mirror of
https://github.com/aquasecurity/trivy.git
synced 2025-12-13 00:00:19 -08:00
chore(deps): Bump trivy-checks (#7819)
This commit is contained in:
simar7
8
go.mod
8
go.mod
@@ -25,7 +25,7 @@ require (
|
||||
github.com/aquasecurity/table v1.8.0
|
||||
github.com/aquasecurity/testdocker v0.0.0-20240730042311-4642e94c7fc8
|
||||
github.com/aquasecurity/tml v0.6.1
|
||||
github.com/aquasecurity/trivy-checks v1.1.0
|
||||
github.com/aquasecurity/trivy-checks v1.2.2
|
||||
github.com/aquasecurity/trivy-db v0.0.0-20240910133327-7e0f4d2ed4c1
|
||||
github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48
|
||||
github.com/aquasecurity/trivy-kubernetes v0.6.7-0.20241029051843-2606b7e0f0b4
|
||||
@@ -124,7 +124,7 @@ require (
|
||||
golang.org/x/mod v0.21.0
|
||||
golang.org/x/net v0.29.0
|
||||
golang.org/x/sync v0.8.0
|
||||
golang.org/x/term v0.24.0
|
||||
golang.org/x/term v0.25.0
|
||||
golang.org/x/text v0.18.0
|
||||
golang.org/x/vuln v1.1.3
|
||||
golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028
|
||||
@@ -385,7 +385,7 @@ require (
|
||||
go.uber.org/multierr v1.11.0 // indirect
|
||||
go.uber.org/zap v1.27.0 // indirect
|
||||
golang.org/x/oauth2 v0.21.0 // indirect
|
||||
golang.org/x/sys v0.25.0 // indirect
|
||||
golang.org/x/sys v0.26.0 // indirect
|
||||
golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7 // indirect
|
||||
golang.org/x/time v0.6.0 // indirect
|
||||
golang.org/x/tools v0.24.0 // indirect
|
||||
@@ -416,7 +416,7 @@ require (
|
||||
modernc.org/memory v1.8.0 // indirect
|
||||
modernc.org/strutil v1.2.0 // indirect
|
||||
modernc.org/token v1.1.0 // indirect
|
||||
mvdan.cc/sh/v3 v3.8.0 // indirect
|
||||
mvdan.cc/sh/v3 v3.10.0 // indirect
|
||||
oras.land/oras-go v1.2.5 // indirect
|
||||
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
|
||||
sigs.k8s.io/kustomize/api v0.17.2 // indirect
|
||||
|
||||
26
go.sum
26
go.sum
@@ -349,8 +349,8 @@ github.com/aquasecurity/testdocker v0.0.0-20240730042311-4642e94c7fc8 h1:b43UVqY
|
||||
github.com/aquasecurity/testdocker v0.0.0-20240730042311-4642e94c7fc8/go.mod h1:wXA9k3uuaxY3yu7gxrxZDPo/04FEMJtwyecdAlYrEIo=
|
||||
github.com/aquasecurity/tml v0.6.1 h1:y2ZlGSfrhnn7t4ZJ/0rotuH+v5Jgv6BDDO5jB6A9gwo=
|
||||
github.com/aquasecurity/tml v0.6.1/go.mod h1:OnYMWY5lvI9ejU7yH9LCberWaaTBW7hBFsITiIMY2yY=
|
||||
github.com/aquasecurity/trivy-checks v1.1.0 h1:I0tVOK8dG/KHrWsqfGNYp2uD/i0f+yS7Je31F+LIUqQ=
|
||||
github.com/aquasecurity/trivy-checks v1.1.0/go.mod h1:tVzhU0gajD3GmxKPLn/BHR8ZeUquc5ajQTmAsi0kCCU=
|
||||
github.com/aquasecurity/trivy-checks v1.2.2 h1:EVHi0gthYzDLfqdAqBBwVGfg2l/gdZ622pIlC9rP+lU=
|
||||
github.com/aquasecurity/trivy-checks v1.2.2/go.mod h1:TNV0QNVFyBIkt865eO2PtfpubmHt3Ve19Klny//SWIU=
|
||||
github.com/aquasecurity/trivy-db v0.0.0-20240910133327-7e0f4d2ed4c1 h1:G0gnacAORRUqz2Tm5MqivSpldY2GZ74ijhJcMsae+sA=
|
||||
github.com/aquasecurity/trivy-db v0.0.0-20240910133327-7e0f4d2ed4c1/go.mod h1:PYkSRx4dlgFATEt+okGwibvbxVEtqsOdH+vX/saACYE=
