Skip to content

Commit

Permalink
more fixes
Browse files Browse the repository at this point in the history
  • Loading branch information
@srijan-deepsource
srijan-deepsource committed Oct 26, 2023
1 parent 10b5fc8 commit a669852
Show file tree
Hide file tree
Showing 36 changed files with 4 additions and 37 deletions.
1 change: 0 additions & 1 deletion analyzers/kube-linter/.deepsource/issues/KUBELIN-W1002.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Unrestricted access to Secrets"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Indicates when a subject (Group/User/ServiceAccount) has access to Secrets. CIS Benchmark 5.1.2: Access to secrets should be restricted to the smallest possible group of users to reduce the risk of privilege escalation.
Expand Down
1 change: 0 additions & 1 deletion analyzers/kube-linter/.deepsource/issues/KUBELIN-W1003.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "`cluster admin` role should be used only where required"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
CIS Benchmark 5.1.1 Ensure that the cluster-admin role is only used where required
Expand Down
1 change: 0 additions & 1 deletion analyzers/kube-linter/.deepsource/issues/KUBELIN-W1004.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Missing `scaleTargetRef` in `HorizontalPodAutoscaler`"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Indicates when HorizontalPodAutoscalers target a missing resource.
Expand Down
1 change: 0 additions & 1 deletion analyzers/kube-linter/.deepsource/issues/KUBELIN-W1005.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Ingress without associated services"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Indicates when ingress do not have any associated services.
Expand Down
1 change: 0 additions & 1 deletion analyzers/kube-linter/.deepsource/issues/KUBELIN-W1006.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "NetworkPolicy without associated deployments"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Indicates when networkpolicies do not have any associated deployments.
Expand Down
1 change: 0 additions & 1 deletion analyzers/kube-linter/.deepsource/issues/KUBELIN-W1007.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Misconfigured NetworkPolicyPeer podSelectors"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Indicates when NetworkPolicyPeer in Egress/Ingress rules -in the Spec of NetworkPolicy- do not have any associated deployments. Applied on peer specified with podSelectors only.
Expand Down
1 change: 0 additions & 1 deletion analyzers/kube-linter/.deepsource/issues/KUBELIN-W1008.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Missing deployment for service"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Indicates when services do not have any associated deployments.
Expand Down
1 change: 0 additions & 1 deletion analyzers/kube-linter/.deepsource/issues/KUBELIN-W1009.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Pods using default service account"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Indicates when pods use the default service account.
Expand Down
1 change: 0 additions & 1 deletion analyzers/kube-linter/.deepsource/issues/KUBELIN-W1010.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Use of deprecated `serviceAccount` field in deployments"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Indicates when deployments use the deprecated serviceAccount field.
Expand Down
1 change: 0 additions & 1 deletion analyzers/kube-linter/.deepsource/issues/KUBELIN-W1011.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Missing `dnsConfig` options in deployments"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Alert on deployments that have no specified dnsConfig options
Expand Down
1 change: 0 additions & 1 deletion analyzers/kube-linter/.deepsource/issues/KUBELIN-W1012.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "`docker.sock` volume mounted in containers"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Alert on deployments with docker.sock mounted in containers.
Expand Down
1 change: 0 additions & 1 deletion analyzers/kube-linter/.deepsource/issues/KUBELIN-W1013.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Container with `NET_RAW` capability"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Indicates when containers do not drop NET_RAW capability
Expand Down
1 change: 0 additions & 1 deletion analyzers/kube-linter/.deepsource/issues/KUBELIN-W1014.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Duplicate env vars dedicated"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Check that duplicate named env vars aren't passed to a deployment like.
Expand Down
1 change: 0 additions & 1 deletion analyzers/kube-linter/.deepsource/issues/KUBELIN-W1015.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Insecure use of secrets in environment variables"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Indicates when objects use a secret in an environment variable.
Expand Down
1 change: 0 additions & 1 deletion analyzers/kube-linter/.deepsource/issues/KUBELIN-W1016.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Forbidden service types for exposed services"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Alert on services for forbidden types
Expand Down
1 change: 0 additions & 1 deletion analyzers/kube-linter/.deepsource/issues/KUBELIN-W1017.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Sharing host's IPC namespace"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Alert on pods/deployment-likes with sharing host's IPC namespace
Expand Down
1 change: 0 additions & 1 deletion analyzers/kube-linter/.deepsource/issues/KUBELIN-W1019.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Sharing host's process namespace"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Alert on pods/deployment-likes with sharing host's process namespace
Expand Down
1 change: 0 additions & 1 deletion analyzers/kube-linter/.deepsource/issues/KUBELIN-W1020.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Insufficient `minReplicas` in `HorizontalPodAutoscaler`"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Indicates when a HorizontalPodAutoscaler specifies less than three minReplicas
Expand Down
