Commit new App releases for TrueCharts

Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
This commit is contained in:
TrueCharts-Bot 2022-02-24 18:24:01 +00:00
parent 207a3a45af
commit e77521efc7
30 changed files with 122 additions and 57 deletions

View File

@ -1,10 +0,0 @@
# Changelog<br>
<a name="docker-compose-0.0.1"></a>
### docker-compose-0.0.1 (2022-02-24)
#### Feat
* add a dedicated App for using Docker-Compose ([#1954](https://github.com/truecharts/apps/issues/1954))

View File

@ -0,0 +1,20 @@
# Changelog<br>
<a name="docker-compose-0.0.2"></a>
### [docker-compose-0.0.2](https://github.com/truecharts/apps/compare/docker-compose-0.0.1...docker-compose-0.0.2) (2022-02-24)
#### Chore
* rename `web_portal` to `open` ([#1957](https://github.com/truecharts/apps/issues/1957))
* Update adding tc catalog ([#1956](https://github.com/truecharts/apps/issues/1956))
<a name="docker-compose-0.0.1"></a>
### docker-compose-0.0.1 (2022-02-24)
#### Feat
* add a dedicated App for using Docker-Compose ([#1954](https://github.com/truecharts/apps/issues/1954))

View File

@ -3,4 +3,4 @@ dependencies:
repository: https://truecharts.org
version: 8.16.0
digest: sha256:fa603eaefc7f57029052919d45fd45424e58a69f707af7b657afd49a4b41a435
generated: "2022-02-24T15:51:11.652031381Z"
generated: "2022-02-24T18:19:25.650140959Z"

View File

@ -7,7 +7,7 @@ dependencies:
deprecated: false
description: Dedicated App for using Docker-Compose on TrueNAS SCALE
home: https://github.com/truecharts/apps/tree/master/charts/dev/docker-compose
icon: https://truecharts.org/_static/img/appicons/docker-compose.png
icon: https://truecharts.org/_static/img/appicons/docker-compose-icon.png
keywords:
- docker-compose
- docker
@ -20,7 +20,7 @@ name: docker-compose
sources:
- https://github.com/Jackett/Jackett
type: application
version: 0.0.1
version: 0.0.2
annotations:
truecharts.org/catagories: |
- docker

View File

@ -22,7 +22,7 @@ You will, however, be able to use all values referenced in the common chart here
| hostNetwork | bool | `true` | |
| image.pullPolicy | string | `"IfNotPresent"` | |
| image.repository | string | `"tccr.io/truecharts/docker-in-docker"` | |
| image.tag | string | `"v20.10.12@sha256:e672e85d8141beffea3f7e5b97c79a2bca726bde478474e845fc338a08a1092f"` | |
| image.tag | string | `"v20.10.12@sha256:c62daf2fbd0b520a5849a5b463b059207e3669c892131eff1f0cf22d3b053deb"` | |
| persistence.docker-certs-ca.enabled | bool | `true` | |
| persistence.docker-certs-ca.mountPath | string | `"/config"` | |
| persistence.mnt.enabled | bool | `true` | |

View File

@ -1,7 +1,7 @@
image:
repository: tccr.io/truecharts/docker-in-docker
pullPolicy: IfNotPresent
tag: v20.10.12@sha256:e672e85d8141beffea3f7e5b97c79a2bca726bde478474e845fc338a08a1092f
tag: v20.10.12@sha256:c62daf2fbd0b520a5849a5b463b059207e3669c892131eff1f0cf22d3b053deb
controller:
# -- Set the controller type.

View File

@ -26,7 +26,7 @@ groups:
- name: "Advanced"
description: "Advanced Configuration"
portals:
web_portal:
open:
protocols:
- "$kubernetes-resource_configmap_portal_protocol"
host:

