Commit new App releases for TrueCharts
Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
This commit is contained in:
parent
207a3a45af
commit
e77521efc7
|
@ -1,10 +0,0 @@
|
|||
# Changelog<br>
|
||||
|
||||
|
||||
<a name="docker-compose-0.0.1"></a>
|
||||
### docker-compose-0.0.1 (2022-02-24)
|
||||
|
||||
#### Feat
|
||||
|
||||
* add a dedicated App for using Docker-Compose ([#1954](https://github.com/truecharts/apps/issues/1954))
|
||||
|
|
@ -0,0 +1,20 @@
|
|||
# Changelog<br>
|
||||
|
||||
|
||||
<a name="docker-compose-0.0.2"></a>
|
||||
### [docker-compose-0.0.2](https://github.com/truecharts/apps/compare/docker-compose-0.0.1...docker-compose-0.0.2) (2022-02-24)
|
||||
|
||||
#### Chore
|
||||
|
||||
* rename `web_portal` to `open` ([#1957](https://github.com/truecharts/apps/issues/1957))
|
||||
* Update adding tc catalog ([#1956](https://github.com/truecharts/apps/issues/1956))
|
||||
|
||||
|
||||
|
||||
<a name="docker-compose-0.0.1"></a>
|
||||
### docker-compose-0.0.1 (2022-02-24)
|
||||
|
||||
#### Feat
|
||||
|
||||
* add a dedicated App for using Docker-Compose ([#1954](https://github.com/truecharts/apps/issues/1954))
|
||||
|
|
@ -3,4 +3,4 @@ dependencies:
|
|||
repository: https://truecharts.org
|
||||
version: 8.16.0
|
||||
digest: sha256:fa603eaefc7f57029052919d45fd45424e58a69f707af7b657afd49a4b41a435
|
||||
generated: "2022-02-24T15:51:11.652031381Z"
|
||||
generated: "2022-02-24T18:19:25.650140959Z"
|
|
@ -7,7 +7,7 @@ dependencies:
|
|||
deprecated: false
|
||||
description: Dedicated App for using Docker-Compose on TrueNAS SCALE
|
||||
home: https://github.com/truecharts/apps/tree/master/charts/dev/docker-compose
|
||||
icon: https://truecharts.org/_static/img/appicons/docker-compose.png
|
||||
icon: https://truecharts.org/_static/img/appicons/docker-compose-icon.png
|
||||
keywords:
|
||||
- docker-compose
|
||||
- docker
|
||||
|
@ -20,7 +20,7 @@ name: docker-compose
|
|||
sources:
|
||||
- https://github.com/Jackett/Jackett
|
||||
type: application
|
||||
version: 0.0.1
|
||||
version: 0.0.2
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- docker
|
|
@ -22,7 +22,7 @@ You will, however, be able to use all values referenced in the common chart here
|
|||
| hostNetwork | bool | `true` | |
|
||||
| image.pullPolicy | string | `"IfNotPresent"` | |
|
||||
| image.repository | string | `"tccr.io/truecharts/docker-in-docker"` | |
|
||||
| image.tag | string | `"v20.10.12@sha256:e672e85d8141beffea3f7e5b97c79a2bca726bde478474e845fc338a08a1092f"` | |
|
||||
| image.tag | string | `"v20.10.12@sha256:c62daf2fbd0b520a5849a5b463b059207e3669c892131eff1f0cf22d3b053deb"` | |
|
||||
| persistence.docker-certs-ca.enabled | bool | `true` | |
|
||||
| persistence.docker-certs-ca.mountPath | string | `"/config"` | |
|
||||
| persistence.mnt.enabled | bool | `true` | |
|
|
@ -1,7 +1,7 @@
|
|||
image:
|
||||
repository: tccr.io/truecharts/docker-in-docker
|
||||
pullPolicy: IfNotPresent
|
||||
tag: v20.10.12@sha256:e672e85d8141beffea3f7e5b97c79a2bca726bde478474e845fc338a08a1092f
|
||||
tag: v20.10.12@sha256:c62daf2fbd0b520a5849a5b463b059207e3669c892131eff1f0cf22d3b053deb
|
||||
|
||||
controller:
|
||||
# -- Set the controller type.
|
|
@ -26,7 +26,7 @@ groups:
|
|||
- name: "Advanced"
|
||||
description: "Advanced Configuration"
|
||||
portals:
|
||||
web_portal:
|
||||
open:
|
||||
protocols:
|
||||
- "$kubernetes-resource_configmap_portal_protocol"
|
||||
host:
|
|
@ -49,7 +49,7 @@ hide:
|
|||
|
||||
tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c
|
||||
tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c
|
||||
tccr.io/truecharts/docker-in-docker:v20.10.12@sha256:e672e85d8141beffea3f7e5b97c79a2bca726bde478474e845fc338a08a1092f
|
||||
tccr.io/truecharts/docker-in-docker:v20.10.12@sha256:c62daf2fbd0b520a5849a5b463b059207e3669c892131eff1f0cf22d3b053deb
|
||||
|
||||
##### Scan Results
|
||||
|
||||
|
@ -118,4 +118,18 @@ hide:
|
|||
| ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 | <details><summary>Expand...</summary><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br></details> |
|
||||
|
||||
|
||||
#### Container: tccr.io/truecharts/docker-in-docker:v20.10.12@sha256:c62daf2fbd0b520a5849a5b463b059207e3669c892131eff1f0cf22d3b053deb (alpine 3.15.0)
|
||||
|
||||
|
||||
**alpine**
|
||||
|
||||
|
||||
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|
||||
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
|
||||
| libblkid | CVE-2021-3995 | MEDIUM | 2.37.2-r1 | 2.37.3-r0 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3995">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3995</a><br><a href="https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes">https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes</a><br><a href="https://ubuntu.com/security/notices/USN-5279-1">https://ubuntu.com/security/notices/USN-5279-1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/01/24/2">https://www.openwall.com/lists/oss-security/2022/01/24/2</a><br></details> |
|
||||
| libblkid | CVE-2021-3996 | MEDIUM | 2.37.2-r1 | 2.37.3-r0 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3996">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3996</a><br><a href="https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes">https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes</a><br><a href="https://ubuntu.com/security/notices/USN-5279-1">https://ubuntu.com/security/notices/USN-5279-1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/01/24/2">https://www.openwall.com/lists/oss-security/2022/01/24/2</a><br></details> |
|
||||
| libblkid | CVE-2022-0563 | MEDIUM | 2.37.2-r1 | 2.37.4-r0 | <details><summary>Expand...</summary><a href="https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u">https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u</a><br></details> |
|
||||
| libuuid | CVE-2021-3995 | MEDIUM | 2.37.2-r1 | 2.37.3-r0 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3995">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3995</a><br><a href="https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes">https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes</a><br><a href="https://ubuntu.com/security/notices/USN-5279-1">https://ubuntu.com/security/notices/USN-5279-1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/01/24/2">https://www.openwall.com/lists/oss-security/2022/01/24/2</a><br></details> |
|
||||
| libuuid | CVE-2021-3996 | MEDIUM | 2.37.2-r1 | 2.37.3-r0 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3996">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3996</a><br><a href="https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes">https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes</a><br><a href="https://ubuntu.com/security/notices/USN-5279-1">https://ubuntu.com/security/notices/USN-5279-1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/01/24/2">https://www.openwall.com/lists/oss-security/2022/01/24/2</a><br></details> |
|
||||
| libuuid | CVE-2022-0563 | MEDIUM | 2.37.2-r1 | 2.37.4-r0 | <details><summary>Expand...</summary><a href="https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u">https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u</a><br></details> |