1 change: 0 additions & 1 deletion analyzers/kube-linter/.deepsource/issues/KUBELIN-W1021.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Invalid port names in deployments or services"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Indicates when deployments or services are using port names that are violating specifications.
Expand Down
1 change: 0 additions & 1 deletion analyzers/kube-linter/.deepsource/issues/KUBELIN-W1022.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Invalid container image"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Indicates when a deployment-like object is running a container with an invalid container image
Expand Down
1 change: 0 additions & 1 deletion analyzers/kube-linter/.deepsource/issues/KUBELIN-W1023.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Insufficient number of replicas"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Indicates when a deployment uses less than three replicas
Expand Down
1 change: 0 additions & 1 deletion analyzers/kube-linter/.deepsource/issues/KUBELIN-W1024.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Mismatching deployment selector and pod template labels"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Indicates when deployment selectors fail to match the pod template labels.
Expand Down
1 change: 0 additions & 1 deletion analyzers/kube-linter/.deepsource/issues/KUBELIN-W1025.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Missing inter-pod anti-affinity in deployments with multiple replicas"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Indicates when deployments with multiple replicas fail to specify inter-pod anti-affinity, to ensure that the orchestrator attempts to schedule replicas on different nodes.
Expand Down
1 change: 0 additions & 1 deletion analyzers/kube-linter/.deepsource/issues/KUBELIN-W1026.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Deprecated API versions used under `extensions/v1beta`"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Indicates when objects use deprecated API versions under extensions/v1beta.
Expand Down
1 change: 0 additions & 1 deletion analyzers/kube-linter/.deepsource/issues/KUBELIN-W1027.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Missing liveness probe in containers"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Indicates when containers fail to specify a liveness probe.
Expand Down
1 change: 0 additions & 1 deletion analyzers/kube-linter/.deepsource/issues/KUBELIN-W1028.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Missing node affinity in deployments"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Alert on deployments that have no node affinity defined
Expand Down
1 change: 0 additions & 1 deletion analyzers/kube-linter/.deepsource/issues/KUBELIN-W1029.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Containers running without a read-only root filesystem"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Indicates when containers are running without a read-only root filesystem.
Expand Down
1 change: 0 additions & 1 deletion analyzers/kube-linter/.deepsource/issues/KUBELIN-W1030.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Missing readiness probe"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Indicates when containers fail to specify a readiness probe.
Expand Down
1 change: 0 additions & 1 deletion analyzers/kube-linter/.deepsource/issues/KUBELIN-W1032.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Invalid service account reference"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Indicates when pods reference a service account that is not found.
Expand Down
1 change: 0 additions & 1 deletion analyzers/kube-linter/.deepsource/issues/KUBELIN-W1033.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Missing NetworkPolicy for deployment-like objects"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Alert on deployment-like objects that are not selected by any NetworkPolicy.
Expand Down
1 change: 0 additions & 1 deletion analyzers/kube-linter/.deepsource/issues/KUBELIN-W1034.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "`PodDisruptionBudget` with `maxUnavailable` value preventing disruption
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Indicates when a PodDisruptionBudget has a maxUnavailable value that will always prevent disruptions of pods created by related deployment-like objects.
Expand Down
1 change: 0 additions & 1 deletion analyzers/kube-linter/.deepsource/issues/KUBELIN-W1035.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Misconfigured `minAvailable` in `PodDisruptionBudget`"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Indicates when a PodDisruptionBudget sets a minAvailable value that will always prevent disruptions of pods created by related deployment-like objects.
Expand Down
1 change: 0 additions & 1 deletion analyzers/kube-linter/.deepsource/issues/KUBELIN-W1036.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Container allows privilege escalation"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Alert on containers of allowing privilege escalation that could gain more privileges than its parent process.
Expand Down
2 changes: 1 addition & 1 deletion analyzers/kube-linter/.deepsource/issues/KUBELIN-W1037.toml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
title = "privileged-container"
title = "Containers running in privileged mode"
severity = "major"
category = "antipattern"
weight = 70
Expand Down
4 changes: 2 additions & 2 deletions analyzers/kube-linter/.deepsource/issues/KUBELIN-W1038.toml
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
title = "privileged-ports"
title = "Containers mapping privileged ports"
severity = "major"
category = "antipattern"
weight = 70
description = """
Alert on deployments with privileged ports mapped in containers
Alert on deployments with privileged ports mapped in containers.
<!--more-->
Expand Down
2 changes: 1 addition & 1 deletion analyzers/kube-linter/.deepsource/issues/KUBELIN-W1039.toml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
title = "read-secret-from-env-var"
title = "Reading secrets from environment variables"
severity = "major"
category = "antipattern"
weight = 70
Expand Down

0 comments on commit a669852

Please sign in to comment.