View File

@ -49,7 +49,7 @@ hide:
tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c
tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c
tccr.io/truecharts/docker-in-docker:v20.10.12@sha256:e672e85d8141beffea3f7e5b97c79a2bca726bde478474e845fc338a08a1092f
tccr.io/truecharts/docker-in-docker:v20.10.12@sha256:c62daf2fbd0b520a5849a5b463b059207e3669c892131eff1f0cf22d3b053deb
##### Scan Results
@ -118,4 +118,18 @@ hide:
| ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 | <details><summary>Expand...</summary><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br></details> |
#### Container: tccr.io/truecharts/docker-in-docker:v20.10.12@sha256:c62daf2fbd0b520a5849a5b463b059207e3669c892131eff1f0cf22d3b053deb (alpine 3.15.0)
**alpine**
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
| libblkid | CVE-2021-3995 | MEDIUM | 2.37.2-r1 | 2.37.3-r0 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3995">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3995</a><br><a href="https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes">https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes</a><br><a href="https://ubuntu.com/security/notices/USN-5279-1">https://ubuntu.com/security/notices/USN-5279-1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/01/24/2">https://www.openwall.com/lists/oss-security/2022/01/24/2</a><br></details> |
| libblkid | CVE-2021-3996 | MEDIUM | 2.37.2-r1 | 2.37.3-r0 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3996">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3996</a><br><a href="https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes">https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes</a><br><a href="https://ubuntu.com/security/notices/USN-5279-1">https://ubuntu.com/security/notices/USN-5279-1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/01/24/2">https://www.openwall.com/lists/oss-security/2022/01/24/2</a><br></details> |
| libblkid | CVE-2022-0563 | MEDIUM | 2.37.2-r1 | 2.37.4-r0 | <details><summary>Expand...</summary><a href="https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u">https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u</a><br></details> |
| libuuid | CVE-2021-3995 | MEDIUM | 2.37.2-r1 | 2.37.3-r0 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3995">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3995</a><br><a href="https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes">https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes</a><br><a href="https://ubuntu.com/security/notices/USN-5279-1">https://ubuntu.com/security/notices/USN-5279-1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/01/24/2">https://www.openwall.com/lists/oss-security/2022/01/24/2</a><br></details> |
| libuuid | CVE-2021-3996 | MEDIUM | 2.37.2-r1 | 2.37.3-r0 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3996">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3996</a><br><a href="https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes">https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes</a><br><a href="https://ubuntu.com/security/notices/USN-5279-1">https://ubuntu.com/security/notices/USN-5279-1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/01/24/2">https://www.openwall.com/lists/oss-security/2022/01/24/2</a><br></details> |
| libuuid | CVE-2022-0563 | MEDIUM | 2.37.2-r1 | 2.37.4-r0 | <details><summary>Expand...</summary><a href="https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u">https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u</a><br></details> |

View File

@ -1,4 +1,4 @@
icon_url: https://truecharts.org/_static/img/appicons/docker-compose.png
icon_url: https://truecharts.org/_static/img/appicons/docker-compose-icon.png
categories:
- docker
- test

View File

@ -1,6 +1,19 @@
# Changelog<br>
<a name="pydio-cells-1.0.4"></a>
### [pydio-cells-1.0.4](https://github.com/truecharts/apps/compare/pydio-cells-1.0.3...pydio-cells-1.0.4) (2022-02-24)
#### Chore
* rename `web_portal` to `open` ([#1957](https://github.com/truecharts/apps/issues/1957))
#### Fix
* Use different port for healthcheck ([#1949](https://github.com/truecharts/apps/issues/1949))
<a name="pydio-cells-1.0.3"></a>
### [pydio-cells-1.0.3](https://github.com/truecharts/apps/compare/pydio-cells-1.0.2...pydio-cells-1.0.3) (2022-02-23)
@ -84,16 +97,3 @@
<a name="pydio-cells-0.0.19"></a>
### [pydio-cells-0.0.19](https://github.com/truecharts/apps/compare/pydio-cells-0.0.18...pydio-cells-0.0.19) (2022-02-03)
#### Chore
* update docker general non-major ([#1836](https://github.com/truecharts/apps/issues/1836))
<a name="pydio-cells-0.0.18"></a>
### [pydio-cells-0.0.18](https://github.com/truecharts/apps/compare/pydio-cells-0.0.17...pydio-cells-0.0.18) (2022-02-02)
#### Chore
* update helm general non-major helm releases ([#1828](https://github.com/truecharts/apps/issues/1828))

View File

@ -6,4 +6,4 @@ dependencies:
repository: https://truecharts.org/
version: 1.0.73
digest: sha256:bf23758781a4e58ea35281ddb9500db7987638dd59f752088b97e00b948b1e8e
generated: "2022-02-23T07:45:47.314972842Z"
generated: "2022-02-24T18:19:26.092752475Z"

