span>
resources
</li>
<li class="card__meta__item">
Line number: 9091
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>Using this role grants dangerous permissions</p>
<h2>Remediation</h2>
<p>Consider removing this permissions</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://snyk.io/security-rules/SNYK-CC-K8S-47">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium">
<h2 class="card__title">Role with dangerous permissions</h2>
<div class="card__section">
<div class="label label--medium">
<span class="label__text">medium severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://snyk.io/security-rules/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 12]
<span class="list-paths__item__arrow"></span>
role
<span class="list-paths__item__arrow"></span>
rules[0]
<span class="list-paths__item__arrow"></span>
resources
</li>
<li class="card__meta__item">
Line number: 9157
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>Using this role grants dangerous permissions</p>
<h2>Remediation</h2>
<p>Consider removing this permissions</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://snyk.io/security-rules/SNYK-CC-K8S-47">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium">
<h2 class="card__title">Role with dangerous permissions</h2>
<div class="card__section">
<div class="label label--medium">
<span class="label__text">medium severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://snyk.io/security-rules/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 13]
<span class="list-paths__item__arrow"></span>
role
<span class="list-paths__item__arrow"></span>
rules[1]
<span class="list-paths__item__arrow"></span>
resources
</li>
<li class="card__meta__item">
Line number: 9176
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>Using this role grants dangerous permissions</p>
<h2>Remediation</h2>
<p>Consider removing this permissions</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://snyk.io/security-rules/SNYK-CC-K8S-47">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium">
<h2 class="card__title">Role with dangerous permissions</h2>
<div class="card__section">
<div class="label label--medium">
<span class="label__text">medium severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://snyk.io/security-rules/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 13]
<span class="list-paths__item__arrow"></span>
role
<span class="list-paths__item__arrow"></span>
rules[3]
<span class="list-paths__item__arrow"></span>
resources
</li>
<li class="card__meta__item">
Line number: 9176
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>Using this role grants dangerous permissions</p>
<h2>Remediation</h2>
<p>Consider removing this permissions</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://snyk.io/security-rules/SNYK-CC-K8S-47">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--medium" data-snyk-test="medium">
<h2 class="card__title">Role with dangerous permissions</h2>
<div class="card__section">
<div class="label label--medium">
<span class="label__text">medium severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://snyk.io/security-rules/SNYK-CC-K8S-47">SNYK-CC-K8S-47</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 14]
<span class="list-paths__item__arrow"></span>
role
<span class="list-paths__item__arrow"></span>
rules[0]
<span class="list-paths__item__arrow"></span>
resources
</li>
<li class="card__meta__item">
Line number: 9217
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>Using this role grants dangerous permissions</p>
<h2>Remediation</h2>
<p>Consider removing this permissions</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://snyk.io/security-rules/SNYK-CC-K8S-47">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container could be running with outdated image</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://snyk.io/security-rules/SNYK-CC-K8S-42">SNYK-CC-K8S-42</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 46]
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
initContainers[copyutil]
<span class="list-paths__item__arrow"></span>
imagePullPolicy
</li>
<li class="card__meta__item">
Line number: 10101
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>The container may run with outdated or unauthorized image</p>
<h2>Remediation</h2>
<p>Set &#x60;imagePullPolicy&#x60; attribute to &#x60;Always&#x60;</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://snyk.io/security-rules/SNYK-CC-K8S-42">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container has no CPU limit</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://snyk.io/security-rules/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 42]
<span class="list-paths__item__arrow"></span>
input
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
containers[argocd-applicationset-controller]
<span class="list-paths__item__arrow"></span>
resources
<span class="list-paths__item__arrow"></span>
limits
<span class="list-paths__item__arrow"></span>
cpu
</li>
<li class="card__meta__item">
Line number: 9687
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
<h2>Remediation</h2>
<p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://snyk.io/security-rules/SNYK-CC-K8S-5">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container has no CPU limit</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://snyk.io/security-rules/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 43]
<span class="list-paths__item__arrow"></span>
input
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
initContainers[copyutil]
<span class="list-paths__item__arrow"></span>
resources
<span class="list-paths__item__arrow"></span>
limits
<span class="list-paths__item__arrow"></span>
cpu
</li>
<li class="card__meta__item">
Line number: 9787
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
<h2>Remediation</h2>
<p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://snyk.io/security-rules/SNYK-CC-K8S-5">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container has no CPU limit</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://snyk.io/security-rules/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 43]