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
icon_url: https://truecharts.org/_static/img/appicons/docker-compose.png
|
||||
icon_url: https://truecharts.org/_static/img/appicons/docker-compose-icon.png
|
||||
categories:
|
||||
- docker
|
||||
- test
|
||||
|
|
|
@ -1,6 +1,19 @@
|
|||
# Changelog<br>
|
||||
|
||||
|
||||
<a name="pydio-cells-1.0.4"></a>
|
||||
### [pydio-cells-1.0.4](https://github.com/truecharts/apps/compare/pydio-cells-1.0.3...pydio-cells-1.0.4) (2022-02-24)
|
||||
|
||||
#### Chore
|
||||
|
||||
* rename `web_portal` to `open` ([#1957](https://github.com/truecharts/apps/issues/1957))
|
||||
|
||||
#### Fix
|
||||
|
||||
* Use different port for healthcheck ([#1949](https://github.com/truecharts/apps/issues/1949))
|
||||
|
||||
|
||||
|
||||
<a name="pydio-cells-1.0.3"></a>
|
||||
### [pydio-cells-1.0.3](https://github.com/truecharts/apps/compare/pydio-cells-1.0.2...pydio-cells-1.0.3) (2022-02-23)
|
||||
|
||||
|
@ -84,16 +97,3 @@
|
|||
|
||||
<a name="pydio-cells-0.0.19"></a>
|
||||
### [pydio-cells-0.0.19](https://github.com/truecharts/apps/compare/pydio-cells-0.0.18...pydio-cells-0.0.19) (2022-02-03)
|
||||
|
||||
#### Chore
|
||||
|
||||
* update docker general non-major ([#1836](https://github.com/truecharts/apps/issues/1836))
|
||||
|
||||
|
||||
|
||||
<a name="pydio-cells-0.0.18"></a>
|
||||
### [pydio-cells-0.0.18](https://github.com/truecharts/apps/compare/pydio-cells-0.0.17...pydio-cells-0.0.18) (2022-02-02)
|
||||
|
||||
#### Chore
|
||||
|
||||
* update helm general non-major helm releases ([#1828](https://github.com/truecharts/apps/issues/1828))
|
|
@ -6,4 +6,4 @@ dependencies:
|
|||
repository: https://truecharts.org/
|
||||
version: 1.0.73
|
||||
digest: sha256:bf23758781a4e58ea35281ddb9500db7987638dd59f752088b97e00b948b1e8e
|
||||
generated: "2022-02-23T07:45:47.314972842Z"
|
||||
generated: "2022-02-24T18:19:26.092752475Z"
|
|
@ -1,7 +1,7 @@
|
|||
apiVersion: v2
|
||||
kubeVersion: ">=1.16.0-0"
|
||||
name: pydio-cells
|
||||
version: 1.0.3
|
||||
version: 1.0.4
|
||||
appVersion: "3.0.4"
|
||||
description: Pydio-cells is the nextgen file sharing platform for organizations.
|
||||
type: application
|
|
@ -11,11 +11,11 @@ You will, however, be able to use all values referenced in the common chart here
|
|||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| env.CELLS_BIND | string | `"0.0.0.0:{{ .Values.service.main.ports.main.targetPort }}"` | |
|
||||
| env.CELLS_BIND | string | `"0.0.0.0:{{ .Values.service.main.ports.main.port }}"` | |
|
||||
| env.CELLS_DATA_DIR | string | `"/cells/data"` | |
|
||||
| env.CELLS_EXTERNAL | string | `""` | |
|
||||
| env.CELLS_GRPC_EXTERNAL | string | `"{{ .Values.service.gprc.ports.gprc.targetPort }}"` | |
|
||||
| env.CELLS_HEALTHCHECK | string | `"{{ .Values.service.main.ports.main.targetPort }}"` | |
|
||||
| env.CELLS_GRPC_EXTERNAL | string | `"{{ .Values.service.gprc.ports.gprc.port }}"` | |
|
||||
| env.CELLS_HEALTHCHECK | string | `"{{ .Values.service.healthcheck.ports.healthcheck.port }}"` | |
|
||||
| env.CELLS_INSTALL_YAML | string | `"/cells/install.yml"` | |
|
||||
| env.CELLS_LOG_DIR | string | `"/cells/logs"` | |
|
||||
| env.CELLS_SERVICES_DIR | string | `"/cells/services"` | |
|
||||
|
@ -35,18 +35,32 @@ You will, however, be able to use all values referenced in the common chart here
|
|||
| persistence.logs.mountPath | string | `"/cells/logs"` | |
|
||||
| persistence.services.enabled | bool | `true` | |
|
||||
| persistence.services.mountPath | string | `"/cells/services"` | |
|
||||
| probes.liveness.path | string | `"/healthcheck"` | |
|
||||
| probes.readiness.path | string | `"/healthcheck"` | |
|
||||
| probes.startup.path | string | `"/healthcheck"` | |
|
||||
| podSecurityContext.runAsGroup | int | `0` | |
|
||||
| podSecurityContext.runAsUser | int | `0` | |
|
||||
| probes.liveness.custom | bool | `true` | |
|
||||
| probes.liveness.spec.httpGet.path | string | `"/healthcheck"` | |
|
||||
| probes.liveness.spec.httpGet.port | int | `10162` | |
|
||||
| probes.liveness.spec.httpGet.scheme | string | `"HTTP"` | |