View File

@ -1,7 +1,7 @@
apiVersion: v2
kubeVersion: ">=1.16.0-0"
name: pydio-cells
version: 1.0.3
version: 1.0.4
appVersion: "3.0.4"
description: Pydio-cells is the nextgen file sharing platform for organizations.
type: application

View File

@ -11,11 +11,11 @@ You will, however, be able to use all values referenced in the common chart here
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| env.CELLS_BIND | string | `"0.0.0.0:{{ .Values.service.main.ports.main.targetPort }}"` | |
| env.CELLS_BIND | string | `"0.0.0.0:{{ .Values.service.main.ports.main.port }}"` | |
| env.CELLS_DATA_DIR | string | `"/cells/data"` | |
| env.CELLS_EXTERNAL | string | `""` | |
| env.CELLS_GRPC_EXTERNAL | string | `"{{ .Values.service.gprc.ports.gprc.targetPort }}"` | |
| env.CELLS_HEALTHCHECK | string | `"{{ .Values.service.main.ports.main.targetPort }}"` | |
| env.CELLS_GRPC_EXTERNAL | string | `"{{ .Values.service.gprc.ports.gprc.port }}"` | |
| env.CELLS_HEALTHCHECK | string | `"{{ .Values.service.healthcheck.ports.healthcheck.port }}"` | |
| env.CELLS_INSTALL_YAML | string | `"/cells/install.yml"` | |
| env.CELLS_LOG_DIR | string | `"/cells/logs"` | |
| env.CELLS_SERVICES_DIR | string | `"/cells/services"` | |
@ -35,18 +35,32 @@ You will, however, be able to use all values referenced in the common chart here
| persistence.logs.mountPath | string | `"/cells/logs"` | |
| persistence.services.enabled | bool | `true` | |
| persistence.services.mountPath | string | `"/cells/services"` | |
| probes.liveness.path | string | `"/healthcheck"` | |
| probes.readiness.path | string | `"/healthcheck"` | |
| probes.startup.path | string | `"/healthcheck"` | |
| podSecurityContext.runAsGroup | int | `0` | |
| podSecurityContext.runAsUser | int | `0` | |
| probes.liveness.custom | bool | `true` | |
| probes.liveness.spec.httpGet.path | string | `"/healthcheck"` | |
| probes.liveness.spec.httpGet.port | int | `10162` | |
| probes.liveness.spec.httpGet.scheme | string | `"HTTP"` | |
| probes.readiness.custom | bool | `true` | |
| probes.readiness.spec.httpGet.path | string | `"/healthcheck"` | |
| probes.readiness.spec.httpGet.port | int | `10162` | |
| probes.readiness.spec.httpGet.scheme | string | `"HTTP"` | |
| probes.startup.custom | bool | `true` | |
| probes.startup.spec.httpGet.path | string | `"/healthcheck"` | |
| probes.startup.spec.httpGet.port | int | `10162` | |
| probes.startup.spec.httpGet.scheme | string | `"HTTP"` | |
| pydioinstall.password | string | `"supersecret"` | |
| pydioinstall.title | string | `"Pydio Cells"` | |
| pydioinstall.username | string | `"admin"` | |
| securityContext.readOnlyRootFilesystem | bool | `false` | |
| securityContext.runAsNonRoot | bool | `false` | |
| service.gprc.enabled | bool | `true` | |
| service.gprc.ports.gprc.enabled | bool | `true` | |
| service.gprc.ports.gprc.port | int | `33060` | |
| service.gprc.ports.gprc.targetPort | int | `33060` | |
| service.healthcheck.enabled | bool | `true` | |
| service.healthcheck.ports.healthcheck.enabled | bool | `true` | |
| service.healthcheck.ports.healthcheck.port | int | `10162` | |
| service.main.ports.main.port | int | `10150` | |
| service.main.ports.main.protocol | string | `"HTTPS"` | |
| service.main.ports.main.targetPort | int | `10150` | |
All Rights Reserved - The TrueCharts Project