|
||||
github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48 h1:JVgBIuIYbwG+ekC5lUHUpGJboPYiCcxiz06RCtz8neI=
|
||||
@@ -510,8 +510,8 @@ github.com/cpuguy83/dockercfg v0.3.1/go.mod h1:sugsbF4//dDlL/i+S+rtpIWp+5h0BHJHf
|
||||
github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
|
||||
github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4=
|
||||
github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
|
||||
github.com/creack/pty v1.1.21 h1:1/QdRyBaHHJP61QkWMXlOIBfsgdDeeKfK8SYVUWJKf0=
|
||||
github.com/creack/pty v1.1.21/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
|
||||
github.com/creack/pty v1.1.23 h1:4M6+isWdcStXEf15G/RbrMPOQj1dZ7HPZCGwE4kOeP0=
|
||||
github.com/creack/pty v1.1.23/go.mod h1:08sCNb52WyoAwi2QDyzUCTgcvVFhUzewun7wtTfvcwE=
|
||||
github.com/csaf-poc/csaf_distribution/v3 v3.0.0 h1:ob9+Fmpff0YWgTP3dYaw7G2hKQ9cegh9l3zksc+q3sM=
|
||||
github.com/csaf-poc/csaf_distribution/v3 v3.0.0/go.mod h1:uilCTiNKivq+6zrDvjtZaUeLk70oe21iwKivo6ILwlQ=
|
||||
github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46 h1:2Dx4IHfC1yHWI12AxQDJM1QbRCDfk6M+blLzlZCXdrc=
|
||||
@@ -683,6 +683,8 @@ github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91
|
||||
github.com/go-playground/validator/v10 v10.4.1/go.mod h1:nlOn6nFhuKACm19sB/8EGNn9GlaMV7XkbRSipzJ0Ii4=
|
||||
github.com/go-playground/validator/v10 v10.18.0 h1:BvolUXjp4zuvkZ5YN5t7ebzbhlUtPsPm2S9NAZ5nl9U=
|
||||
github.com/go-playground/validator/v10 v10.18.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM=
|
||||
github.com/go-quicktest/qt v1.101.0 h1:O1K29Txy5P2OK0dGo59b7b0LR6wKfIhttaAhHUyn7eI=
|
||||
github.com/go-quicktest/qt v1.101.0/go.mod h1:14Bz/f7NwaXPtdYEgzsx46kqSxVwTbzVZsDC26tQJow=
|
||||
github.com/go-redis/redis/v8 v8.11.5 h1:AcZZR7igkdvfVmQTPnu9WE37LRrO/YrBH5zWyjDC0oI=
|
||||
github.com/go-redis/redis/v8 v8.11.5/go.mod h1:gREzHqY1hg6oD9ngVRbLStwAWKhA0FEgq8Jd4h5lpwo=
|
||||
github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y=
|
||||
@@ -1204,8 +1206,8 @@ github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis=
|
||||
github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
|
||||
github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
|
||||
github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
|
||||
github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
|
||||
github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
|
||||
github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
|
||||
github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
|
||||
github.com/rubenv/sql-migrate v1.7.0 h1:HtQq1xyTN2ISmQDggnh0c9U3JlP8apWh8YO2jzlXpTI=
|
||||
github.com/rubenv/sql-migrate v1.7.0/go.mod h1:S4wtDEG1CKn+0ShpTtzWhFpHHI5PvCUtiGI+C+Z2THE=
|
||||
github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
|
||||
@@ -1703,8 +1705,8 @@ golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||
golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||
golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34=
