1:53PM DBG console.scan() 1:53PM DBG console.scan() .0MO. OMMMx ;NMX; ... ... .... WMMMd cWMMM0. KMMMO ;xKWMMMMNOc. ,xXMMMMMWXkc. WMMMd .0MMMN: KMMMO :XMMMMMMMMMMMWl xMMMMMWMMMMMMl WMMMd lWMMMO. KMMMO xMMMMKc...'lXMk ,MMMMx .;dXx WMMMd.0MMMX; KMMMO cMMMMd ' 'MMMMNl' WMMMNWMMMMl KMMMO 0MMMN oMMMMMMMXkl. WMMMMMMMMMMo KMMMO 0MMMX .ckKWMMMMMM0. WMMMMWokMMMMk KMMMO oMMMMc . .:OMMMM0 WMMMK. dMMMM0. KMMMO KMMMMx' ,kNc :WOc. .NMMMX WMMMd cWMMMX. KMMMO kMMMMMWXNMMMMMd .WMMMMWKO0NMMMMl WMMMd ,NMMMN, KMMMO 'xNMMMMMMMNx, .l0WMMMMMMMWk, xkkk: ,kkkkx okkkl ;xKXKx; ;dOKKkc Scanning with Keeping Infrastructure as Code Secure v1.7.1 1:53PM INF Scanning with Keeping Infrastructure as Code Secure v1.7.1 1:53PM INF Operating system: linux 1:53PM INF Total memory: 15.6G 1:53PM INF CPU: 8.0 1:53PM DBG storage.NewMemoryStorage() 1:53PM DBG Looking for queries in executable path and in current work directory 1:53PM DBG helpers.GetDefaultQueryPath() 1:53PM DBG helpers.GetExecutableDirectory() 1:53PM DBG Queries found in /app/bin/assets/queries 1:53PM INF Total files in the project: 4 1:53PM INF Loading queries of type: kubernetes 1:53PM DBG source.NewFilesystemSource() 1:53PM DBG engine.NewInspector() 1:53PM DBG Custom library common not provided. Loading embedded library instead 1:53PM DBG Custom library k8s not provided. Loading embedded library instead 1:53PM DBG Could not open embedded library data for k8s platform 1:53PM INF Inspector initialized, number of queries=146 1:53PM INF Query execution timeout=1m0s 1:53PM DBG provider.NewFileSystemSourceProvider() 1:53PM DBG parser.NewBuilder() 1:53PM DBG resolver.Add() 1:53PM DBG resolver.Build() 1:53PM DBG resolver.Resolve() rendered file: /path/test 1:53PM DBG resolver.Resolve() rendered file: /path/test 1:53PM DBG service.StartScan() 1:53PM DBG service.StartScan() 1:53PM DBG engine.Inspect() 1:53PM DBG engine.Inspect() 1:53PM DBG Starting to run query always_admit_admission_control_plugin_set 1:53PM DBG Finished to run query always_admit_admission_control_plugin_set after 161.333µs 1:53PM DBG Starting to run query always_admit_admission_control_plugin_set 1:53PM DBG Finished to run query always_admit_admission_control_plugin_set after 94µs 1:53PM DBG Starting to run query always_pull_images_admission_control_plugin_not_set 1:53PM DBG Finished to run query always_pull_images_admission_control_plugin_not_set after 47.417µs 1:53PM DBG Starting to run query always_pull_images_admission_control_plugin_not_set 1:53PM DBG Finished to run query always_pull_images_admission_control_plugin_not_set after 78.5µs 1:53PM DBG Starting to run query anonymous_auth_is_not_set_to_false 1:53PM DBG Finished to run query anonymous_auth_is_not_set_to_false after 39.833µs 1:53PM DBG Starting to run query anonymous_auth_is_not_set_to_false 1:53PM DBG Finished to run query anonymous_auth_is_not_set_to_false after 197.208µs 1:53PM DBG Starting to run query audit_log_maxage_not_properly_set 1:53PM DBG Finished to run query audit_log_maxage_not_properly_set after 81.542µs 1:53PM DBG Starting to run query audit_log_maxage_not_properly_set 1:53PM DBG Finished to run query audit_log_maxage_not_properly_set after 97.958µs 1:53PM DBG Starting to run query audit_log_maxbackup_not_properly_set 1:53PM DBG Finished to run query audit_log_maxbackup_not_properly_set after 50.458µs 1:53PM DBG Starting to run query audit_log_maxbackup_not_properly_set 1:53PM DBG Finished to run query audit_log_maxbackup_not_properly_set after 78.542µs 1:53PM DBG Starting to run query audit_log_maxsize_not_properly_set 1:53PM DBG Finished to run query audit_log_maxsize_not_properly_set after 43.709µs 1:53PM DBG Starting to run query audit_log_maxsize_not_properly_set 1:53PM DBG Finished to run query audit_log_maxsize_not_properly_set after 67.084µs 1:53PM DBG Starting to run query audit_log_path_not_set 1:53PM DBG Finished to run query audit_log_path_not_set after 45µs 1:53PM DBG Starting to run query audit_log_path_not_set 1:53PM DBG Finished to run query audit_log_path_not_set after 63.916µs 1:53PM DBG Starting to run query audit_policy_file_not_defined 1:53PM DBG Finished to run query audit_policy_file_not_defined after 46.709µs 1:53PM DBG Starting to run query audit_policy_file_not_defined 1:53PM DBG Finished to run query audit_policy_file_not_defined after 101.084µs 1:53PM DBG Starting to run query audit_policy_not_cover_key_security_concerns 1:53PM DBG Finished to run query audit_policy_not_cover_key_security_concerns after 37.959µs 1:53PM DBG Starting to run query audit_policy_not_cover_key_security_concerns 1:53PM DBG Finished to run query audit_policy_not_cover_key_security_concerns after 56.166µs 1:53PM DBG Starting to run query authorization_mode_node_not_set 1:53PM DBG Finished to run query authorization_mode_node_not_set after 42.083µs 1:53PM DBG Starting to run query authorization_mode_node_not_set 1:53PM DBG Finished to run query authorization_mode_node_not_set after 64.541µs 1:53PM DBG Starting to run query authorization_mode_rbac_not_set 1:53PM DBG Finished to run query authorization_mode_rbac_not_set after 41.75µs 1:53PM DBG Starting to run query authorization_mode_rbac_not_set 1:53PM DBG Finished to run query authorization_mode_rbac_not_set after 73.792µs 1:53PM DBG Starting to run query authorization_mode_set_to_always_allow 1:53PM DBG Finished to run query authorization_mode_set_to_always_allow after 82.75µs 1:53PM DBG Starting to run query authorization_mode_set_to_always_allow 1:53PM DBG Finished to run query authorization_mode_set_to_always_allow after 49.791µs 1:53PM DBG Starting to run query auto_tls_set_to_true 1:53PM DBG Finished to run query auto_tls_set_to_true after 68µs 1:53PM DBG Starting to run query auto_tls_set_to_true 1:53PM DBG Finished to run query auto_tls_set_to_true after 31.834µs 1:53PM DBG Starting to run query basic_auth_file_is_set 1:53PM DBG Finished to run query basic_auth_file_is_set after 72.125µs 1:53PM DBG Starting to run query basic_auth_file_is_set 1:53PM DBG Finished to run query basic_auth_file_is_set after 33.042µs 1:53PM DBG Starting to run query bind_address_not_properly_set 1:53PM DBG Finished to run query bind_address_not_properly_set after 133.833µs 1:53PM DBG Starting to run query bind_address_not_properly_set 1:53PM DBG Finished to run query bind_address_not_properly_set after 13.334µs 1:53PM DBG Starting to run query client_certificate_authentication_not_setup_properly 1:53PM DBG Finished to run query client_certificate_authentication_not_setup_properly after 110µs 1:53PM DBG Starting to run query client_certificate_authentication_not_setup_properly 1:53PM DBG Finished to run query client_certificate_authentication_not_setup_properly after 27.291µs 1:53PM DBG Starting to run query cluster_admin_role_binding_with_super_user_permissions 1:53PM DBG Finished to run query cluster_admin_role_binding_with_super_user_permissions after 129.125µs 1:53PM DBG Starting to run query cluster_admin_role_binding_with_super_user_permissions 1:53PM DBG Finished to run query cluster_admin_role_binding_with_super_user_permissions after 21.625µs 1:53PM DBG Starting to run query cluster_allows_unsafe_sysctls 1:53PM DBG Finished to run query cluster_allows_unsafe_sysctls after 61.083µs 1:53PM DBG Starting to run query cluster_allows_unsafe_sysctls 1:53PM DBG Finished to run query cluster_allows_unsafe_sysctls after 34.917µs 1:53PM DBG Starting to run query cni_plugin_does_not_support_network_policies 1:53PM DBG Starting to run query cni_plugin_does_not_support_network_policies 1:53PM DBG Finished to run query cni_plugin_does_not_support_network_policies after 61.625µs 1:53PM DBG Finished to run query cni_plugin_does_not_support_network_policies after 31.833µs 1:53PM DBG Starting to run query container_cpu_requests_not_equal_to_its_limits 1:53PM DBG Finished to run query container_cpu_requests_not_equal_to_its_limits