View File

@ -3,11 +3,19 @@ image:
pullPolicy: IfNotPresent
tag: v3.0.4@sha256:81c6f8675ffc243af9ffab5a43da0ed50f33f0c153c352aad027127c3c0318ad
securityContext:
readOnlyRootFilesystem: false
runAsNonRoot: false
podSecurityContext:
runAsUser: 0
runAsGroup: 0
env:
CELLS_EXTERNAL: ""
CELLS_GRPC_EXTERNAL: "{{ .Values.service.gprc.ports.gprc.targetPort }}"
CELLS_HEALTHCHECK: "{{ .Values.service.main.ports.main.targetPort }}"
CELLS_BIND: "0.0.0.0:{{ .Values.service.main.ports.main.targetPort }}"
CELLS_GRPC_EXTERNAL: "{{ .Values.service.gprc.ports.gprc.port }}"
CELLS_HEALTHCHECK: "{{ .Values.service.healthcheck.ports.healthcheck.port }}"
CELLS_BIND: "0.0.0.0:{{ .Values.service.main.ports.main.port }}"
CELLS_WORKING_DIR: "/cells"
CELLS_DATA_DIR: "/cells/data"
CELLS_LOG_DIR: "/cells/logs"
@ -21,28 +29,45 @@ pydioinstall:
probes:
liveness:
custom: true
spec:
httpGet:
scheme: HTTP
path: "/healthcheck"
port: 10162
readiness:
custom: true
spec:
httpGet:
scheme: HTTP
path: "/healthcheck"
port: 10162
startup:
custom: true
spec:
httpGet:
scheme: HTTP
path: "/healthcheck"
port: 10162
service:
main:
ports:
main:
protocol: HTTPS
targetPort: 10150
port: 10150
gprc:
enabled: true
ports:
gprc:
enabled: true
targetPort: 33060
port: 33060
healthcheck:
enabled: true
ports:
healthcheck:
enabled: true
port: 10162
persistence:
cells:

View File

@ -26,7 +26,7 @@ groups:
- name: "Advanced"
description: "Advanced Configuration"
portals:
web_portal:
open:
protocols:
- "$kubernetes-resource_configmap_portal_protocol"
host:
@ -1934,7 +1934,7 @@ questions:
label: "runAsNonRoot"
schema:
type: boolean
default: true
default: false
- variable: capabilities
label: "Capabilities"
schema:
@ -1974,13 +1974,13 @@ questions:
description: "The UserID of the user running the application"
schema:
type: int
default: 568
default: 0
- variable: runAsGroup
label: "runAsGroup"
description: The groupID this App of the user running the application"
schema:
type: int
default: 568
default: 0
- variable: fsGroup
label: "fsGroup"
description: "The group that should own ALL storage."

