KICS #438
scherersebastianAnnotations
1 error and 10 warnings
|
Analyze
KICS scan failed with exit code 50
|
|
[HIGH] Missing User Instruction:
Dockerfile#L25
A user should be specified in the dockerfile, otherwise the image will run as root
|
|
[MEDIUM] Container Traffic Not Bound To Host Interface:
docker-compose.yml#L5
Incoming container traffic should be bound to a specific host interface
|
|
[MEDIUM] Healthcheck Not Set:
docker-compose.yml#L3
Check containers periodically to see if they are running properly.
|
|
[MEDIUM] Host Namespace is Shared:
docker-compose.yml#L3
The hosts process namespace should not be shared by containers
|
|
[MEDIUM] Memory Not Limited:
docker-compose.yml#L3
Memory limits should be defined for each container. This prevents potential resource exhaustion by ensuring that containers consume not more than the designated amount of memory
|
|
[MEDIUM] NPM Install Command Without Pinned Version:
Dockerfile#L19
Check if packages installed by npm are pinning a specific version.
|
|
[MEDIUM] Networks Not Set:
docker-compose.yml#L3
Setting networks in services ensures you are not using dockers default bridge (docker0), which shares traffic bewteen all containers.
|
|
[MEDIUM] Pids Limit Not Set:
docker-compose.yml#L3
'pids_limit' should be set and different than -1
|
|
[MEDIUM] Readiness Probe Is Not Configured:
charts/vas/templates/deployment.yaml#L1
Check if Readiness Probe is not configured.
|
|
[MEDIUM] Seccomp Profile Is Not Configured:
charts/vas/templates/deployment.yaml#L1
Containers should be configured with a secure Seccomp profile to restrict potentially dangerous syscalls
|