after 64.792µs 1:53PM DBG Starting to run query container_cpu_requests_not_equal_to_its_limits 1:53PM DBG Finished to run query container_cpu_requests_not_equal_to_its_limits after 46.167µs 1:53PM DBG Starting to run query container_is_privileged 1:53PM DBG Finished to run query container_is_privileged after 145.875µs 1:53PM DBG Starting to run query container_is_privileged 1:53PM DBG Finished to run query container_is_privileged after 15.375µs 1:53PM DBG Starting to run query container_memory_requests_not_equal_to_its_limits 1:53PM DBG Finished to run query container_memory_requests_not_equal_to_its_limits after 41.458µs 1:53PM DBG Starting to run query container_memory_requests_not_equal_to_its_limits 1:53PM DBG Finished to run query container_memory_requests_not_equal_to_its_limits after 34.083µs 1:53PM DBG Starting to run query container_requests_not_equal_to_its_limits 1:53PM DBG Finished to run query container_requests_not_equal_to_its_limits after 48.541µs 1:53PM DBG Starting to run query container_requests_not_equal_to_its_limits 1:53PM DBG Finished to run query container_requests_not_equal_to_its_limits after 132.708µs 1:53PM DBG Starting to run query container_runs_unmasked 1:53PM DBG Finished to run query container_runs_unmasked after 42.959µs 1:53PM DBG Starting to run query container_runs_unmasked 1:53PM DBG Finished to run query container_runs_unmasked after 27.25µs 1:53PM DBG Starting to run query containers_run_with_low_uid 1:53PM DBG Starting to run query containers_run_with_low_uid 1:53PM DBG Finished to run query containers_run_with_low_uid after 33.125µs 1:53PM DBG Finished to run query containers_run_with_low_uid after 564.667µs 1:53PM DBG Starting to run query containers_running_as_root 1:53PM DBG Finished to run query containers_running_as_root after 48.375µs 1:53PM DBG Starting to run query containers_running_as_root 1:53PM WRN Failed to detect line, query response KICS_HELM_ID_0.metadata.name={{test}}.spec.template.spec.containers.name={{test}} fileName=/path/test/templates/deployment.yaml queryName=containers_running_as_root scanID=console 1:53PM WRN Failed to detect line, query response metadata.name={{test}}.spec.template.spec.containers.name={{test}} fileName=/path/test/templates/deployment.yaml queryName=containers_running_as_root scanID=console 1:53PM DBG Finished to run query containers_running_as_root after 535.542µs 1:53PM DBG Starting to run query containers_with_added_capabilities 1:53PM DBG Finished to run query containers_with_added_capabilities after 56.375µs 1:53PM DBG Starting to run query containers_with_added_capabilities 1:53PM DBG Finished to run query containers_with_added_capabilities after 122.667µs 1:53PM DBG Starting to run query containers_with_sys_admin_capabilities 1:53PM DBG Finished to run query containers_with_sys_admin_capabilities after 239.333µs 1:53PM DBG Starting to run query containers_with_sys_admin_capabilities 1:53PM DBG Finished to run query containers_with_sys_admin_capabilities after 70.334µs 1:53PM DBG Starting to run query cpu_limits_not_set 1:53PM DBG Finished to run query cpu_limits_not_set after 46.083µs 1:53PM DBG Starting to run query cpu_limits_not_set 1:53PM WRN Failed to detect line, query response KICS_HELM_ID_0.metadata.name={{test}}.spec.template.spec.containers.name=test fileName=/path/test/templates/deployment.yaml queryName=cpu_limits_not_set scanID=console 1:53PM WRN Failed to detect line, query response metadata.name={{test}}.spec.template.spec.containers.name=test fileName=/path/test/templates/deployment.yaml queryName=cpu_limits_not_set scanID=console 1:53PM DBG Finished to run query cpu_limits_not_set after 355.709µs 1:53PM DBG Starting to run query cpu_requests_not_set 1:53PM WRN Failed to detect line, query response KICS_HELM_ID_0.metadata.name={{test}}.spec.template.spec.containers.name=test fileName=/path/test/templates/deployment.yaml queryName=cpu_requests_not_set scanID=console 1:53PM WRN Failed to detect line, query response metadata.name={{test}}.spec.template.spec.containers.name=test fileName=/path/test/templates/deployment.yaml queryName=cpu_requests_not_set scanID=console 1:53PM DBG Finished to run query cpu_requests_not_set after 780.625µs 1:53PM DBG Starting to run query cpu_requests_not_set 1:53PM DBG Finished to run query cpu_requests_not_set after 30.083µs 1:53PM DBG Starting to run query cronjob_deadline_not_configured 1:53PM DBG Finished to run query cronjob_deadline_not_configured after 59.667µs 1:53PM DBG Starting to run query cronjob_deadline_not_configured 1:53PM DBG Finished to run query cronjob_deadline_not_configured after 25.041µs 1:53PM DBG Starting to run query dashboard_is_enabled 1:53PM DBG Finished to run query dashboard_is_enabled after 38.125µs 1:53PM DBG Starting to run query dashboard_is_enabled 1:53PM DBG Finished to run query dashboard_is_enabled after 126µs 1:53PM DBG Starting to run query deployment_has_no_pod_anti_affinity 1:53PM DBG Finished to run query deployment_has_no_pod_anti_affinity after 43.709µs 1:53PM DBG Starting to run query deployment_has_no_pod_anti_affinity 1:53PM DBG Finished to run query deployment_has_no_pod_anti_affinity after 106.792µs 1:53PM DBG Starting to run query deployment_without_pod_disruption_budget 1:53PM DBG Finished to run query deployment_without_pod_disruption_budget after 53µs 1:53PM DBG Starting to run query deployment_without_pod_disruption_budget 1:53PM DBG Finished to run query deployment_without_pod_disruption_budget after 49.625µs 1:53PM DBG Starting to run query docker_daemon_socket_is_exposed_to_containers 1:53PM DBG Finished to run query docker_daemon_socket_is_exposed_to_containers after 44.417µs 1:53PM DBG Starting to run query docker_daemon_socket_is_exposed_to_containers 1:53PM DBG Finished to run query docker_daemon_socket_is_exposed_to_containers after 51.667µs 1:53PM DBG Starting to run query encryption_provider_config_is_not_defined 1:53PM DBG Starting to run query encryption_provider_config_is_not_defined 1:53PM DBG Finished to run query encryption_provider_config_is_not_defined after 21.792µs 1:53PM DBG Finished to run query encryption_provider_config_is_not_defined after 92.833µs 1:53PM DBG Starting to run query encryption_provider_not_properly_configured 1:53PM DBG Finished to run query encryption_provider_not_properly_configured after 43.917µs 1:53PM DBG Starting to run query encryption_provider_not_properly_configured 1:53PM DBG Finished to run query encryption_provider_not_properly_configured after 42.708µs 1:53PM DBG Starting to run query ensure_administrative_boundaries_between_resources 1:53PM DBG Starting to run query ensure_administrative_boundaries_between_resources 1:53PM DBG Finished to run query ensure_administrative_boundaries_between_resources after 48.167µs 1:53PM DBG Finished to run query ensure_administrative_boundaries_between_resources after 33.375µs 1:53PM DBG Starting to run query etcd_client_certificate_authentication_set_to_false 1:53PM DBG Starting to run query etcd_client_certificate_authentication_set_to_false 1:53PM DBG Finished to run query etcd_client_certificate_authentication_set_to_false after 56.083µs 1:53PM DBG Finished to run query etcd_client_certificate_authentication_set_to_false after 30.084µs 1:53PM DBG Starting to run query etcd_client_certificate_file_not_defined 1:53PM DBG Finished to run query etcd_client_certificate_file_not_defined after 56.875µs 1:53PM DBG Starting to run query etcd_client_certificate_file_not_defined 1:53PM DBG Finished to run query etcd_client_certificate_file_not_defined after 32.833µs 1:53PM DBG Starting to run query etcd_peer_client_certificate_authentication_set_to_false 1:53PM DBG Starting to run query etcd_peer_client_certificate_authentication_set_to_false 1:53PM DBG Finished to run query etcd_peer_client_certificate_authentication_set_to_false after 29.875µs 