|
||||
golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||
golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
|
||||
golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||
golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7 h1:FemxDzfMUcK2f3YY4H+05K9CDzbSVr2+q/JKN45pey0=
|
||||
golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7/go.mod h1:pRgIJT+bRLFKnoM1ldnzKoxTIn14Yxz928LQRYYgIN0=
|
||||
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||
@@ -1715,8 +1717,8 @@ golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
|
||||
golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
|
||||
golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
|
||||
golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY=
|
||||
golang.org/x/term v0.24.0 h1:Mh5cbb+Zk2hqqXNO7S1iTjEphVL+jb8ZWaqh/g+JWkM=
|
||||
golang.org/x/term v0.24.0/go.mod h1:lOBK/LVxemqiMij05LGJ0tzNr8xlmwBRJ81PX6wVLH8=
|
||||
golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24=
|
||||
golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M=
|
||||
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
@@ -2124,8 +2126,8 @@ modernc.org/strutil v1.2.0 h1:agBi9dp1I+eOnxXeiZawM8F4LawKv4NzGWSaLfyeNZA=
|
||||
modernc.org/strutil v1.2.0/go.mod h1:/mdcBmfOibveCTBxUl5B5l6W+TTH1FXPLHZE6bTosX0=
|
||||
modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y=
|
||||
modernc.org/token v1.1.0/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM=
|
||||
mvdan.cc/sh/v3 v3.8.0 h1:ZxuJipLZwr/HLbASonmXtcvvC9HXY9d2lXZHnKGjFc8=
|
||||
mvdan.cc/sh/v3 v3.8.0/go.mod h1:w04623xkgBVo7/IUK89E0g8hBykgEpN0vgOj3RJr6MY=
|
||||
mvdan.cc/sh/v3 v3.10.0 h1:v9z7N1DLZ7owyLM/SXZQkBSXcwr2IGMm2LY2pmhVXj4=
|
||||
mvdan.cc/sh/v3 v3.10.0/go.mod h1:z/mSSVyLFGZzqb3ZIKojjyqIx/xbmz/UHdCSv9HmqXY=
|
||||
oras.land/oras-go v1.2.5 h1:XpYuAwAb0DfQsunIyMfeET92emK8km3W4yEzZvUbsTo=
|
||||
oras.land/oras-go v1.2.5/go.mod h1:PuAwRShRZCsZb7g8Ar3jKKQR/2A/qN+pkYxIOd/FAoo=
|
||||
rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
|
||||
|
||||
@@ -300,15 +300,6 @@ func TestRepository(t *testing.T) {
|
||||
},
|
||||
golden: "testdata/dockerfile_file_pattern.json.golden",
|
||||
},
|
||||
{
|
||||
name: "dockerfile with rule exception",
|
||||
args: args{
|
||||
scanner: types.MisconfigScanner,
|
||||
policyPaths: []string{"testdata/fixtures/repo/rule-exception/policy"},
|
||||
input: "testdata/fixtures/repo/rule-exception",
|
||||
},
|
||||
golden: "testdata/dockerfile-rule-exception.json.golden",
|
||||
},
|
||||
{
|
||||
name: "dockerfile with custom policies",
|
||||
args: args{
|
||||
|
||||
@@ -21,7 +21,7 @@
|
||||
"Class": "config",
|
||||
"Type": "dockerfile",
|
||||
"MisconfSummary": {
|
||||
"Successes": 27,
|
||||
"Successes": 28,
|
||||
"Failures": 2
|
||||
},
|
||||
"Misconfigurations": [
|
||||
|
||||
@@ -1,57 +0,0 @@
|
||||
{
|
||||
"SchemaVersion": 2,
|
||||
"CreatedAt": "2021-08-25T12:20:30.000000005Z",
|
||||
"ArtifactName": "testdata/fixtures/repo/rule-exception",
|
||||