|
||||
| probes.readiness.custom | bool | `true` | |
|
||||
| probes.readiness.spec.httpGet.path | string | `"/healthcheck"` | |
|
||||
| probes.readiness.spec.httpGet.port | int | `10162` | |
|
||||
| probes.readiness.spec.httpGet.scheme | string | `"HTTP"` | |
|
||||
| probes.startup.custom | bool | `true` | |
|
||||
| probes.startup.spec.httpGet.path | string | `"/healthcheck"` | |
|
||||
| probes.startup.spec.httpGet.port | int | `10162` | |
|
||||
| probes.startup.spec.httpGet.scheme | string | `"HTTP"` | |
|
||||
| pydioinstall.password | string | `"supersecret"` | |
|
||||
| pydioinstall.title | string | `"Pydio Cells"` | |
|
||||
| pydioinstall.username | string | `"admin"` | |
|
||||
| securityContext.readOnlyRootFilesystem | bool | `false` | |
|
||||
| securityContext.runAsNonRoot | bool | `false` | |
|
||||
| service.gprc.enabled | bool | `true` | |
|
||||
| service.gprc.ports.gprc.enabled | bool | `true` | |
|
||||
| service.gprc.ports.gprc.port | int | `33060` | |
|
||||
| service.gprc.ports.gprc.targetPort | int | `33060` | |
|
||||
| service.healthcheck.enabled | bool | `true` | |
|
||||
| service.healthcheck.ports.healthcheck.enabled | bool | `true` | |
|
||||
| service.healthcheck.ports.healthcheck.port | int | `10162` | |
|
||||
| service.main.ports.main.port | int | `10150` | |
|
||||
| service.main.ports.main.protocol | string | `"HTTPS"` | |
|
||||
| service.main.ports.main.targetPort | int | `10150` | |
|
||||
|
||||
All Rights Reserved - The TrueCharts Project
|
|
@ -3,11 +3,19 @@ image:
|
|||
pullPolicy: IfNotPresent
|
||||
tag: v3.0.4@sha256:81c6f8675ffc243af9ffab5a43da0ed50f33f0c153c352aad027127c3c0318ad
|
||||
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: false
|
||||
runAsNonRoot: false
|
||||
|
||||
podSecurityContext:
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
|
||||
env:
|
||||
CELLS_EXTERNAL: ""
|
||||
CELLS_GRPC_EXTERNAL: "{{ .Values.service.gprc.ports.gprc.targetPort }}"
|
||||
CELLS_HEALTHCHECK: "{{ .Values.service.main.ports.main.targetPort }}"
|
||||
CELLS_BIND: "0.0.0.0:{{ .Values.service.main.ports.main.targetPort }}"
|
||||
CELLS_GRPC_EXTERNAL: "{{ .Values.service.gprc.ports.gprc.port }}"
|
||||
CELLS_HEALTHCHECK: "{{ .Values.service.healthcheck.ports.healthcheck.port }}"
|
||||
CELLS_BIND: "0.0.0.0:{{ .Values.service.main.ports.main.port }}"
|
||||
CELLS_WORKING_DIR: "/cells"
|
||||
CELLS_DATA_DIR: "/cells/data"
|
||||
CELLS_LOG_DIR: "/cells/logs"
|
||||
|
@ -21,28 +29,45 @@ pydioinstall:
|
|||
|
||||
probes:
|
||||
liveness:
|
||||
custom: true
|
||||
spec:
|
||||
httpGet:
|
||||
scheme: HTTP
|
||||
path: "/healthcheck"
|
||||
|
||||
port: 10162
|
||||
readiness:
|
||||
custom: true
|
||||
spec:
|
||||
httpGet:
|
||||
scheme: HTTP
|
||||
path: "/healthcheck"
|
||||
|
||||
port: 10162
|
||||
startup:
|
||||
custom: true
|
||||
spec:
|
||||
httpGet:
|
||||
scheme: HTTP
|
||||
path: "/healthcheck"
|
||||
port: 10162
|
||||
|
||||
service:
|
||||
main:
|
||||
ports:
|
||||
main:
|
||||
protocol: HTTPS
|
||||
targetPort: 10150
|
||||
port: 10150
|
||||
gprc:
|
||||
enabled: true
|
||||
ports:
|
||||
gprc:
|
||||
enabled: true
|
||||
targetPort: 33060
|
||||
port: 33060
|
||||
healthcheck:
|
||||
enabled: true
|
||||
ports:
|
||||
healthcheck:
|
||||
enabled: true
|
||||
port: 10162
|
||||
|
||||
persistence:
|
||||
cells:
|
|
@ -26,7 +26,7 @@ groups:
|
|||
- name: "Advanced"
|
||||
description: "Advanced Configuration"
|
||||
portals:
|
||||
web_portal:
|
||||
open:
|
||||
protocols:
|
||||
- "$kubernetes-resource_configmap_portal_protocol"
|
||||
host:
|
||||
|
@ -1934,7 +1934,7 @@ questions:
|
|||
label: "runAsNonRoot"
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
default: false
|
||||
- variable: capabilities
|
||||
label: "Capabilities"
|
||||
schema:
|
||||
|
@ -1974,13 +1974,13 @@ questions:
|
|||
description: "The UserID of the user running the application"
|
||||
schema:
|
||||
type: int
|
||||
default: 568
|
||||
default: 0
|
||||
- variable: runAsGroup
|
||||
label: "runAsGroup"
|
||||
