Commit released Helm Chart and docs for TrueCharts
Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
This commit is contained in:
parent
33cc9ee86f
commit
4e89e852c4
|
@ -1,6 +1,15 @@
|
|||
# Changelog<br>
|
||||
|
||||
|
||||
<a name="smokeping-1.0.37"></a>
|
||||
### [smokeping-1.0.37](https://github.com/truecharts/apps/compare/smokeping-1.0.36...smokeping-1.0.37) (2022-01-23)
|
||||
|
||||
#### Fix
|
||||
|
||||
* Allow priviledge escalation ([#1769](https://github.com/truecharts/apps/issues/1769))
|
||||
|
||||
|
||||
|
||||
<a name="smokeping-1.0.36"></a>
|
||||
### [smokeping-1.0.36](https://github.com/truecharts/apps/compare/smokeping-1.0.35...smokeping-1.0.36) (2022-01-22)
|
||||
|
||||
|
|
|
@ -21,6 +21,7 @@ You will, however, be able to use all values referenced in the common chart here
|
|||
| persistence.data.mountPath | string | `"/data"` | |
|
||||
| podSecurityContext.runAsGroup | int | `0` | |
|
||||
| podSecurityContext.runAsUser | int | `0` | |
|
||||
| securityContext.allowPrivilegeEscalation | bool | `true` | |
|
||||
| securityContext.readOnlyRootFilesystem | bool | `false` | |
|
||||
| securityContext.runAsNonRoot | bool | `false` | |
|
||||
| service.main.ports.main.port | int | `10030` | |
|
||||
|
|
|
@ -17,6 +17,7 @@ hide:
|
|||
|
||||
| Type | Misconfiguration ID | Check | Severity | Explaination | Links |
|
||||
|:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------|
|
||||
| Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM | <details><summary>Expand...</summary> A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node. <br> <hr> <br> Container 'RELEASE-NAME-smokeping' of Deployment 'RELEASE-NAME-smokeping' should set 'securityContext.allowPrivilegeEscalation' to false </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv001">https://avd.aquasec.com/appshield/ksv001</a><br></details> |
|
||||
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | <details><summary>Expand...</summary> The container should drop all default capabilities and add only those that are needed for its execution. <br> <hr> <br> Container 'RELEASE-NAME-smokeping' of Deployment 'RELEASE-NAME-smokeping' should add 'ALL' to 'securityContext.capabilities.drop' </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/">https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/</a><br><a href="https://avd.aquasec.com/appshield/ksv003">https://avd.aquasec.com/appshield/ksv003</a><br></details> |
|
||||
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container 'RELEASE-NAME-smokeping' of Deployment 'RELEASE-NAME-smokeping' should set 'securityContext.runAsNonRoot' to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
|
||||
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container 'autopermissions' of Deployment 'RELEASE-NAME-smokeping' should set 'securityContext.runAsNonRoot' to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
|
||||
|
|
|
@ -12,9 +12,9 @@ hide:
|
|||
##### Scan Results
|
||||
|
||||
#### Chart Object: airdcpp-webclient/templates/common.yaml
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
| Type | Misconfiguration ID | Check | Severity | Explaination | Links |
|
||||
|:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------|
|
||||
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | <details><summary>Expand...</summary> The container should drop all default capabilities and add only those that are needed for its execution. <br> <hr> <br> Container 'RELEASE-NAME-airdcpp-webclient' of Deployment 'RELEASE-NAME-airdcpp-webclient' should add 'ALL' to 'securityContext.capabilities.drop' </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/">https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/</a><br><a href="https://avd.aquasec.com/appshield/ksv003">https://avd.aquasec.com/appshield/ksv003</a><br></details> |
|
||||
|
@ -37,11 +37,11 @@ hide:
|
|||
|
||||
|
||||
#### Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2)
|
||||
|
||||
|
||||
|
||||
**alpine**
|
||||
|
||||
|
||||
|
||||
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|
||||
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
|
||||
| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