"ArtifactType": "repository",
|
||||
"Metadata": {
|
||||
"ImageConfig": {
|
||||
"architecture": "",
|
||||
"created": "0001-01-01T00:00:00Z",
|
||||
"os": "",
|
||||
"rootfs": {
|
||||
"type": "",
|
||||
"diff_ids": null
|
||||
},
|
||||
"config": {}
|
||||
}
|
||||
},
|
||||
"Results": [
|
||||
{
|
||||
"Target": "Dockerfile",
|
||||
"Class": "config",
|
||||
"Type": "dockerfile",
|
||||
"MisconfSummary": {
|
||||
"Successes": 26,
|
||||
"Failures": 1
|
||||
},
|
||||
"Misconfigurations": [
|
||||
{
|
||||
"Type": "Dockerfile Security Check",
|
||||
"ID": "DS002",
|
||||
"AVDID": "AVD-DS-0002",
|
||||
"Title": "Image user should not be 'root'",
|
||||
"Description": "Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile.",
|
||||
"Message": "Specify at least 1 USER command in Dockerfile with non-root user as argument",
|
||||
"Namespace": "builtin.dockerfile.DS002",
|
||||
"Query": "data.builtin.dockerfile.DS002.deny",
|
||||
"Resolution": "Add 'USER \u003cnon root user name\u003e' line to the Dockerfile",
|
||||
"Severity": "HIGH",
|
||||
"PrimaryURL": "https://avd.aquasec.com/misconfig/ds002",
|
||||
"References": [
|
||||
"https://docs.docker.com/develop/develop-images/dockerfile_best-practices/",
|
||||
"https://avd.aquasec.com/misconfig/ds002"
|
||||
],
|
||||
"Status": "FAIL",
|
||||
"Layer": {},
|
||||
"CauseMetadata": {
|
||||
"Provider": "Dockerfile",
|
||||
"Service": "general",
|
||||
"Code": {
|
||||
"Lines": null
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
2
integration/testdata/dockerfile.json.golden
vendored
2
integration/testdata/dockerfile.json.golden
vendored
@@ -21,7 +21,7 @@
|
||||
"Class": "config",
|
||||
"Type": "dockerfile",
|
||||
"MisconfSummary": {
|
||||
"Successes": 26,
|
||||
"Successes": 27,
|
||||
"Failures": 1
|
||||
},
|
||||
"Misconfigurations": [
|
||||
|
||||
@@ -21,7 +21,7 @@
|
||||
"Class": "config",
|
||||
"Type": "dockerfile",
|
||||
"MisconfSummary": {
|
||||
"Successes": 26,
|
||||
"Successes": 27,
|
||||
"Failures": 1
|
||||
},
|
||||
"Misconfigurations": [
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
FROM alpine:3.13
|
||||
LABEL user.root="allow"
|
||||
|
||||
HEALTHCHECK NONE
|
||||
@@ -1,15 +0,0 @@
|
||||
package builtin.dockerfile.DS002
|
||||
|
||||
exception[rules] {
|
||||
instruction := input.stages[_][_]
|
||||
instruction.Cmd == "label"
|
||||
|
||||
key := instruction.Value[i]
|
||||
i % 2 == 0
|
||||
key == "user.root"
|
||||
|
||||
value := instruction.Value[plus(i, 1)]
|
||||
value == "\"allow\""
|
||||
|
||||
rules = [""]
|
||||
}
|
||||
5
integration/testdata/helm.json.golden
vendored
5
integration/testdata/helm.json.golden
vendored
@@ -21,7 +21,7 @@
|
||||
"Class": "config",
|
||||
"Type": "helm",
|
||||
"MisconfSummary": {
|
||||
"Successes": 80,
|
||||
"Successes": 79,
|
||||
"Failures": 14
|
||||
},
|
||||
"Misconfigurations": [
|
||||
@@ -889,10 +889,11 @@
|
||||
"Namespace": "builtin.kubernetes.KSV117",
|
||||
"Query": "data.builtin.kubernetes.KSV117.deny",