description: The groupID this App of the user running the application"
|
||||
schema:
|
||||
type: int
|
||||
default: 568
|
||||
default: 0
|
||||
- variable: fsGroup
|
||||
label: "fsGroup"
|
||||
description: "The group that should own ALL storage."
|
|
@ -45,8 +45,10 @@ hide:
|
|||
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | <details><summary>Expand...</summary> The container should drop all default capabilities and add only those that are needed for its execution. <br> <hr> <br> Container 'RELEASE-NAME-pydio-cells' of Deployment 'RELEASE-NAME-pydio-cells' should add 'ALL' to 'securityContext.capabilities.drop' </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/">https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/</a><br><a href="https://avd.aquasec.com/appshield/ksv003">https://avd.aquasec.com/appshield/ksv003</a><br></details> |
|
||||
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | <details><summary>Expand...</summary> The container should drop all default capabilities and add only those that are needed for its execution. <br> <hr> <br> Container 'inotify' of Deployment 'RELEASE-NAME-pydio-cells' should add 'ALL' to 'securityContext.capabilities.drop' </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/">https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/</a><br><a href="https://avd.aquasec.com/appshield/ksv003">https://avd.aquasec.com/appshield/ksv003</a><br></details> |
|
||||
| Kubernetes Security Check | KSV011 | CPU not limited | LOW | <details><summary>Expand...</summary> Enforcing CPU limits prevents DoS via resource exhaustion. <br> <hr> <br> Container 'inotify' of Deployment 'RELEASE-NAME-pydio-cells' should set 'resources.limits.cpu' </details>| <details><summary>Expand...</summary><a href="https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits">https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits</a><br><a href="https://avd.aquasec.com/appshield/ksv011">https://avd.aquasec.com/appshield/ksv011</a><br></details> |
|
||||
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container 'RELEASE-NAME-pydio-cells' of Deployment 'RELEASE-NAME-pydio-cells' should set 'securityContext.runAsNonRoot' to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
|
||||
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container 'autopermissions' of Deployment 'RELEASE-NAME-pydio-cells' should set 'securityContext.runAsNonRoot' to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
|
||||
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container 'inotify' of Deployment 'RELEASE-NAME-pydio-cells' should set 'securityContext.runAsNonRoot' to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
|
||||
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container 'RELEASE-NAME-pydio-cells' of Deployment 'RELEASE-NAME-pydio-cells' should set 'securityContext.readOnlyRootFilesystem' to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
|
||||
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container 'autopermissions' of Deployment 'RELEASE-NAME-pydio-cells' should set 'securityContext.readOnlyRootFilesystem' to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
|
||||
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container 'inotify' of Deployment 'RELEASE-NAME-pydio-cells' should set 'securityContext.readOnlyRootFilesystem' to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
|
||||
| Kubernetes Security Check | KSV015 | CPU requests not specified | LOW | <details><summary>Expand...</summary> When containers have resource requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention. <br> <hr> <br> Container 'inotify' of Deployment 'RELEASE-NAME-pydio-cells' should set 'resources.requests.cpu' </details>| <details><summary>Expand...</summary><a href="https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits">https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits</a><br><a href="https://avd.aquasec.com/appshield/ksv015">https://avd.aquasec.com/appshield/ksv015</a><br></details> |
|
||||
|
@ -327,8 +329,8 @@ hide:
|
|||