View File

@ -45,8 +45,10 @@ hide:
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | <details><summary>Expand...</summary> The container should drop all default capabilities and add only those that are needed for its execution. <br> <hr> <br> Container &#39;RELEASE-NAME-pydio-cells&#39; of Deployment &#39;RELEASE-NAME-pydio-cells&#39; should add &#39;ALL&#39; to &#39;securityContext.capabilities.drop&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/">https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/</a><br><a href="https://avd.aquasec.com/appshield/ksv003">https://avd.aquasec.com/appshield/ksv003</a><br></details> |
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | <details><summary>Expand...</summary> The container should drop all default capabilities and add only those that are needed for its execution. <br> <hr> <br> Container &#39;inotify&#39; of Deployment &#39;RELEASE-NAME-pydio-cells&#39; should add &#39;ALL&#39; to &#39;securityContext.capabilities.drop&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/">https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/</a><br><a href="https://avd.aquasec.com/appshield/ksv003">https://avd.aquasec.com/appshield/ksv003</a><br></details> |
| Kubernetes Security Check | KSV011 | CPU not limited | LOW | <details><summary>Expand...</summary> Enforcing CPU limits prevents DoS via resource exhaustion. <br> <hr> <br> Container &#39;inotify&#39; of Deployment &#39;RELEASE-NAME-pydio-cells&#39; should set &#39;resources.limits.cpu&#39; </details>| <details><summary>Expand...</summary><a href="https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits">https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits</a><br><a href="https://avd.aquasec.com/appshield/ksv011">https://avd.aquasec.com/appshield/ksv011</a><br></details> |
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> &#39;runAsNonRoot&#39; forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container &#39;RELEASE-NAME-pydio-cells&#39; of Deployment &#39;RELEASE-NAME-pydio-cells&#39; should set &#39;securityContext.runAsNonRoot&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> &#39;runAsNonRoot&#39; forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-pydio-cells&#39; should set &#39;securityContext.runAsNonRoot&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> &#39;runAsNonRoot&#39; forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container &#39;inotify&#39; of Deployment &#39;RELEASE-NAME-pydio-cells&#39; should set &#39;securityContext.runAsNonRoot&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container &#39;RELEASE-NAME-pydio-cells&#39; of Deployment &#39;RELEASE-NAME-pydio-cells&#39; should set &#39;securityContext.readOnlyRootFilesystem&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-pydio-cells&#39; should set &#39;securityContext.readOnlyRootFilesystem&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container &#39;inotify&#39; of Deployment &#39;RELEASE-NAME-pydio-cells&#39; should set &#39;securityContext.readOnlyRootFilesystem&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
| Kubernetes Security Check | KSV015 | CPU requests not specified | LOW | <details><summary>Expand...</summary> When containers have resource requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention. <br> <hr> <br> Container &#39;inotify&#39; of Deployment &#39;RELEASE-NAME-pydio-cells&#39; should set &#39;resources.requests.cpu&#39; </details>| <details><summary>Expand...</summary><a href="https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits">https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits</a><br><a href="https://avd.aquasec.com/appshield/ksv015">https://avd.aquasec.com/appshield/ksv015</a><br></details> |
@ -327,8 +329,8 @@ hide:
| libpcre3 | CVE-2017-7245 | LOW | 2:8.39-12 | | <details><summary>Expand...</summary><a href="http://www.securityfocus.com/bid/97067">http://www.securityfocus.com/bid/97067</a><br><a href="https://access.redhat.com/errata/RHSA-2018:2486">https://access.redhat.com/errata/RHSA-2018:2486</a><br><a href="https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/">https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/</a><br><a href="https://security.gentoo.org/glsa/201710-25">https://security.gentoo.org/glsa/201710-25</a><br></details> |
| libpcre3 | CVE-2017-7246 | LOW | 2:8.39-12 | | <details><summary>Expand...</summary><a href="http://www.securityfocus.com/bid/97067">http://www.securityfocus.com/bid/97067</a><br><a href="https://access.redhat.com/errata/RHSA-2018:2486">https://access.redhat.com/errata/RHSA-2018:2486</a><br><a href="https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/">https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/</a><br><a href="https://security.gentoo.org/glsa/201710-25">https://security.gentoo.org/glsa/201710-25</a><br></details> |
| libpcre3 | CVE-2019-20838 | LOW | 2:8.39-12 | | <details><summary>Expand...</summary><a href="http://seclists.org/fulldisclosure/2020/Dec/32">http://seclists.org/fulldisclosure/2020/Dec/32</a><br><a href="http://seclists.org/fulldisclosure/2021/Feb/14">http://seclists.org/fulldisclosure/2021/Feb/14</a><br><a href="https://bugs.gentoo.org/717920">https://bugs.gentoo.org/717920</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20838">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20838</a><br><a href="https://linux.oracle.com/cve/CVE-2019-20838.html">https://linux.oracle.com/cve/CVE-2019-20838.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4373.html">https://linux.oracle.com/errata/ELSA-2021-4373.html</a><br><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a><br><a href="https://support.apple.com/kb/HT211931">https://support.apple.com/kb/HT211931</a><br><a href="https://support.apple.com/kb/HT212147">https://support.apple.com/kb/HT212147</a><br><a href="https://www.pcre.org/original/changelog.txt">https://www.pcre.org/original/changelog.txt</a><br></details> |