<span class="list-paths__item__arrow"></span>
input
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
containers[dex]
<span class="list-paths__item__arrow"></span>
resources
<span class="list-paths__item__arrow"></span>
limits
<span class="list-paths__item__arrow"></span>
cpu
</li>
<li class="card__meta__item">
Line number: 9764
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
<h2>Remediation</h2>
<p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://snyk.io/security-rules/SNYK-CC-K8S-5">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container has no CPU limit</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://snyk.io/security-rules/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 44]
<span class="list-paths__item__arrow"></span>
input
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
containers[argocd-notifications-controller]
<span class="list-paths__item__arrow"></span>
resources
<span class="list-paths__item__arrow"></span>
limits
<span class="list-paths__item__arrow"></span>
cpu
</li>
<li class="card__meta__item">
Line number: 9830
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
<h2>Remediation</h2>
<p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://snyk.io/security-rules/SNYK-CC-K8S-5">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container has no CPU limit</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://snyk.io/security-rules/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 45]
<span class="list-paths__item__arrow"></span>
input
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
containers[redis]
<span class="list-paths__item__arrow"></span>
resources
<span class="list-paths__item__arrow"></span>
limits
<span class="list-paths__item__arrow"></span>
cpu
</li>
<li class="card__meta__item">
Line number: 9902
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
<h2>Remediation</h2>
<p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://snyk.io/security-rules/SNYK-CC-K8S-5">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container has no CPU limit</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://snyk.io/security-rules/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 46]
<span class="list-paths__item__arrow"></span>
input
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
initContainers[copyutil]
<span class="list-paths__item__arrow"></span>
resources
<span class="list-paths__item__arrow"></span>
limits
<span class="list-paths__item__arrow"></span>
cpu
</li>
<li class="card__meta__item">
Line number: 10101
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
<h2>Remediation</h2>
<p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://snyk.io/security-rules/SNYK-CC-K8S-5">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container has no CPU limit</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://snyk.io/security-rules/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 46]
<span class="list-paths__item__arrow"></span>
input
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
containers[argocd-repo-server]
<span class="list-paths__item__arrow"></span>
resources
<span class="list-paths__item__arrow"></span>
limits
<span class="list-paths__item__arrow"></span>
cpu
</li>
<li class="card__meta__item">
Line number: 9956
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
<h2>Remediation</h2>
<p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://snyk.io/security-rules/SNYK-CC-K8S-5">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container has no CPU limit</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://snyk.io/security-rules/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 47]
<span class="list-paths__item__arrow"></span>
input
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
containers[argocd-server]
<span class="list-paths__item__arrow"></span>
resources
<span class="list-paths__item__arrow"></span>
limits
<span class="list-paths__item__arrow"></span>
cpu
</li>
<li class="card__meta__item">
Line number: 10184
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
<h2>Remediation</h2>
<p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://snyk.io/security-rules/SNYK-CC-K8S-5">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container has no CPU limit</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://snyk.io/security-rules/SNYK-CC-K8S-5">SNYK-CC-K8S-5</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 48]
<span class="list-paths__item__arrow"></span>
input
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
containers[argocd-application-controller]
<span class="list-paths__item__arrow"></span>
resources
<span class="list-paths__item__arrow"></span>
limits
<span class="list-paths__item__arrow"></span>
cpu
</li>
<li class="card__meta__item">
Line number: 10444
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.</p>
<h2>Remediation</h2>
<p>Add &#x60;resources.limits.cpu&#x60; field with required CPU limit value</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://snyk.io/security-rules/SNYK-CC-K8S-5">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container is running with multiple open ports</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://snyk.io/security-rules/SNYK-CC-K8S-36">SNYK-CC-K8S-36</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 43]
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
containers[dex]
<span class="list-paths__item__arrow"></span>
ports
</li>
<li class="card__meta__item">
Line number: 9771
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>Increases the attack surface of the application and the container.</p>
<h2>Remediation</h2>
<p>Reduce &#x60;ports&#x60; count to 2</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://snyk.io/security-rules/SNYK-CC-K8S-36">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container is running with writable root filesystem</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://snyk.io/security-rules/SNYK-CC-K8S-8">SNYK-CC-K8S-8</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 45]