1:53PM DBG Finished to run query etcd_peer_client_certificate_authentication_set_to_false after 53.917µs 1:53PM DBG Starting to run query etcd_peer_tls_certificate_files_not_properly_set 1:53PM DBG Starting to run query etcd_peer_tls_certificate_files_not_properly_set 1:53PM DBG Finished to run query etcd_peer_tls_certificate_files_not_properly_set after 29.208µs 1:53PM DBG Finished to run query etcd_peer_tls_certificate_files_not_properly_set after 54.584µs 1:53PM DBG Starting to run query etcd_tls_certificate_files_not_properly_set 1:53PM DBG Starting to run query etcd_tls_certificate_files_not_properly_set 1:53PM DBG Finished to run query etcd_tls_certificate_files_not_properly_set after 53.292µs 1:53PM DBG Finished to run query etcd_tls_certificate_files_not_properly_set after 20.083µs 1:53PM DBG Starting to run query etcd_tls_certificate_not_properly_configured 1:53PM DBG Starting to run query etcd_tls_certificate_not_properly_configured 1:53PM DBG Finished to run query etcd_tls_certificate_not_properly_configured after 32.708µs 1:53PM DBG Finished to run query etcd_tls_certificate_not_properly_configured after 35.583µs 1:53PM DBG Starting to run query event_rate_limit_admission_control_plugin_not_set 1:53PM DBG Finished to run query event_rate_limit_admission_control_plugin_not_set after 64.667µs 1:53PM DBG Starting to run query event_rate_limit_admission_control_plugin_not_set 1:53PM DBG Finished to run query event_rate_limit_admission_control_plugin_not_set after 22.542µs 1:53PM DBG Starting to run query hpa_targeted_deployments_with_configured_replica_count 1:53PM DBG Finished to run query hpa_targeted_deployments_with_configured_replica_count after 93.584µs 1:53PM DBG Starting to run query hpa_targeted_deployments_with_configured_replica_count 1:53PM DBG Finished to run query hpa_targeted_deployments_with_configured_replica_count after 34.208µs 1:53PM DBG Starting to run query hpa_targets_invalid_object 1:53PM DBG Finished to run query hpa_targets_invalid_object after 35.666µs 1:53PM DBG Starting to run query hpa_targets_invalid_object 1:53PM DBG Finished to run query hpa_targets_invalid_object after 28.25µs 1:53PM DBG Starting to run query image_policy_webhook_admission_control_plugin_not_set 1:53PM DBG Finished to run query image_policy_webhook_admission_control_plugin_not_set after 39.208µs 1:53PM DBG Starting to run query image_policy_webhook_admission_control_plugin_not_set 1:53PM DBG Finished to run query image_policy_webhook_admission_control_plugin_not_set after 46.167µs 1:53PM DBG Starting to run query image_pull_policy_of_container_is_not_always 1:53PM DBG Finished to run query image_pull_policy_of_container_is_not_always after 44.333µs 1:53PM DBG Starting to run query image_pull_policy_of_container_is_not_always 1:53PM DBG Finished to run query image_pull_policy_of_container_is_not_always after 108.667µs 1:53PM DBG Starting to run query image_without_digest 1:53PM DBG Finished to run query image_without_digest after 36.542µs 1:53PM DBG Starting to run query image_without_digest 1:53PM DBG Finished to run query image_without_digest after 92µs 1:53PM DBG Starting to run query incorrect_volume_claim_access_mode_read_write_once 1:53PM DBG Finished to run query incorrect_volume_claim_access_mode_read_write_once after 36.625µs 1:53PM DBG Starting to run query incorrect_volume_claim_access_mode_read_write_once 1:53PM DBG Finished to run query incorrect_volume_claim_access_mode_read_write_once after 26.875µs 1:53PM DBG Starting to run query ingress_controller_exposes_workload 1:53PM DBG Finished to run query ingress_controller_exposes_workload after 47.292µs 1:53PM DBG Starting to run query ingress_controller_exposes_workload 1:53PM DBG Finished to run query ingress_controller_exposes_workload after 33.375µs 1:53PM DBG Starting to run query insecure_bind_address_set 1:53PM DBG Finished to run query insecure_bind_address_set after 34.75µs 1:53PM DBG Starting to run query insecure_bind_address_set 1:53PM DBG Finished to run query insecure_bind_address_set after 41.292µs 1:53PM DBG Starting to run query insecure_port_not_properly_set 1:53PM DBG Finished to run query insecure_port_not_properly_set after 78.458µs 1:53PM DBG Starting to run query insecure_port_not_properly_set 1:53PM DBG Finished to run query insecure_port_not_properly_set after 317.208µs 1:53PM DBG Starting to run query invalid_image 1:53PM DBG Finished to run query invalid_image after 53.167µs 1:53PM DBG Starting to run query invalid_image 1:53PM DBG Finished to run query invalid_image after 99.375µs 1:53PM DBG Starting to run query kubelet_certificate_authority_not_set 1:53PM DBG Finished to run query kubelet_certificate_authority_not_set after 38.292µs 1:53PM DBG Starting to run query kubelet_certificate_authority_not_set 1:53PM DBG Finished to run query kubelet_certificate_authority_not_set after 45.209µs 1:53PM DBG Starting to run query kubelet_client_certificate_or_key_not_set 1:53PM DBG Finished to run query kubelet_client_certificate_or_key_not_set after 39.25µs 1:53PM DBG Starting to run query kubelet_client_certificate_or_key_not_set 1:53PM DBG Finished to run query kubelet_client_certificate_or_key_not_set after 54.333µs 1:53PM DBG Starting to run query kubelet_client_periodic_certificate_switch_disabled 1:53PM DBG Finished to run query kubelet_client_periodic_certificate_switch_disabled after 40.541µs 1:53PM DBG Starting to run query kubelet_client_periodic_certificate_switch_disabled 1:53PM DBG Finished to run query kubelet_client_periodic_certificate_switch_disabled after 63.792µs 1:53PM DBG Starting to run query kubelet_event_qps_not_properly_set 1:53PM DBG Finished to run query kubelet_event_qps_not_properly_set after 34.125µs 1:53PM DBG Starting to run query kubelet_event_qps_not_properly_set 1:53PM DBG Finished to run query kubelet_event_qps_not_properly_set after 59.417µs 1:53PM DBG Starting to run query kubelet_hostname_override_is_set 1:53PM DBG Finished to run query kubelet_hostname_override_is_set after 39.333µs 1:53PM DBG Starting to run query kubelet_hostname_override_is_set 1:53PM DBG Finished to run query kubelet_hostname_override_is_set after 77.417µs 1:53PM DBG Starting to run query kubelet_https_set_to_false 1:53PM DBG Finished to run query kubelet_https_set_to_false after 35.584µs 1:53PM DBG Starting to run query kubelet_https_set_to_false 1:53PM DBG Finished to run query kubelet_https_set_to_false after 42.916µs 1:53PM DBG Starting to run query kubelet_not_managing_ip_tables 1:53PM DBG Finished to run query kubelet_not_managing_ip_tables after 40.833µs 1:53PM DBG Starting to run query kubelet_not_managing_ip_tables 1:53PM DBG Finished to run query kubelet_not_managing_ip_tables after 53.875µs 1:53PM DBG Starting to run query kubelet_protect_kernel_defaults_set_to_false 1:53PM DBG Finished to run query kubelet_protect_kernel_defaults_set_to_false after 36.416µs 1:53PM DBG Starting to run query kubelet_protect_kernel_defaults_set_to_false 1:53PM DBG Finished to run query kubelet_protect_kernel_defaults_set_to_false after 44.375µs 1:53PM DBG Starting to run query kubelet_read_only_port_is_not_set_to_zero 1:53PM DBG Finished to run query kubelet_read_only_port_is_not_set_to_zero after 40.917µs 1:53PM DBG Starting to run query kubelet_read_only_port_is_not_set_to_zero 1:53PM DBG Finished to run query kubelet_read_only_port_is_not_set_to_zero after 78.125µs 1:53PM DBG Starting to run query kubelet_streaming_connection_timeout_disabled 1:53PM DBG Finished to run query kubelet_streaming_connection_timeout_disabled after 60.709µs 1:53PM DBG Starting to run query kubelet_streaming_connection_timeout_disabled 1:53PM DBG Finished to run query kubelet_streaming_connection_timeout_disabled after 74.542µs 1:53PM DBG Starting to run query liveness_probe_is_not_defined 1:53PM DBG Finished to run query liveness_probe_is_not_defined