| libpcre3 | CVE-2017-7245 | LOW | 2:8.39-12 | | <details><summary>Expand...</summary><a href="http://www.securityfocus.com/bid/97067">http://www.securityfocus.com/bid/97067</a><br><a href="https://access.redhat.com/errata/RHSA-2018:2486">https://access.redhat.com/errata/RHSA-2018:2486</a><br><a href="https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/">https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/</a><br><a href="https://security.gentoo.org/glsa/201710-25">https://security.gentoo.org/glsa/201710-25</a><br></details> |
|
||||
| libpcre3 | CVE-2017-7246 | LOW | 2:8.39-12 | | <details><summary>Expand...</summary><a href="http://www.securityfocus.com/bid/97067">http://www.securityfocus.com/bid/97067</a><br><a href="https://access.redhat.com/errata/RHSA-2018:2486">https://access.redhat.com/errata/RHSA-2018:2486</a><br><a href="https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/">https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/</a><br><a href="https://security.gentoo.org/glsa/201710-25">https://security.gentoo.org/glsa/201710-25</a><br></details> |
|
||||
| libpcre3 | CVE-2019-20838 | LOW | 2:8.39-12 | | <details><summary>Expand...</summary><a href="http://seclists.org/fulldisclosure/2020/Dec/32">http://seclists.org/fulldisclosure/2020/Dec/32</a><br><a href="http://seclists.org/fulldisclosure/2021/Feb/14">http://seclists.org/fulldisclosure/2021/Feb/14</a><br><a href="https://bugs.gentoo.org/717920">https://bugs.gentoo.org/717920</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20838">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20838</a><br><a href="https://linux.oracle.com/cve/CVE-2019-20838.html">https://linux.oracle.com/cve/CVE-2019-20838.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4373.html">https://linux.oracle.com/errata/ELSA-2021-4373.html</a><br><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a><br><a href="https://support.apple.com/kb/HT211931">https://support.apple.com/kb/HT211931</a><br><a href="https://support.apple.com/kb/HT212147">https://support.apple.com/kb/HT212147</a><br><a href="https://www.pcre.org/original/changelog.txt">https://www.pcre.org/original/changelog.txt</a><br></details> |
|
||||
| libsasl2-2 | CVE-2022-24407 | HIGH | 2.1.27+dfsg-1+deb10u1 | | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407</a><br><a href="https://ubuntu.com/security/notices/USN-5301-1">https://ubuntu.com/security/notices/USN-5301-1</a><br><a href="https://ubuntu.com/security/notices/USN-5301-2">https://ubuntu.com/security/notices/USN-5301-2</a><br></details> |
|
||||
| libsasl2-modules-db | CVE-2022-24407 | HIGH | 2.1.27+dfsg-1+deb10u1 | | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407</a><br><a href="https://ubuntu.com/security/notices/USN-5301-1">https://ubuntu.com/security/notices/USN-5301-1</a><br><a href="https://ubuntu.com/security/notices/USN-5301-2">https://ubuntu.com/security/notices/USN-5301-2</a><br></details> |
|
||||
| libsasl2-2 | CVE-2022-24407 | CRITICAL | 2.1.27+dfsg-1+deb10u1 | | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407</a><br><a href="https://linux.oracle.com/cve/CVE-2022-24407.html">https://linux.oracle.com/cve/CVE-2022-24407.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2022-0658.html">https://linux.oracle.com/errata/ELSA-2022-0658.html</a><br><a href="https://ubuntu.com/security/notices/USN-5301-1">https://ubuntu.com/security/notices/USN-5301-1</a><br><a href="https://ubuntu.com/security/notices/USN-5301-2">https://ubuntu.com/security/notices/USN-5301-2</a><br><a href="https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28">https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28</a><br></details> |
|
||||
| libsasl2-modules-db | CVE-2022-24407 | CRITICAL | 2.1.27+dfsg-1+deb10u1 | | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407</a><br><a href="https://linux.oracle.com/cve/CVE-2022-24407.html">https://linux.oracle.com/cve/CVE-2022-24407.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2022-0658.html">https://linux.oracle.com/errata/ELSA-2022-0658.html</a><br><a href="https://ubuntu.com/security/notices/USN-5301-1">https://ubuntu.com/security/notices/USN-5301-1</a><br><a href="https://ubuntu.com/security/notices/USN-5301-2">https://ubuntu.com/security/notices/USN-5301-2</a><br><a href="https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28">https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28</a><br></details> |