|
||||
"Resolution": "Do not map the container ports to privileged host ports when starting a container.",
|
||||
"Severity": "HIGH",
|
||||
"Severity": "MEDIUM",
|
||||
"PrimaryURL": "https://avd.aquasec.com/misconfig/ksv117",
|
||||
"References": [
|
||||
"https://kubernetes.io/docs/concepts/security/pod-security-standards/",
|
||||
"https://www.stigviewer.com/stig/kubernetes/2022-12-02/finding/V-242414",
|
||||
"https://avd.aquasec.com/misconfig/ksv117"
|
||||
],
|
||||
"Status": "FAIL",
|
||||
|
||||
@@ -21,7 +21,7 @@
|
||||
"Class": "config",
|
||||
"Type": "helm",
|
||||
"MisconfSummary": {
|
||||
"Successes": 90,
|
||||
"Successes": 89,
|
||||
"Failures": 4
|
||||
},
|
||||
"Misconfigurations": [
|
||||
@@ -317,10 +317,11 @@
|
||||
"Namespace": "builtin.kubernetes.KSV117",
|
||||
"Query": "data.builtin.kubernetes.KSV117.deny",
|
||||
"Resolution": "Do not map the container ports to privileged host ports when starting a container.",
|
||||
"Severity": "HIGH",
|
||||
"Severity": "MEDIUM",
|
||||
"PrimaryURL": "https://avd.aquasec.com/misconfig/ksv117",
|
||||
"References": [
|
||||
"https://kubernetes.io/docs/concepts/security/pod-security-standards/",
|
||||
"https://www.stigviewer.com/stig/kubernetes/2022-12-02/finding/V-242414",
|
||||
"https://avd.aquasec.com/misconfig/ksv117"
|
||||
],
|
||||
"Status": "FAIL",
|
||||
@@ -340,7 +341,7 @@
|
||||
"Class": "config",
|
||||
"Type": "helm",
|
||||
"MisconfSummary": {
|
||||
"Successes": 61,
|
||||
"Successes": 60,
|
||||
"Failures": 0
|
||||
}
|
||||
},
|
||||
@@ -349,7 +350,7 @@
|
||||
"Class": "config",
|
||||
"Type": "helm",
|
||||
"MisconfSummary": {
|
||||
"Successes": 60,
|
||||
"Successes": 59,
|
||||
"Failures": 0
|
||||
}
|
||||
}
|
||||
|
||||
@@ -21,7 +21,7 @@
|
||||
"Class": "config",
|
||||
"Type": "helm",
|
||||
"MisconfSummary": {
|
||||
"Successes": 88,
|
||||
"Successes": 87,
|
||||
"Failures": 6
|
||||
},
|
||||
"Misconfigurations": [
|
||||
@@ -544,10 +544,11 @@
|
||||
"Namespace": "builtin.kubernetes.KSV117",
|
||||
"Query": "data.builtin.kubernetes.KSV117.deny",
|
||||
"Resolution": "Do not map the container ports to privileged host ports when starting a container.",
|
||||
"Severity": "HIGH",
|
||||
"Severity": "MEDIUM",
|
||||
"PrimaryURL": "https://avd.aquasec.com/misconfig/ksv117",
|
||||
"References": [
|
||||
"https://kubernetes.io/docs/concepts/security/pod-security-standards/",
|
||||
"https://www.stigviewer.com/stig/kubernetes/2022-12-02/finding/V-242414",
|
||||
"https://avd.aquasec.com/misconfig/ksv117"
|
||||
],
|
||||
"Status": "FAIL",
|
||||
@@ -567,7 +568,7 @@
|
||||
"Class": "config",
|
||||
"Type": "helm",
|
||||
"MisconfSummary": {
|
||||
"Successes": 61,
|
||||
"Successes": 60,
|
||||
"Failures": 0
|
||||
}
|
||||
},
|
||||
@@ -576,7 +577,7 @@
|
||||
"Class": "config",
|
||||
"Type": "helm",
|
||||
"MisconfSummary": {
|
||||
"Successes": 60,
|
||||
"Successes": 59,
|
||||
"Failures": 0
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user