after 41.375µs 1:53PM DBG Starting to run query liveness_probe_is_not_defined 1:53PM WRN Failed to detect line, query response KICS_HELM_ID_0.metadata.name={{test}}.spec.template.spec.containers.name={{test}} fileName=/path/test/templates/deployment.yaml queryName=liveness_probe_is_not_defined scanID=console 1:53PM WRN Failed to detect line, query response metadata.name={{test}}.spec.template.spec.containers.name={{test}} fileName=/path/test/templates/deployment.yaml queryName=liveness_probe_is_not_defined scanID=console 1:53PM DBG Finished to run query liveness_probe_is_not_defined after 635.583µs 1:53PM DBG Starting to run query memory_limits_not_defined 1:53PM DBG Finished to run query memory_limits_not_defined after 42.834µs 1:53PM DBG Starting to run query memory_limits_not_defined 1:53PM WRN Failed to detect line, query response KICS_HELM_ID_0.metadata.name={{test}}.spec.template.spec.containers.name={{test}} fileName=/path/test/templates/deployment.yaml queryName=memory_limits_not_defined scanID=console 1:53PM WRN Failed to detect line, query response metadata.name={{test}}.spec.template.spec.containers.name={{test}} fileName=/path/test/templates/deployment.yaml queryName=memory_limits_not_defined scanID=console 1:53PM DBG Finished to run query memory_limits_not_defined after 439.333µs 1:53PM DBG Starting to run query memory_requests_not_defined 1:53PM DBG Finished to run query memory_requests_not_defined after 40.625µs 1:53PM DBG Starting to run query memory_requests_not_defined 1:53PM WRN Failed to detect line, query response KICS_HELM_ID_0.metadata.name={{test}}.spec.template.spec.containers.name={{test}} fileName=/path/test/templates/deployment.yaml queryName=memory_requests_not_defined scanID=console 1:53PM WRN Failed to detect line, query response metadata.name={{test}}.spec.template.spec.containers.name={{test}} fileName=/path/test/templates/deployment.yaml queryName=memory_requests_not_defined scanID=console 1:53PM DBG Finished to run query memory_requests_not_defined after 360.334µs 1:53PM DBG Starting to run query metadata_label_is_invalid 1:53PM DBG Finished to run query metadata_label_is_invalid after 42.75µs 1:53PM DBG Starting to run query metadata_label_is_invalid 1:53PM DBG Finished to run query metadata_label_is_invalid after 44.5µs 1:53PM DBG Starting to run query missing_app_armor_config 1:53PM DBG Finished to run query missing_app_armor_config after 39.917µs 1:53PM DBG Starting to run query missing_app_armor_config 1:53PM WRN Failed to detect line, query response KICS_HELM_ID_0.metadata.name={{test}} fileName=/path/test/templates/deployment.yaml queryName=missing_app_armor_config scanID=console 1:53PM WRN Failed to detect line, query response metadata.name={{test}} fileName=/path/test/templates/deployment.yaml queryName=missing_app_armor_config scanID=console 1:53PM DBG Finished to run query missing_app_armor_config after 388.417µs 1:53PM DBG Starting to run query namespace_lifecycle_admission_control_plugin_disabled 1:53PM DBG Finished to run query namespace_lifecycle_admission_control_plugin_disabled after 37.375µs 1:53PM DBG Starting to run query namespace_lifecycle_admission_control_plugin_disabled 1:53PM DBG Finished to run query namespace_lifecycle_admission_control_plugin_disabled after 56.084µs 1:53PM DBG Starting to run query net_raw_capabilities_disabled_for_psp 1:53PM DBG Finished to run query net_raw_capabilities_disabled_for_psp after 35.917µs 1:53PM DBG Starting to run query net_raw_capabilities_disabled_for_psp 1:53PM DBG Finished to run query net_raw_capabilities_disabled_for_psp after 38.542µs 1:53PM DBG Starting to run query net_raw_capabilities_not_being_dropped 1:53PM DBG Finished to run query net_raw_capabilities_not_being_dropped after 39.125µs 1:53PM DBG Starting to run query net_raw_capabilities_not_being_dropped 1:53PM WRN Failed to detect line, query response KICS_HELM_ID_0.metadata.name={{test}}.spec.template.spec.containers.name={{test}} fileName=/path/test/templates/deployment.yaml queryName=net_raw_capabilities_not_being_dropped scanID=console 1:53PM WRN Failed to detect line, query response metadata.name={{test}}.spec.template.spec.containers.name={{test}} fileName=/path/test/templates/deployment.yaml queryName=net_raw_capabilities_not_being_dropped scanID=console 1:53PM DBG Finished to run query net_raw_capabilities_not_being_dropped after 455.709µs 1:53PM DBG Starting to run query network_policy_is_not_targeting_any_pod 1:53PM DBG Finished to run query network_policy_is_not_targeting_any_pod after 39.625µs 1:53PM DBG Starting to run query network_policy_is_not_targeting_any_pod 1:53PM DBG Finished to run query network_policy_is_not_targeting_any_pod after 41.125µs 1:53PM DBG Starting to run query no_drop_capabilities_for_containers 1:53PM DBG Finished to run query no_drop_capabilities_for_containers after 93.834µs 1:53PM DBG Starting to run query no_drop_capabilities_for_containers 1:53PM WRN Failed to detect line, query response KICS_HELM_ID_0.metadata.name={{test}}.spec.containers.name=test fileName=/path/test/templates/deployment.yaml queryName=no_drop_capabilities_for_containers scanID=console 1:53PM WRN Failed to detect line, query response metadata.name={{test}}.spec.containers.name=test fileName=/path/test/templates/deployment.yaml queryName=no_drop_capabilities_for_containers scanID=console 1:53PM DBG Finished to run query no_drop_capabilities_for_containers after 364.208µs 1:53PM DBG Starting to run query node_restriction_admission_control_plugin_not_set 1:53PM DBG Finished to run query node_restriction_admission_control_plugin_not_set after 36.625µs 1:53PM DBG Starting to run query node_restriction_admission_control_plugin_not_set 1:53PM DBG Finished to run query node_restriction_admission_control_plugin_not_set after 70.667µs 1:53PM DBG Starting to run query non_kube_system_pod_with_host_mount 1:53PM DBG Finished to run query non_kube_system_pod_with_host_mount after 36.708µs 1:53PM DBG Starting to run query non_kube_system_pod_with_host_mount 1:53PM DBG Finished to run query non_kube_system_pod_with_host_mount after 60.083µs 1:53PM DBG Starting to run query not_limited_capabilities_for_container 1:53PM DBG Finished to run query not_limited_capabilities_for_container after 35.166µs 1:53PM DBG Starting to run query not_limited_capabilities_for_container 1:53PM DBG Finished to run query not_limited_capabilities_for_container after 53.25µs 1:53PM DBG Starting to run query not_limited_capabilities_for_pod_security_policy 1:53PM DBG Finished to run query not_limited_capabilities_for_pod_security_policy after 37.792µs 1:53PM DBG Starting to run query not_limited_capabilities_for_pod_security_policy 1:53PM DBG Finished to run query not_limited_capabilities_for_pod_security_policy after 27.375µs 1:53PM DBG Starting to run query not_unique_certificate_authority 1:53PM DBG Finished to run query not_unique_certificate_authority after 39.958µs 1:53PM DBG Starting to run query not_unique_certificate_authority 1:53PM DBG Finished to run query not_unique_certificate_authority after 83.125µs 1:53PM DBG Starting to run query object_is_using_a_deprecated_api_version 1:53PM DBG Finished to run query object_is_using_a_deprecated_api_version after 35.792µs 1:53PM DBG Starting to run query object_is_using_a_deprecated_api_version 1:53PM DBG Finished to run query object_is_using_a_deprecated_api_version after 30.417µs 1:53PM DBG Starting to run query peer_auto_tls_set_to_true 1:53PM DBG Finished to run query peer_auto_tls_set_to_true after 40.125µs 1:53PM DBG Starting to run query peer_auto_tls_set_to_true 1:53PM DBG Finished to run query peer_auto_tls_set_to_true after 79.625µs 1:53PM DBG Starting to run query permissive_access_to_create_pods 1:53PM DBG Finished to run query permissive_access_to_create_pods after 38.708µs 1:53PM DBG Starting to run query