|
||||
|
@ -69,11 +69,11 @@ hide:
|
|||
|
||||
|
||||
#### Container: tccr.io/truecharts/airdcpp-webclient:v2.11.2@sha256:9dfc8d1ca4ff738c9586c902eaf3dc92d914412e5a8f3ec9a5002633a58d7a35 (debian 11.0)
|
||||
|
||||
|
||||
|
||||
**debian**
|
||||
|
||||
|
||||
|
||||
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|
||||
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
|
||||
| apt | CVE-2011-3374 | LOW | 2.2.4 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/cve-2011-3374">https://access.redhat.com/security/cve/cve-2011-3374</a><br><a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480</a><br><a href="https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html">https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html</a><br><a href="https://seclists.org/fulldisclosure/2011/Sep/221">https://seclists.org/fulldisclosure/2011/Sep/221</a><br><a href="https://security-tracker.debian.org/tracker/CVE-2011-3374">https://security-tracker.debian.org/tracker/CVE-2011-3374</a><br><a href="https://snyk.io/vuln/SNYK-LINUX-APT-116518">https://snyk.io/vuln/SNYK-LINUX-APT-116518</a><br><a href="https://ubuntu.com/security/CVE-2011-3374">https://ubuntu.com/security/CVE-2011-3374</a><br></details> |
|
||||
|
@ -220,4 +220,3 @@ hide:
|
|||
| python3.9-minimal | CVE-2021-4189 | MEDIUM | 3.9.2-1 | | <details><summary>Expand...</summary><a href="https://bugs.python.org/issue43285">https://bugs.python.org/issue43285</a><br></details> |
|
||||
| python3.9-minimal | CVE-2020-27619 | LOW | 3.9.2-1 | | <details><summary>Expand...</summary><a href="https://bugs.python.org/issue41944">https://bugs.python.org/issue41944</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27619">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27619</a><br><a href="https://github.com/python/cpython/commit/2ef5caa58febc8968e670e39e3d37cf8eef3cab8">https://github.com/python/cpython/commit/2ef5caa58febc8968e670e39e3d37cf8eef3cab8</a><br><a href="https://github.com/python/cpython/commit/43e523103886af66d6c27cd72431b5d9d14cd2a9">https://github.com/python/cpython/commit/43e523103886af66d6c27cd72431b5d9d14cd2a9</a><br><a href="https://github.com/python/cpython/commit/6c6c256df3636ff6f6136820afaefa5a10a3ac33">https://github.com/python/cpython/commit/6c6c256df3636ff6f6136820afaefa5a10a3ac33</a><br><a href="https://github.com/python/cpython/commit/b664a1df4ee71d3760ab937653b10997081b1794">https://github.com/python/cpython/commit/b664a1df4ee71d3760ab937653b10997081b1794</a><br><a href="https://github.com/python/cpython/commit/e912e945f2960029d039d3390ea08835ad39374b">https://github.com/python/cpython/commit/e912e945f2960029d039d3390ea08835ad39374b</a><br><a href="https://linux.oracle.com/cve/CVE-2020-27619.html">https://linux.oracle.com/cve/CVE-2020-27619.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4151.html">https://linux.oracle.com/errata/ELSA-2021-4151.html</a><br><a href="https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E">https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E">https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/</a><br><a href="https://security.netapp.com/advisory/ntap-20201123-0004/">https://security.netapp.com/advisory/ntap-20201123-0004/</a><br><a href="https://ubuntu.com/security/notices/USN-4754-1">https://ubuntu.com/security/notices/USN-4754-1</a><br><a href="https://ubuntu.com/security/notices/USN-4754-3">https://ubuntu.com/security/notices/USN-4754-3</a><br></details> |
|
||||
| tar | CVE-2005-2541 | LOW | 1.34+dfsg-1 | | <details><summary>Expand...</summary><a href="http://marc.info/?l=bugtraq&m=112327628230258&w=2">http://marc.info/?l=bugtraq&m=112327628230258&w=2</a><br><a href="https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E">https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E</a><br></details> |
|
||||
|
||||
|
|
|
@ -1,6 +1,15 @@
|
|||
# Changelog<br>
|
||||
|
||||
|
||||
<a name="smokeping-1.0.37"></a>
|
||||
### [smokeping-1.0.37](https://github.com/truecharts/apps/compare/smokeping-1.0.36...smokeping-1.0.37) (2022-01-23)
|
||||
|
||||
#### Fix
|
||||
|
||||
* Allow priviledge escalation ([#1769](https://github.com/truecharts/apps/issues/1769))
