Security Overview

Helm-Chart

Scan Results

Chart Object: common-test/templates/common.yaml

Type	Misconfiguration ID	Check	Severity	Explaination	Links
Kubernetes Security Check	KSV003	Default capabilities not dropped	LOW	Expand... The container should drop all default capabilities and add only those that are needed for its execution. Container 'RELEASE-NAME-common-test' of Deployment 'RELEASE-NAME-common-test' should add 'ALL' to 'securityContext.capabilities.drop'	Expand... https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/ https://avd.aquasec.com/appshield/ksv003
Kubernetes Security Check	KSV012	Runs as root user	MEDIUM	Expand... 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges. Container 'autopermissions' of Deployment 'RELEASE-NAME-common-test' should set 'securityContext.runAsNonRoot' to true	Expand... https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted https://avd.aquasec.com/appshield/ksv012
Kubernetes Security Check	KSV013	Image tag ':latest' used	LOW	Expand... It is best to avoid using the ':latest' image tag when deploying containers in production. Doing so makes it hard to track which version of the image is running, and hard to roll back the version. Container 'RELEASE-NAME-common-test' of Deployment 'RELEASE-NAME-common-test' should specify an image tag	Expand... https://kubernetes.io/docs/concepts/configuration/overview/#container-images https://avd.aquasec.com/appshield/ksv013
Kubernetes Security Check	KSV013	Image tag ':latest' used	LOW	Expand... It is best to avoid using the ':latest' image tag when deploying containers in production. Doing so makes it hard to track which version of the image is running, and hard to roll back the version. Container 'autopermissions' of Deployment 'RELEASE-NAME-common-test' should specify an image tag	Expand... https://kubernetes.io/docs/concepts/configuration/overview/#container-images https://avd.aquasec.com/appshield/ksv013
Kubernetes Security Check	KSV014	Root file system is not read-only	LOW	Expand... An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. Container 'autopermissions' of Deployment 'RELEASE-NAME-common-test' should set 'securityContext.readOnlyRootFilesystem' to true	Expand... https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/ https://avd.aquasec.com/appshield/ksv014
Kubernetes Security Check	KSV019	Seccomp policies disabled	MEDIUM	Expand... A program inside the container can bypass Seccomp protection policies. Container 'RELEASE-NAME-common-test' of Deployment 'RELEASE-NAME-common-test' should specify a seccomp profile	Expand... https://kubesec.io/basics/metadata-annotations-container-seccomp-security-alpha-kubernetes-io-pod/ https://avd.aquasec.com/appshield/ksv019
Kubernetes Security Check	KSV019	Seccomp policies disabled	MEDIUM	Expand... A program inside the container can bypass Seccomp protection policies. Container 'autopermissions' of Deployment 'RELEASE-NAME-common-test' should specify a seccomp profile	Expand... https://kubesec.io/basics/metadata-annotations-container-seccomp-security-alpha-kubernetes-io-pod/ https://avd.aquasec.com/appshield/ksv019
Kubernetes Security Check	KSV020	Runs with low user ID	MEDIUM	Expand... Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table. Container 'RELEASE-NAME-common-test' of Deployment 'RELEASE-NAME-common-test' should set 'securityContext.runAsUser' > 10000	Expand... https://kubesec.io/basics/containers-securitycontext-runasuser/ https://avd.aquasec.com/appshield/ksv020
Kubernetes Security Check	KSV020	Runs with low user ID	MEDIUM	Expand... Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table. Container 'autopermissions' of Deployment 'RELEASE-NAME-common-test' should set 'securityContext.runAsUser' > 10000	Expand... https://kubesec.io/basics/containers-securitycontext-runasuser/ https://avd.aquasec.com/appshield/ksv020
Kubernetes Security Check	KSV021	Runs with low group ID	MEDIUM	Expand... Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table. Container 'RELEASE-NAME-common-test' of Deployment 'RELEASE-NAME-common-test' should set 'securityContext.runAsGroup' > 10000	Expand... https://kubesec.io/basics/containers-securitycontext-runasuser/ https://avd.aquasec.com/appshield/ksv021
Kubernetes Security Check	KSV021	Runs with low group ID	MEDIUM	Expand... Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table. Container 'autopermissions' of Deployment 'RELEASE-NAME-common-test' should set 'securityContext.runAsGroup' > 10000	Expand... https://kubesec.io/basics/containers-securitycontext-runasuser/ https://avd.aquasec.com/appshield/ksv021