permissive_access_to_create_pods 1:53PM DBG Finished to run query permissive_access_to_create_pods after 37.5µs 1:53PM DBG Starting to run query pod_misconfigured_network_policy 1:53PM DBG Finished to run query pod_misconfigured_network_policy after 42.584µs 1:53PM DBG Starting to run query pod_misconfigured_network_policy 1:53PM DBG Finished to run query pod_misconfigured_network_policy after 49.208µs 1:53PM DBG Starting to run query pod_or_container_without_limit_range 1:53PM DBG Finished to run query pod_or_container_without_limit_range after 33.625µs 1:53PM DBG Starting to run query pod_or_container_without_limit_range 1:53PM WRN Failed to detect line, query response KICS_HELM_ID_0.metadata.name={{test}} fileName=/path/test/templates/deployment.yaml queryName=pod_or_container_without_limit_range scanID=console 1:53PM WRN Failed to detect line, query response metadata.name={{test}} fileName=/path/test/templates/deployment.yaml queryName=pod_or_container_without_limit_range scanID=console 1:53PM DBG Finished to run query pod_or_container_without_limit_range after 439.708µs 1:53PM DBG Starting to run query pod_or_container_without_resource_quota 1:53PM DBG Finished to run query pod_or_container_without_resource_quota after 37.125µs 1:53PM DBG Starting to run query pod_or_container_without_resource_quota 1:53PM WRN Failed to detect line, query response KICS_HELM_ID_0.metadata.name={{test}} fileName=/path/test/templates/deployment.yaml queryName=pod_or_container_without_resource_quota scanID=console 1:53PM WRN Failed to detect line, query response metadata.name={{test}} fileName=/path/test/templates/deployment.yaml queryName=pod_or_container_without_resource_quota scanID=console 1:53PM DBG Finished to run query pod_or_container_without_resource_quota after 335.333µs 1:53PM DBG Starting to run query pod_or_container_without_security_context 1:53PM DBG Finished to run query pod_or_container_without_security_context after 39.167µs 1:53PM DBG Starting to run query pod_or_container_without_security_context 1:53PM WRN Failed to detect line, query response KICS_HELM_ID_0.metadata.name={{test}}.spec.template.spec.containers.name=test fileName=/path/test/templates/deployment.yaml queryName=pod_or_container_without_security_context scanID=console 1:53PM WRN Failed to detect line, query response metadata.name={{test}}.spec.template.spec.containers.name=test fileName=/path/test/templates/deployment.yaml queryName=pod_or_container_without_security_context scanID=console 1:53PM DBG Finished to run query pod_or_container_without_security_context after 291µs 1:53PM DBG Starting to run query pod_security_policy_admission_control_plugin_not_set 1:53PM DBG Starting to run query pod_security_policy_admission_control_plugin_not_set 1:53PM DBG Finished to run query pod_security_policy_admission_control_plugin_not_set after 48.375µs 1:53PM DBG Finished to run query pod_security_policy_admission_control_plugin_not_set after 32.042µs 1:53PM DBG Starting to run query privilege_escalation_allowed 1:53PM DBG Starting to run query privilege_escalation_allowed 1:53PM DBG Finished to run query privilege_escalation_allowed after 15.75µs 1:53PM WRN Failed to detect line, query response KICS_HELM_ID_0.metadata.name={{test}}.spec.template.spec.containers.name={{test}} fileName=/path/test/templates/deployment.yaml queryName=privilege_escalation_allowed scanID=console 1:53PM WRN Failed to detect line, query response metadata.name={{test}}.spec.template.spec.containers.name={{test}} fileName=/path/test/templates/deployment.yaml queryName=privilege_escalation_allowed scanID=console 1:53PM DBG Finished to run query privilege_escalation_allowed after 379.25µs 1:53PM DBG Starting to run query profiling_not_set_to_false 1:53PM DBG Starting to run query profiling_not_set_to_false 1:53PM DBG Finished to run query profiling_not_set_to_false after 33.791µs 1:53PM DBG Finished to run query profiling_not_set_to_false after 1.5395ms 1:53PM DBG Starting to run query psp_allows_privilege_escalation 1:53PM DBG Finished to run query psp_allows_privilege_escalation after 36.708µs 1:53PM DBG Starting to run query psp_allows_privilege_escalation 1:53PM DBG Finished to run query psp_allows_privilege_escalation after 33.75µs 1:53PM DBG Starting to run query psp_allows_sharing_host_ipc 1:53PM DBG Finished to run query psp_allows_sharing_host_ipc after 40.041µs 1:53PM DBG Starting to run query psp_allows_sharing_host_ipc 1:53PM DBG Finished to run query psp_allows_sharing_host_ipc after 36.375µs 1:53PM DBG Starting to run query psp_allows_sharing_host_pid 1:53PM DBG Finished to run query psp_allows_sharing_host_pid after 38.125µs 1:53PM DBG Starting to run query psp_allows_sharing_host_pid 1:53PM DBG Finished to run query psp_allows_sharing_host_pid after 20.875µs 1:53PM DBG Starting to run query psp_containers_share_host_network_namespace 1:53PM DBG Finished to run query psp_containers_share_host_network_namespace after 44.542µs 1:53PM DBG Starting to run query psp_containers_share_host_network_namespace 1:53PM DBG Finished to run query psp_containers_share_host_network_namespace after 20.917µs 1:53PM DBG Starting to run query psp_set_to_privileged 1:53PM DBG Finished to run query psp_set_to_privileged after 38.958µs 1:53PM DBG Starting to run query psp_set_to_privileged 1:53PM DBG Finished to run query psp_set_to_privileged after 25.042µs 1:53PM DBG Starting to run query psp_with_added_capabilities 1:53PM DBG Finished to run query psp_with_added_capabilities after 38.042µs 1:53PM DBG Starting to run query psp_with_added_capabilities 1:53PM DBG Finished to run query psp_with_added_capabilities after 31.917µs 1:53PM DBG Starting to run query psp_with_unrestricted_access_to_host_path 1:53PM DBG Starting to run query psp_with_unrestricted_access_to_host_path 1:53PM DBG Finished to run query psp_with_unrestricted_access_to_host_path after 38.958µs 1:53PM DBG Finished to run query psp_with_unrestricted_access_to_host_path after 23.25µs 1:53PM DBG Starting to run query rbac_roles_allow_privilege_escalation 1:53PM DBG Finished to run query rbac_roles_allow_privilege_escalation after 39.083µs 1:53PM DBG Starting to run query rbac_roles_allow_privilege_escalation 1:53PM DBG Finished to run query rbac_roles_allow_privilege_escalation after 24.083µs 1:53PM DBG Starting to run query rbac_roles_with_attach_permission 1:53PM DBG Finished to run query rbac_roles_with_attach_permission after 41.959µs 1:53PM DBG Starting to run query rbac_roles_with_attach_permission 1:53PM DBG Finished to run query rbac_roles_with_attach_permission after 34µs 1:53PM DBG Starting to run query rbac_roles_with_exec_permission 1:53PM DBG Finished to run query rbac_roles_with_exec_permission after 38.333µs 1:53PM DBG Starting to run query rbac_roles_with_exec_permission 1:53PM DBG Finished to run query rbac_roles_with_exec_permission after 25.584µs 1:53PM DBG Starting to run query rbac_roles_with_impersonate_permission 1:53PM DBG Finished to run query rbac_roles_with_impersonate_permission after 42.083µs 1:53PM DBG Starting to run query rbac_roles_with_impersonate_permission 1:53PM DBG Finished to run query rbac_roles_with_impersonate_permission after 1.001458ms 1:53PM DBG Starting to run query rbac_roles_with_portforwarding_permissions 1:53PM DBG Finished to run query rbac_roles_with_portforwarding_permissions after 39.583µs 1:53PM DBG Starting to run query rbac_roles_with_portforwarding_permissions 1:53PM DBG Finished to run query rbac_roles_with_portforwarding_permissions after 19.708µs 1:53PM DBG Starting to run query rbac_roles_with_read_secrets_permissions 1:53PM DBG Finished to run query rbac_roles_with_read_secrets_permissions after 32.75µs 1:53PM DBG Starting to run query rbac_roles_with_read_secrets_permissions 1:53PM DBG Finished to run query rbac_roles_with_read_secrets_permissions after 27.208µs 1:53PM DBG Starting