KICS #588
evegufyAnnotations
4 warnings
|
[LOW] Unpinned Actions Full Length Commit SHA:
.github/workflows/release.yaml#L67
Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
|
|
[INFO] Ensure Administrative Boundaries Between Resources:
charts/centralidp/templates/secret-centralidp.yaml#L24
As a best practice, ensure that is made the correct use of namespaces to adequately administer your resources. Kubernetes Authorization plugins can also be used to create policies that segregate user access to namespaces.
|
|
[INFO] Using Kubernetes Native Secret Management:
charts/centralidp/templates/secret-centralidp.yaml#L23
Kubernetes External Secret Storage and Management System usage should be considered if you have more complex secret management needs, rather than using Kubernetes Secrets directly. Additionally, ensure that access to secrets is carefully limited
|
|
[INFO] Using Kubernetes Native Secret Management:
charts/centralidp/templates/secret-postgres-init.yaml#L24
Kubernetes External Secret Storage and Management System usage should be considered if you have more complex secret management needs, rather than using Kubernetes Secrets directly. Additionally, ensure that access to secrets is carefully limited
|