<span class="list-paths__item__arrow"></span>
input
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
containers[redis]
<span class="list-paths__item__arrow"></span>
securityContext
<span class="list-paths__item__arrow"></span>
readOnlyRootFilesystem
</li>
<li class="card__meta__item">
Line number: 9912
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>Compromised process could abuse writable root filesystem to elevate privileges</p>
<h2>Remediation</h2>
<p>Set &#x60;securityContext.readOnlyRootFilesystem&#x60; to &#x60;true&#x60;</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://snyk.io/security-rules/SNYK-CC-K8S-8">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container is running without liveness probe</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://snyk.io/security-rules/SNYK-CC-K8S-41">SNYK-CC-K8S-41</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 42]
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
containers[argocd-applicationset-controller]
<span class="list-paths__item__arrow"></span>
livenessProbe
</li>
<li class="card__meta__item">
Line number: 9687
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods</p>
<h2>Remediation</h2>
<p>Add &#x60;livenessProbe&#x60; attribute</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://snyk.io/security-rules/SNYK-CC-K8S-41">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container is running without liveness probe</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://snyk.io/security-rules/SNYK-CC-K8S-41">SNYK-CC-K8S-41</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 43]
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
containers[dex]
<span class="list-paths__item__arrow"></span>
livenessProbe
</li>
<li class="card__meta__item">
Line number: 9764
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods</p>
<h2>Remediation</h2>
<p>Add &#x60;livenessProbe&#x60; attribute</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://snyk.io/security-rules/SNYK-CC-K8S-41">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container is running without liveness probe</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://snyk.io/security-rules/SNYK-CC-K8S-41">SNYK-CC-K8S-41</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 43]
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
initContainers[copyutil]
<span class="list-paths__item__arrow"></span>
livenessProbe
</li>
<li class="card__meta__item">
Line number: 9787
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods</p>
<h2>Remediation</h2>
<p>Add &#x60;livenessProbe&#x60; attribute</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://snyk.io/security-rules/SNYK-CC-K8S-41">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container is running without liveness probe</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://snyk.io/security-rules/SNYK-CC-K8S-41">SNYK-CC-K8S-41</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 45]
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
containers[redis]
<span class="list-paths__item__arrow"></span>
livenessProbe
</li>
<li class="card__meta__item">
Line number: 9902
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods</p>
<h2>Remediation</h2>
<p>Add &#x60;livenessProbe&#x60; attribute</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://snyk.io/security-rules/SNYK-CC-K8S-41">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container is running without liveness probe</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://snyk.io/security-rules/SNYK-CC-K8S-41">SNYK-CC-K8S-41</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 46]
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
initContainers[copyutil]
<span class="list-paths__item__arrow"></span>
livenessProbe
</li>
<li class="card__meta__item">
Line number: 10101
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods</p>
<h2>Remediation</h2>
<p>Add &#x60;livenessProbe&#x60; attribute</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://snyk.io/security-rules/SNYK-CC-K8S-41">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container is running without memory limit</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://snyk.io/security-rules/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 42]
<span class="list-paths__item__arrow"></span>
input
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
containers[argocd-applicationset-controller]
<span class="list-paths__item__arrow"></span>
resources
<span class="list-paths__item__arrow"></span>
limits
<span class="list-paths__item__arrow"></span>
memory
</li>
<li class="card__meta__item">
Line number: 9687
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
<h2>Remediation</h2>
<p>Set &#x60;resources.limits.memory&#x60; value</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://snyk.io/security-rules/SNYK-CC-K8S-4">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container is running without memory limit</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://snyk.io/security-rules/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 43]
<span class="list-paths__item__arrow"></span>
input
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
containers[dex]
<span class="list-paths__item__arrow"></span>
resources
<span class="list-paths__item__arrow"></span>
limits
<span class="list-paths__item__arrow"></span>
memory
</li>
<li class="card__meta__item">
Line number: 9764
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
<h2>Remediation</h2>
<p>Set &#x60;resources.limits.memory&#x60; value</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://snyk.io/security-rules/SNYK-CC-K8S-4">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container is running without memory limit</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://snyk.io/security-rules/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 43]
<span class="list-paths__item__arrow"></span>
input