to run query rbac_wildcard_in_rule 1:53PM DBG Starting to run query rbac_wildcard_in_rule 1:53PM DBG Finished to run query rbac_wildcard_in_rule after 38.25µs 1:53PM DBG Finished to run query rbac_wildcard_in_rule after 29.958µs 1:53PM DBG Starting to run query readiness_probe_is_not_configured 1:53PM DBG Starting to run query readiness_probe_is_not_configured 1:53PM WRN Failed to detect line, query response KICS_HELM_ID_0.metadata.name={{test}}.spec.template.spec.containers.name={{test}} fileName=/path/test/templates/deployment.yaml queryName=readiness_probe_is_not_configured scanID=console 1:53PM WRN Failed to detect line, query response metadata.name={{test}}.spec.template.spec.containers.name={{test}} fileName=/path/test/templates/deployment.yaml queryName=readiness_probe_is_not_configured scanID=console 1:53PM DBG Finished to run query readiness_probe_is_not_configured after 26.25µs 1:53PM DBG Finished to run query readiness_probe_is_not_configured after 275.875µs 1:53PM DBG Starting to run query request_timeout_not_properly_set 1:53PM DBG Finished to run query request_timeout_not_properly_set after 38.375µs 1:53PM DBG Starting to run query request_timeout_not_properly_set 1:53PM DBG Finished to run query request_timeout_not_properly_set after 51.291µs 1:53PM DBG Starting to run query role_binding_to_default_service_account 1:53PM DBG Finished to run query role_binding_to_default_service_account after 136.792µs 1:53PM DBG Starting to run query role_binding_to_default_service_account 1:53PM DBG Finished to run query role_binding_to_default_service_account after 23.917µs 1:53PM DBG Starting to run query root_ca_file_not_defined 1:53PM DBG Finished to run query root_ca_file_not_defined after 34.25µs 1:53PM DBG Starting to run query root_ca_file_not_defined 1:53PM DBG Finished to run query root_ca_file_not_defined after 48.125µs 1:53PM DBG Starting to run query root_container_not_mounted_as_read_only 1:53PM DBG Finished to run query root_container_not_mounted_as_read_only after 38.875µs 1:53PM DBG Starting to run query root_container_not_mounted_as_read_only 1:53PM WRN Failed to detect line, query response KICS_HELM_ID_0.metadata.name={{test}}.spec.template.spec.containers.name={{test}} fileName=/path/test/templates/deployment.yaml queryName=root_container_not_mounted_as_read_only scanID=console 1:53PM WRN Failed to detect line, query response metadata.name={{test}}.spec.template.spec.containers.name={{test}} fileName=/path/test/templates/deployment.yaml queryName=root_container_not_mounted_as_read_only scanID=console 1:53PM DBG Finished to run query root_container_not_mounted_as_read_only after 380.583µs 1:53PM DBG Starting to run query root_containers_admitted 1:53PM DBG Finished to run query root_containers_admitted after 41.125µs 1:53PM DBG Starting to run query root_containers_admitted 1:53PM DBG Finished to run query root_containers_admitted after 38µs 1:53PM DBG Starting to run query rotate_kubelet_server_certificate_not_active 1:53PM DBG Finished to run query rotate_kubelet_server_certificate_not_active after 37.791µs 1:53PM DBG Starting to run query rotate_kubelet_server_certificate_not_active 1:53PM DBG Finished to run query rotate_kubelet_server_certificate_not_active after 132.417µs 1:53PM DBG Starting to run query seccomp_profile_is_not_configured 1:53PM DBG Finished to run query seccomp_profile_is_not_configured after 36.209µs 1:53PM DBG Starting to run query seccomp_profile_is_not_configured 1:53PM WRN Failed to detect line, query response KICS_HELM_ID_0.metadata.name={{test}}.spec.template.spec.containers.name={{test}} fileName=/path/test/templates/deployment.yaml queryName=seccomp_profile_is_not_configured scanID=console 1:53PM WRN Failed to detect line, query response metadata.name={{test}}.spec.template.spec.containers.name={{test}} fileName=/path/test/templates/deployment.yaml queryName=seccomp_profile_is_not_configured scanID=console 1:53PM DBG Finished to run query seccomp_profile_is_not_configured after 449.542µs 1:53PM DBG Starting to run query secrets_as_environment_variables 1:53PM DBG Finished to run query secrets_as_environment_variables after 42.083µs 1:53PM DBG Starting to run query secrets_as_environment_variables 1:53PM DBG Finished to run query secrets_as_environment_variables after 65µs 1:53PM DBG Starting to run query secure_port_set_to_zero 1:53PM DBG Finished to run query secure_port_set_to_zero after 43.875µs 1:53PM DBG Starting to run query secure_port_set_to_zero 1:53PM DBG Finished to run query secure_port_set_to_zero after 53.416µs 1:53PM DBG Starting to run query security_context_deny_admission_control_plugin_not_set 1:53PM DBG Finished to run query security_context_deny_admission_control_plugin_not_set after 33.292µs 1:53PM DBG Starting to run query security_context_deny_admission_control_plugin_not_set 1:53PM DBG Finished to run query security_context_deny_admission_control_plugin_not_set after 55.459µs 1:53PM DBG Starting to run query service_account_admission_control_plugin_disabled 1:53PM DBG Finished to run query service_account_admission_control_plugin_disabled after 38.542µs 1:53PM DBG Starting to run query service_account_admission_control_plugin_disabled 1:53PM DBG Finished to run query service_account_admission_control_plugin_disabled after 44.208µs 1:53PM DBG Starting to run query service_account_allows_access_secrets 1:53PM DBG Finished to run query service_account_allows_access_secrets after 48.208µs 1:53PM DBG Starting to run query service_account_allows_access_secrets 1:53PM DBG Finished to run query service_account_allows_access_secrets after 41.5µs 1:53PM DBG Starting to run query service_account_key_file_not_properly_set 1:53PM DBG Finished to run query service_account_key_file_not_properly_set after 252.083µs 1:53PM DBG Starting to run query service_account_key_file_not_properly_set 1:53PM DBG Finished to run query service_account_key_file_not_properly_set after 48.959µs 1:53PM DBG Starting to run query service_account_lookup_set_to_false 1:53PM DBG Finished to run query service_account_lookup_set_to_false after 42.25µs 1:53PM DBG Starting to run query service_account_lookup_set_to_false 1:53PM DBG Finished to run query service_account_lookup_set_to_false after 50.458µs 1:53PM DBG Starting to run query service_account_name_undefined_or_empty 1:53PM DBG Finished to run query service_account_name_undefined_or_empty after 42.917µs 1:53PM DBG Starting to run query service_account_name_undefined_or_empty 1:53PM DBG Finished to run query service_account_name_undefined_or_empty after 45.375µs 1:53PM DBG Starting to run query service_account_private_key_file_not_defined 1:53PM DBG Finished to run query service_account_private_key_file_not_defined after 43.375µs 1:53PM DBG Starting to run query service_account_private_key_file_not_defined 1:53PM DBG Finished to run query service_account_private_key_file_not_defined after 51.375µs 1:53PM DBG Starting to run query service_account_token_automount_not_disabled 1:53PM DBG Finished to run query service_account_token_automount_not_disabled after 46.917µs 1:53PM DBG Starting to run query service_account_token_automount_not_disabled 1:53PM WRN Failed to detect line, query response KICS_HELM_ID_0.metadata.name={{test}}.spec.template.spec fileName=/path/test/templates/deployment.yaml queryName=service_account_token_automount_not_disabled scanID=console 1:53PM WRN Failed to detect line, query response metadata.name={{test}}.spec.template.spec fileName=/path/test/templates/deployment.yaml queryName=service_account_token_automount_not_disabled scanID=console 1:53PM DBG Finished to run query service_account_token_automount_not_disabled after 621.625µs 1:53PM DBG Starting to run query service_does_not_target_pod 1:53PM DBG Finished to run query service_does_not_target_pod after 233.666µs 1:53PM DBG Starting to run query