|
||||
| libseccomp2 | CVE-2019-9893 | LOW | 2.3.3-4 | | <details><summary>Expand...</summary><a href="http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00022.html">http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00022.html</a><br><a href="http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00027.html">http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00027.html</a><br><a href="http://www.paul-moore.com/blog/d/2019/03/libseccomp_v240.html">http://www.paul-moore.com/blog/d/2019/03/libseccomp_v240.html</a><br><a href="https://access.redhat.com/errata/RHSA-2019:3624">https://access.redhat.com/errata/RHSA-2019:3624</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9893">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9893</a><br><a href="https://github.com/seccomp/libseccomp/issues/139">https://github.com/seccomp/libseccomp/issues/139</a><br><a href="https://linux.oracle.com/cve/CVE-2019-9893.html">https://linux.oracle.com/cve/CVE-2019-9893.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2019-3624.html">https://linux.oracle.com/errata/ELSA-2019-3624.html</a><br><a href="https://seclists.org/oss-sec/2019/q1/179">https://seclists.org/oss-sec/2019/q1/179</a><br><a href="https://security.gentoo.org/glsa/201904-18">https://security.gentoo.org/glsa/201904-18</a><br><a href="https://ubuntu.com/security/notices/USN-4001-1">https://ubuntu.com/security/notices/USN-4001-1</a><br><a href="https://ubuntu.com/security/notices/USN-4001-2">https://ubuntu.com/security/notices/USN-4001-2</a><br><a href="https://usn.ubuntu.com/4001-1/">https://usn.ubuntu.com/4001-1/</a><br><a href="https://usn.ubuntu.com/4001-2/">https://usn.ubuntu.com/4001-2/</a><br><a href="https://www.openwall.com/lists/oss-security/2019/03/15/1">https://www.openwall.com/lists/oss-security/2019/03/15/1</a><br></details> |
|
||||
| libsepol1 | CVE-2021-36084 | LOW | 2.8-1 | | <details><summary>Expand...</summary><a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31065">https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31065</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36084">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36084</a><br><a href="https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3">https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3</a><br><a href="https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-417.yaml">https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-417.yaml</a><br><a href="https://linux.oracle.com/cve/CVE-2021-36084.html">https://linux.oracle.com/cve/CVE-2021-36084.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4513.html">https://linux.oracle.com/errata/ELSA-2021-4513.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/</a><br></details> |
|
||||
| libsepol1 | CVE-2021-36085 | LOW | 2.8-1 | | <details><summary>Expand...</summary><a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31124">https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31124</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36085">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36085</a><br><a href="https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba">https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba</a><br><a href="https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-421.yaml">https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-421.yaml</a><br><a href="https://linux.oracle.com/cve/CVE-2021-36085.html">https://linux.oracle.com/cve/CVE-2021-36085.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4513.html">https://linux.oracle.com/errata/ELSA-2021-4513.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/</a><br></details> |
|
Loading…
Reference in New Issue