Containers

Detected Containers

      tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c
      tccr.io/truecharts/whoami:v1.7.1@sha256:9140a27e94fdfa538f4c7f95e4c2c6910341e21aa0e2f2703718fcfdf0cc825a

Scan Results

Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2)

alpine

Package	Vulnerability	Severity	Installed Version	Fixed Version	Links
busybox	CVE-2021-42378	HIGH	1.33.1-r3	1.33.1-r6	Expand... https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378 https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/ https://ubuntu.com/security/notices/USN-5179-1
busybox	CVE-2021-42379	HIGH	1.33.1-r3	1.33.1-r6	Expand... https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379 https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/ https://ubuntu.com/security/notices/USN-5179-1
busybox	CVE-2021-42380	HIGH	1.33.1-r3	1.33.1-r6	Expand... https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380 https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/ https://ubuntu.com/security/notices/USN-5179-1
busybox	CVE-2021-42381	HIGH	1.33.1-r3	1.33.1-r6	Expand... https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381 https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/ https://ubuntu.com/security/notices/USN-5179-1
busybox	CVE-2021-42382	HIGH	1.33.1-r3	1.33.1-r6	Expand... https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382 https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/ https://ubuntu.com/security/notices/USN-5179-1
busybox	CVE-2021-42383	HIGH	1.33.1-r3	1.33.1-r6	Expand... https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
busybox	CVE-2021-42384	HIGH	1.33.1-r3	1.33.1-r6	Expand... https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384 https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/ https://ubuntu.com/security/notices/USN-5179-1
busybox	CVE-2021-42385	HIGH	1.33.1-r3	1.33.1-r6	Expand... https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385 https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/ https://ubuntu.com/security/notices/USN-5179-1
busybox	CVE-2021-42386	HIGH	1.33.1-r3	1.33.1-r6	Expand... https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386 https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/ https://ubuntu.com/security/notices/USN-5179-1
busybox	CVE-2021-42374	MEDIUM	1.33.1-r3	1.33.1-r4	Expand... https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374 https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/ https://ubuntu.com/security/notices/USN-5179-1
busybox	CVE-2021-42375	MEDIUM	1.33.1-r3	1.33.1-r5	Expand... https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
ssl_client	CVE-2021-42378	HIGH	1.33.1-r3	1.33.1-r6	Expand... https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378 https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/ https://ubuntu.com/security/notices/USN-5179-1
ssl_client	CVE-2021-42379	HIGH	1.33.1-r3	1.33.1-r6	Expand... https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379 https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/ https://ubuntu.com/security/notices/USN-5179-1
ssl_client	CVE-2021-42380	HIGH	1.33.1-r3	1.33.1-r6	Expand... https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380 https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/ https://ubuntu.com/security/notices/USN-5179-1
ssl_client	CVE-2021-42381	HIGH	1.33.1-r3	1.33.1-r6	Expand... https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381 https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/ https://ubuntu.com/security/notices/USN-5179-1
ssl_client	CVE-2021-42382	HIGH	1.33.1-r3	1.33.1-r6	Expand... https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382 https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/ https://ubuntu.com/security/notices/USN-5179-1
ssl_client	CVE-2021-42383	HIGH	1.33.1-r3	1.33.1-r6	Expand... https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
ssl_client	CVE-2021-42384	HIGH	1.33.1-r3	1.33.1-r6	Expand... https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384 https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/ https://ubuntu.com/security/notices/USN-5179-1
ssl_client	CVE-2021-42385	HIGH	1.33.1-r3	1.33.1-r6	Expand... https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385 https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/ https://ubuntu.com/security/notices/USN-5179-1
ssl_client	CVE-2021-42386	HIGH	1.33.1-r3	1.33.1-r6	Expand... https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386 https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/ https://ubuntu.com/security/notices/USN-5179-1
ssl_client	CVE-2021-42374	MEDIUM	1.33.1-r3	1.33.1-r4	Expand... https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374 https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/ https://ubuntu.com/security/notices/USN-5179-1
ssl_client	CVE-2021-42375	MEDIUM	1.33.1-r3	1.33.1-r5	Expand... https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/

Container: whoami

gobinary

No Vulnerabilities found

33 KiB Raw Blame History Unescape Escape

Security Overview

Helm-Chart

Scan Results

Chart Object: common-test/templates/common.yaml

Containers

Detected Containers

Scan Results

Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2)

Container: whoami

33 KiB

Raw Blame History