service_does_not_target_pod 1:53PM DBG Finished to run query service_does_not_target_pod after 38.959µs 1:53PM DBG Starting to run query service_type_is_nodeport 1:53PM DBG Finished to run query service_type_is_nodeport after 33.25µs 1:53PM DBG Starting to run query service_type_is_nodeport 1:53PM DBG Finished to run query service_type_is_nodeport after 43.709µs 1:53PM DBG Starting to run query service_with_external_load_balancer 1:53PM DBG Finished to run query service_with_external_load_balancer after 50.083µs 1:53PM DBG Starting to run query service_with_external_load_balancer 1:53PM DBG Finished to run query service_with_external_load_balancer after 37.5µs 1:53PM DBG Starting to run query shared_host_ipc_namespace 1:53PM DBG Finished to run query shared_host_ipc_namespace after 32.708µs 1:53PM DBG Starting to run query shared_host_ipc_namespace 1:53PM DBG Finished to run query shared_host_ipc_namespace after 39.708µs 1:53PM DBG Starting to run query shared_host_network_namespace 1:53PM DBG Finished to run query shared_host_network_namespace after 37µs 1:53PM DBG Starting to run query shared_host_network_namespace 1:53PM DBG Finished to run query shared_host_network_namespace after 47.542µs 1:53PM DBG Starting to run query shared_host_pid_namespace 1:53PM DBG Finished to run query shared_host_pid_namespace after 38.458µs 1:53PM DBG Starting to run query shared_host_pid_namespace 1:53PM DBG Finished to run query shared_host_pid_namespace after 57.25µs 1:53PM DBG Starting to run query shared_service_account 1:53PM DBG Finished to run query shared_service_account after 33.5µs 1:53PM DBG Starting to run query shared_service_account 1:53PM DBG Finished to run query shared_service_account after 38µs 1:53PM DBG Starting to run query statefulset_has_no_pod_anti_affinity 1:53PM DBG Finished to run query statefulset_has_no_pod_anti_affinity after 39.459µs 1:53PM DBG Starting to run query statefulset_has_no_pod_anti_affinity 1:53PM DBG Finished to run query statefulset_has_no_pod_anti_affinity after 47.334µs 1:53PM DBG Starting to run query statefulset_requests_storage 1:53PM DBG Finished to run query statefulset_requests_storage after 33.541µs 1:53PM DBG Starting to run query statefulset_requests_storage 1:53PM DBG Finished to run query statefulset_requests_storage after 24.958µs 1:53PM DBG Starting to run query statefulset_without_pod_disruption_budget 1:53PM DBG Finished to run query statefulset_without_pod_disruption_budget after 35.875µs 1:53PM DBG Starting to run query statefulset_without_pod_disruption_budget 1:53PM DBG Finished to run query statefulset_without_pod_disruption_budget after 35.25µs 1:53PM DBG Starting to run query statefulset_without_service_name 1:53PM DBG Finished to run query statefulset_without_service_name after 37.959µs 1:53PM DBG Starting to run query statefulset_without_service_name 1:53PM DBG Finished to run query statefulset_without_service_name after 24.75µs 1:53PM DBG Starting to run query terminated_pod_garbage_collector_threshold_not_properly_set 1:53PM DBG Finished to run query terminated_pod_garbage_collector_threshold_not_properly_set after 71.292µs 1:53PM DBG Starting to run query terminated_pod_garbage_collector_threshold_not_properly_set 1:53PM DBG Finished to run query terminated_pod_garbage_collector_threshold_not_properly_set after 31µs 1:53PM DBG Starting to run query tiller_deployment_is_accessible_from_within_the_cluster 1:53PM DBG Starting to run query tiller_deployment_is_accessible_from_within_the_cluster 1:53PM DBG Finished to run query tiller_deployment_is_accessible_from_within_the_cluster after 29.083µs 1:53PM DBG Finished to run query tiller_deployment_is_accessible_from_within_the_cluster after 66.542µs 1:53PM DBG Starting to run query tiller_is_deployed 1:53PM DBG Finished to run query tiller_is_deployed after 66.292µs 1:53PM DBG Starting to run query tiller_is_deployed 1:53PM DBG Finished to run query tiller_is_deployed after 17.958µs 1:53PM DBG Starting to run query tiller_service_is_not_deleted 1:53PM DBG Finished to run query tiller_service_is_not_deleted after 43µs 1:53PM DBG Starting to run query tiller_service_is_not_deleted 1:53PM DBG Finished to run query tiller_service_is_not_deleted after 48.417µs 1:53PM DBG Starting to run query tls_connection_certificate_not_setup 1:53PM DBG Finished to run query tls_connection_certificate_not_setup after 106.125µs 1:53PM DBG Starting to run query tls_connection_certificate_not_setup 1:53PM DBG Finished to run query tls_connection_certificate_not_setup after 16.458µs 1:53PM DBG Starting to run query token_auth_file_is_set 1:53PM DBG Finished to run query token_auth_file_is_set after 39.709µs 1:53PM DBG Starting to run query token_auth_file_is_set 1:53PM DBG Finished to run query token_auth_file_is_set after 77.167µs 1:53PM DBG Starting to run query use_service_account_credentials_not_set_to_true 1:53PM DBG Starting to run query use_service_account_credentials_not_set_to_true 1:53PM DBG Finished to run query use_service_account_credentials_not_set_to_true after 69.5µs 1:53PM DBG Finished to run query use_service_account_credentials_not_set_to_true after 35.083µs 1:53PM DBG Starting to run query using_kubernetes_native_secret_management 1:53PM DBG Finished to run query using_kubernetes_native_secret_management after 46.667µs 1:53PM DBG Starting to run query using_kubernetes_native_secret_management 1:53PM DBG Finished to run query using_kubernetes_native_secret_management after 25.709µs 1:53PM DBG Starting to run query using_unrecommended_namespace 1:53PM DBG Starting to run query using_unrecommended_namespace 1:53PM DBG Finished to run query using_unrecommended_namespace after 38.709µs 1:53PM WRN Failed to detect line, query response KICS_HELM_ID_0.kind={{Deployment}}.metadata.name={{test}} fileName=/path/test/templates/deployment.yaml queryName=using_unrecommended_namespace scanID=console 1:53PM WRN Failed to detect line, query response kind={{Deployment}}.metadata.name={{test}} fileName=/path/test/templates/deployment.yaml queryName=using_unrecommended_namespace scanID=console 1:53PM DBG Finished to run query using_unrecommended_namespace after 237.209µs 1:53PM DBG Starting to run query volume_mount_with_os_directory_write_permissions 1:53PM DBG Finished to run query volume_mount_with_os_directory_write_permissions after 39.417µs 1:53PM DBG Starting to run query volume_mount_with_os_directory_write_permissions 1:53PM DBG Finished to run query volume_mount_with_os_directory_write_permissions after 428.459µs 1:53PM DBG Starting to run query weak_tls_cipher_suites 1:53PM DBG Finished to run query weak_tls_cipher_suites after 48.917µs 1:53PM DBG Starting to run query weak_tls_cipher_suites 1:53PM DBG Finished to run query weak_tls_cipher_suites after 74.583µs 1:53PM DBG Starting to run query workload_host_port_not_specified 1:53PM DBG Finished to run query workload_host_port_not_specified after 35.167µs 1:53PM DBG Starting to run query workload_host_port_not_specified 1:53PM DBG Finished to run query workload_host_port_not_specified after 50.875µs 1:53PM DBG Starting to run query workload_mounting_with_sensitive_os_directory 1:53PM DBG Finished to run query workload_mounting_with_sensitive_os_directory after 34.333µs 1:53PM DBG Starting to run query workload_mounting_with_sensitive_os_directory 1:53PM DBG Finished to run query workload_mounting_with_sensitive_os_directory after 77.25µs 1:53PM DBG model.CreateSummary() 1:53PM DBG HTTP POST to descriptions endpoint 1:53PM DBG HTTP Status: 200 OK 175.778583ms 1:53PM DBG console.resolveOutputs() 1:53PM DBG helpers.PrintResult() Files scanned: 2 Parsed files: 1 Queries loaded: 146 Queries failed to execute: 0 ------------------------------------ Root Container Not Mounted Read-only, Severity: LOW, Results: 1 Description: Check if the root container filesystem is not being mounted read-only. Platform: Kubernetes Learn more about this vulnerability: https://docs.kics.io/latest/queries/kubernetes-queries/a9c2f49d-0671-4fc9-9ece-f4e261e128d0 [1]: ../../path/test/templates/deployment.yaml:1 Pod or Container Without Security Context, Severity: LOW, Results: 1 Description: A security context defines privilege and access control settings for a Pod or Container Platform: Kubernetes Learn more about this vulnerability: https://docs.kics.io/latest/queries/kubernetes-queries/a97a340a-0063-418e-b3a1-3028941d0995 [1]: ../../path/test/templates/deployment.yaml:1 Pod or Container Without ResourceQuota, Severity: LOW, Results: 1 Description: Each namespace should have a ResourceQuota policy associated to limit the total amount of resources Pods, Containers and PersistentVolumeClaims can consume Platform: Kubernetes Learn more about this vulnerability: https://docs.kics.io/latest/queries/kubernetes-queries/48a5beba-e4c0-4584-a2aa-e6894e4cf424 [1]: ../../path/test/templates/deployment.yaml:1 Pod or Container Without LimitRange, Severity: LOW, Results: 1 Description: Each namespace should have a LimitRange policy associated to ensure that resource allocations of Pods, Containers and PersistentVolumeClaims do not exceed the defined boundaries Platform: Kubernetes Learn more about this vulnerability: https://docs.kics.io/latest/queries/kubernetes-queries/4a20ebac-1060-4c81-95d1-1f7f620e983b [1]: ../../path/test/templates/deployment.yaml:1 No Drop Capabilities for Containers, Severity: LOW, Results: 1 Description: Sees if Kubernetes Drop Capabilities exists to ensure containers security context Platform: Kubernetes Learn more about this vulnerability: https://docs.kics.io/latest/queries/kubernetes-queries/268ca686-7fb7-4ae9-b129-955a2a89064e [1]: ../../path/test/templates/deployment.yaml:1 Missing AppArmor Profile, Severity: LOW, Results: 1 Description: Containers should be configured with an AppArmor profile to enforce fine-grained access control over low-level system resources Platform: Kubernetes Learn more about this vulnerability: https://docs.kics.io/latest/queries/kubernetes-queries/8b36775e-183d-4d46-b0f7-96a6f34a723f [1]: ../../path/test/templates/deployment.yaml:1 Liveness Probe Is Not Defined, Severity: LOW, Results: 1 Description: In case of an unresponsive container, a Liveness Probe can help your application become more available since it restarts the container. However, it can lead to cascading failures. Define one if you really need it Platform: Kubernetes Learn more about this vulnerability: https://docs.kics.io/latest/queries/kubernetes-queries/ade74944-a674-4e00-859e-c6eab5bde441 [1]: ../../path/test/templates/deployment.yaml:1 Using Unrecommended Namespace, Severity: MEDIUM, Results: 1 Description: Namespaces like 'default', 'kube-system' or 'kube-public' should not be used Platform: Kubernetes Learn more about this vulnerability: https://docs.kics.io/latest/queries/kubernetes-queries/611ab018-c4aa-4ba2-b0f6-a448337509a6 [1]: ../../path/test/templates/deployment.yaml:1 Service Account Token Automount Not Disabled, Severity: MEDIUM, Results: 1 Description: Service Account Tokens are automatically mounted even if not necessary Platform: Kubernetes Learn more about this vulnerability: https://docs.kics.io/latest/queries/kubernetes-queries/48471392-d4d0-47c0-b135-cdec95eb3eef [1]: ../../path/test/templates/deployment.yaml:1 Seccomp Profile Is Not Configured, Severity: MEDIUM, Results: 1 Description: Containers should be configured with a secure Seccomp profile to restrict potentially dangerous syscalls Platform: Kubernetes Learn more about this vulnerability: https://docs.kics.io/latest/queries/kubernetes-queries/f377b83e-bd07-4f48-a591-60c82b14a78b [1]: ../../path/test/templates/deployment.yaml:1 Readiness Probe Is Not Configured, Severity: MEDIUM, Results: 1 Description: Check if Readiness Probe is not configured. Platform: Kubernetes Learn more about this vulnerability: https://docs.kics.io/latest/queries/kubernetes-queries/a659f3b5-9bf0-438a-bd9a-7d3a6427f1e3 [1]: ../../path/test/templates/deployment.yaml:1 NET_RAW Capabilities Not Being Dropped, Severity: MEDIUM, Results: 1 Description: Containers should drop 'ALL' or at least 'NET_RAW' capabilities Platform: Kubernetes Learn more about this vulnerability: https://docs.kics.io/latest/queries/kubernetes-queries/dbbc6705-d541-43b0-b166-dd4be8208b54 [1]: ../../path/test/templates/deployment.yaml:1 Memory Requests Not Defined, Severity: MEDIUM, Results: 1 Description: Memory requests should be defined for each container. This allows the kubelet to reserve the requested amount of system resources and prevents over-provisioning on individual nodes Platform: Kubernetes Learn more about this vulnerability: https://docs.kics.io/latest/queries/kubernetes-queries/229588ef-8fde-40c8-8756-f4f2b5825ded [1]: ../../path/test/templates/deployment.yaml:1 Memory Limits Not Defined, Severity: MEDIUM, Results: 1 Description: Memory limits should be defined for each container. This prevents potential resource exhaustion by ensuring that containers consume not more than the designated amount of memory Platform: Kubernetes Learn more about this vulnerability: https://docs.kics.io/latest/queries/kubernetes-queries/b14d1bc4-a208-45db-92f0-e21f8e2588e9 [1]: ../../path/test/templates/deployment.yaml:1 Container Running With Low UID, Severity: MEDIUM, Results: 1 Description: Check if containers are running with low UID, which might cause conflicts with the host's user table. Platform: Kubernetes Learn more about this vulnerability: https://docs.kics.io/latest/queries/kubernetes-queries/02323c00-cdc3-4fdc-a310-4f2b3e7a1660 [1]: ../../path/test/templates/deployment.yaml:9 001: apiVersion: apps/v1 002: kind: Deployment 003: metadata: 004: name: test 005: spec: 006: template: 007: spec: 008: containers: 009: - name: test Container Running As Root, Severity: MEDIUM, Results: 1 Description: Containers should only run as non-root user. This limits the exploitability of security misconfigurations and restricts an attacker's possibilities in case of compromise Platform: Kubernetes Learn more about this vulnerability: https://docs.kics.io/latest/queries/kubernetes-queries/cf34805e-3872-4c08-bf92-6ff7bb0cfadb [1]: ../../path/test/templates/deployment.yaml:1 CPU Requests Not Set, Severity: MEDIUM, Results: 1 Description: CPU requests should be set to ensure the sum of the resource requests of the scheduled Containers is less than the capacity of the node Platform: Kubernetes Learn more about this vulnerability: https://docs.kics.io/latest/queries/kubernetes-queries/ca469dd4-c736-448f-8ac1-30a642705e0a [1]: ../../path/test/templates/deployment.yaml:1 CPU Limits Not Set, Severity: MEDIUM, Results: 1 Description: CPU limits should be set because if the system has CPU time free, a container is guaranteed to be allocated as much CPU as it requests Platform: Kubernetes Learn more about this vulnerability: https://docs.kics.io/latest/queries/kubernetes-queries/4ac0e2b7-d2d2-4af7-8799-e8de6721ccda [1]: ../../path/test/templates/deployment.yaml:1 Privilege Escalation Allowed, Severity: HIGH, Results: 1 Description: Containers should not run with allowPrivilegeEscalation in order to prevent them from gaining more privileges than their parent process Platform: Kubernetes Learn more about this vulnerability: https://docs.kics.io/latest/queries/kubernetes-queries/5572cc5e-1e4c-4113-92a6-7a8a3bd25e6d [1]: ../../path/test/templates/deployment.yaml:1 Results Summary: HIGH: 1 MEDIUM: 11 LOW: 7 INFO: 0 TOTAL: 19 1:53PM INF Files scanned: 2 1:53PM INF Lines scanned: 26 1:53PM INF Parsed files: 1 1:53PM INF Lines parsed: 13 1:53PM INF Queries loaded: 146 1:53PM INF Queries failed to execute: 0 1:53PM INF Inspector stopped 1:53PM DBG console.printOutput() Scan duration: 3.62692321s 1:53PM INF Scan duration: 3.62692321s