| libsasl2-2 | CVE-2022-24407 | HIGH | 2.1.27+dfsg-1+deb10u1 | | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407</a><br><a href="https://ubuntu.com/security/notices/USN-5301-1">https://ubuntu.com/security/notices/USN-5301-1</a><br><a href="https://ubuntu.com/security/notices/USN-5301-2">https://ubuntu.com/security/notices/USN-5301-2</a><br></details> |
| libsasl2-modules-db | CVE-2022-24407 | HIGH | 2.1.27+dfsg-1+deb10u1 | | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407</a><br><a href="https://ubuntu.com/security/notices/USN-5301-1">https://ubuntu.com/security/notices/USN-5301-1</a><br><a href="https://ubuntu.com/security/notices/USN-5301-2">https://ubuntu.com/security/notices/USN-5301-2</a><br></details> |
| libsasl2-2 | CVE-2022-24407 | CRITICAL | 2.1.27+dfsg-1+deb10u1 | | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407</a><br><a href="https://linux.oracle.com/cve/CVE-2022-24407.html">https://linux.oracle.com/cve/CVE-2022-24407.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2022-0658.html">https://linux.oracle.com/errata/ELSA-2022-0658.html</a><br><a href="https://ubuntu.com/security/notices/USN-5301-1">https://ubuntu.com/security/notices/USN-5301-1</a><br><a href="https://ubuntu.com/security/notices/USN-5301-2">https://ubuntu.com/security/notices/USN-5301-2</a><br><a href="https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28">https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28</a><br></details> |
| libsasl2-modules-db | CVE-2022-24407 | CRITICAL | 2.1.27+dfsg-1+deb10u1 | | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407</a><br><a href="https://linux.oracle.com/cve/CVE-2022-24407.html">https://linux.oracle.com/cve/CVE-2022-24407.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2022-0658.html">https://linux.oracle.com/errata/ELSA-2022-0658.html</a><br><a href="https://ubuntu.com/security/notices/USN-5301-1">https://ubuntu.com/security/notices/USN-5301-1</a><br><a href="https://ubuntu.com/security/notices/USN-5301-2">https://ubuntu.com/security/notices/USN-5301-2</a><br><a href="https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28">https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28</a><br></details> |
| libseccomp2 | CVE-2019-9893 | LOW | 2.3.3-4 | | <details><summary>Expand...</summary><a href="http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00022.html">http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00022.html</a><br><a href="http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00027.html">http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00027.html</a><br><a href="http://www.paul-moore.com/blog/d/2019/03/libseccomp_v240.html">http://www.paul-moore.com/blog/d/2019/03/libseccomp_v240.html</a><br><a href="https://access.redhat.com/errata/RHSA-2019:3624">https://access.redhat.com/errata/RHSA-2019:3624</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9893">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9893</a><br><a href="https://github.com/seccomp/libseccomp/issues/139">https://github.com/seccomp/libseccomp/issues/139</a><br><a href="https://linux.oracle.com/cve/CVE-2019-9893.html">https://linux.oracle.com/cve/CVE-2019-9893.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2019-3624.html">https://linux.oracle.com/errata/ELSA-2019-3624.html</a><br><a href="https://seclists.org/oss-sec/2019/q1/179">https://seclists.org/oss-sec/2019/q1/179</a><br><a href="https://security.gentoo.org/glsa/201904-18">https://security.gentoo.org/glsa/201904-18</a><br><a href="https://ubuntu.com/security/notices/USN-4001-1">https://ubuntu.com/security/notices/USN-4001-1</a><br><a href="https://ubuntu.com/security/notices/USN-4001-2">https://ubuntu.com/security/notices/USN-4001-2</a><br><a href="https://usn.ubuntu.com/4001-1/">https://usn.ubuntu.com/4001-1/</a><br><a href="https://usn.ubuntu.com/4001-2/">https://usn.ubuntu.com/4001-2/</a><br><a href="https://www.openwall.com/lists/oss-security/2019/03/15/1">https://www.openwall.com/lists/oss-security/2019/03/15/1</a><br></details> |
| libsepol1 | CVE-2021-36084 | LOW | 2.8-1 | | <details><summary>Expand...</summary><a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31065">https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31065</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36084">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36084</a><br><a href="https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3">https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3</a><br><a href="https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-417.yaml">https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-417.yaml</a><br><a href="https://linux.oracle.com/cve/CVE-2021-36084.html">https://linux.oracle.com/cve/CVE-2021-36084.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4513.html">https://linux.oracle.com/errata/ELSA-2021-4513.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/</a><br></details> |
| libsepol1 | CVE-2021-36085 | LOW | 2.8-1 | | <details><summary>Expand...</summary><a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31124">https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31124</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36085">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36085</a><br><a href="https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba">https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba</a><br><a href="https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-421.yaml">https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-421.yaml</a><br><a href="https://linux.oracle.com/cve/CVE-2021-36085.html">https://linux.oracle.com/cve/CVE-2021-36085.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4513.html">https://linux.oracle.com/errata/ELSA-2021-4513.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/</a><br></details> |