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
initContainers[copyutil]
<span class="list-paths__item__arrow"></span>
resources
<span class="list-paths__item__arrow"></span>
limits
<span class="list-paths__item__arrow"></span>
memory
</li>
<li class="card__meta__item">
Line number: 9787
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
<h2>Remediation</h2>
<p>Set &#x60;resources.limits.memory&#x60; value</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://snyk.io/security-rules/SNYK-CC-K8S-4">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container is running without memory limit</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://snyk.io/security-rules/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 44]
<span class="list-paths__item__arrow"></span>
input
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
containers[argocd-notifications-controller]
<span class="list-paths__item__arrow"></span>
resources
<span class="list-paths__item__arrow"></span>
limits
<span class="list-paths__item__arrow"></span>
memory
</li>
<li class="card__meta__item">
Line number: 9830
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
<h2>Remediation</h2>
<p>Set &#x60;resources.limits.memory&#x60; value</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://snyk.io/security-rules/SNYK-CC-K8S-4">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container is running without memory limit</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://snyk.io/security-rules/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 45]
<span class="list-paths__item__arrow"></span>
input
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
containers[redis]
<span class="list-paths__item__arrow"></span>
resources
<span class="list-paths__item__arrow"></span>
limits
<span class="list-paths__item__arrow"></span>
memory
</li>
<li class="card__meta__item">
Line number: 9902
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
<h2>Remediation</h2>
<p>Set &#x60;resources.limits.memory&#x60; value</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://snyk.io/security-rules/SNYK-CC-K8S-4">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container is running without memory limit</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://snyk.io/security-rules/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 46]
<span class="list-paths__item__arrow"></span>
input
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
initContainers[copyutil]
<span class="list-paths__item__arrow"></span>
resources
<span class="list-paths__item__arrow"></span>
limits
<span class="list-paths__item__arrow"></span>
memory
</li>
<li class="card__meta__item">
Line number: 10101
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
<h2>Remediation</h2>
<p>Set &#x60;resources.limits.memory&#x60; value</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://snyk.io/security-rules/SNYK-CC-K8S-4">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container is running without memory limit</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://snyk.io/security-rules/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 46]
<span class="list-paths__item__arrow"></span>
input
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
containers[argocd-repo-server]
<span class="list-paths__item__arrow"></span>
resources
<span class="list-paths__item__arrow"></span>
limits
<span class="list-paths__item__arrow"></span>
memory
</li>
<li class="card__meta__item">
Line number: 9956
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
<h2>Remediation</h2>
<p>Set &#x60;resources.limits.memory&#x60; value</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://snyk.io/security-rules/SNYK-CC-K8S-4">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container is running without memory limit</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://snyk.io/security-rules/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 47]
<span class="list-paths__item__arrow"></span>
input
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
containers[argocd-server]
<span class="list-paths__item__arrow"></span>
resources
<span class="list-paths__item__arrow"></span>
limits
<span class="list-paths__item__arrow"></span>
memory
</li>
<li class="card__meta__item">
Line number: 10184
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
<h2>Remediation</h2>
<p>Set &#x60;resources.limits.memory&#x60; value</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://snyk.io/security-rules/SNYK-CC-K8S-4">More about this issue</a></p>
</div>
</div><!-- .card -->
<div class="card card--vuln disclosure--not-new severity--low" data-snyk-test="low">
<h2 class="card__title">Container is running without memory limit</h2>
<div class="card__section">
<div class="label label--low">
<span class="label__text">low severity</span>
</div>
<hr/>
<ul class="card__meta">
<li class="card__meta__item">
Public ID: <a href="https://snyk.io/security-rules/SNYK-CC-K8S-4">SNYK-CC-K8S-4</a>
</li>
<li class="card__meta__item">Introduced through:
[DocId: 48]
<span class="list-paths__item__arrow"></span>
input
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
template
<span class="list-paths__item__arrow"></span>
spec
<span class="list-paths__item__arrow"></span>
containers[argocd-application-controller]
<span class="list-paths__item__arrow"></span>
resources
<span class="list-paths__item__arrow"></span>
limits
<span class="list-paths__item__arrow"></span>
memory
</li>
<li class="card__meta__item">
Line number: 10444
</li>
</ul>
<hr/>
<h2>Impact</h2>
<p>Containers without memory limits are more likely to be terminated when the node runs out of memory</p>
<h2>Remediation</h2>
<p>Set &#x60;resources.limits.memory&#x60; value</p>
<hr/>
</div><!-- .card__section -->
<div class="cta card__cta">
<p><a href="https://snyk.io/security-rules/SNYK-CC-K8S-4">More about this issue</a></p>
</div>
</div><!-- .card -->
</div>
</div>
</main><!-- .layout-stacked__content -->
</body>
</html>
Reference in a new issue View git blame Copy permalink