|
||||
|
||||
|
||||
|
||||
<a name="smokeping-1.0.36"></a>
|
||||
### [smokeping-1.0.36](https://github.com/truecharts/apps/compare/smokeping-1.0.35...smokeping-1.0.36) (2022-01-22)
|
||||
|
||||
|
|
|
@ -21,6 +21,7 @@ You will, however, be able to use all values referenced in the common chart here
|
|||
| persistence.data.mountPath | string | `"/data"` | |
|
||||
| podSecurityContext.runAsGroup | int | `0` | |
|
||||
| podSecurityContext.runAsUser | int | `0` | |
|
||||
| securityContext.allowPrivilegeEscalation | bool | `true` | |
|
||||
| securityContext.readOnlyRootFilesystem | bool | `false` | |
|
||||
| securityContext.runAsNonRoot | bool | `false` | |
|
||||
| service.main.ports.main.port | int | `10030` | |
|
||||
|
|
|
@ -17,6 +17,7 @@ hide:
|
|||
|
||||
| Type | Misconfiguration ID | Check | Severity | Explaination | Links |
|
||||
|:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------|
|
||||
| Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM | <details><summary>Expand...</summary> A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node. <br> <hr> <br> Container 'RELEASE-NAME-smokeping' of Deployment 'RELEASE-NAME-smokeping' should set 'securityContext.allowPrivilegeEscalation' to false </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv001">https://avd.aquasec.com/appshield/ksv001</a><br></details> |
|
||||
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | <details><summary>Expand...</summary> The container should drop all default capabilities and add only those that are needed for its execution. <br> <hr> <br> Container 'RELEASE-NAME-smokeping' of Deployment 'RELEASE-NAME-smokeping' should add 'ALL' to 'securityContext.capabilities.drop' </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/">https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/</a><br><a href="https://avd.aquasec.com/appshield/ksv003">https://avd.aquasec.com/appshield/ksv003</a><br></details> |
|
||||
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container 'RELEASE-NAME-smokeping' of Deployment 'RELEASE-NAME-smokeping' should set 'securityContext.runAsNonRoot' to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
|
||||
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container 'autopermissions' of Deployment 'RELEASE-NAME-smokeping' should set 'securityContext.runAsNonRoot' to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
|
||||
|
|
|
@ -44167,6 +44167,39 @@ entries:
|
|||
- https://github.com/truecharts/apps/releases/download/sickgear-1.0.21/sickgear-1.0.21.tgz
|
||||
version: 1.0.21
|
||||
smokeping:
|
||||
- annotations:
|
||||
truecharts.org/SCALE-support: "true"
|
||||
truecharts.org/catagories: |
|
||||
- media
|
||||
truecharts.org/grade: U
|
||||
apiVersion: v2
|
||||
appVersion: 2.7.3
|
||||
created: "2022-01-23T22:24:49.085385568Z"
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://truecharts.org
|
||||
version: 8.13.5
|
||||
description: Keep track of your network latency.
|
||||
digest: 3d81450aacdaecc36c6577e796206eaf4bd3efadd94e3da6e987dfbd787e7e5d
|
||||
home: https://github.com/truecharts/apps/tree/master/charts/stable/smokeping
|
||||
icon: https://truecharts.org/_static/img/appicons/smokeping-icon.png
|
||||
keywords:
|
||||
- smokeping
|
||||
- network
|
||||
- latency
|
||||
kubeVersion: '>=1.16.0-0'
|
||||
maintainers:
|
||||
- email: info@truecharts.org
|
||||
name: TrueCharts
|
||||
url: https://truecharts.org
|
||||
name: smokeping
|
||||
sources:
|
||||
- https://oss.oetiker.ch/smokeping/
|
||||
- https://hub.docker.com/r/linuxserver/smokeping
|
||||
type: application
|
||||
urls:
|
||||
- https://github.com/truecharts/apps/releases/download/smokeping-1.0.37/smokeping-1.0.37.tgz
|
||||
version: 1.0.37
|
||||
- annotations:
|
||||
truecharts.org/SCALE-support: "true"
|
||||
truecharts.org/catagories: |
|
||||
|
@ -52191,4 +52224,4 @@ entries:
|
|||
urls:
|
||||
- https://github.com/truecharts/apps/releases/download/zwavejs2mqtt-9.0.24/zwavejs2mqtt-9.0.24.tgz
|
||||
version: 9.0.24
|
||||
generated: "2022-01-23T21:09:09.285214455Z"
|
||||
generated: "2022-01-23T22:24:49.089358416Z"
|
||||
|
|
Loading…
Reference in New Issue