Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: improve issue title for kube-linter #7

Merged
merged 3 commits into from
Oct 26, 2023
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
more fixes
  • Loading branch information
srijan-deepsource committed Oct 26, 2023
commit a6698522c9c6e3b3a63f7e0c5ec4a50bce045ddd
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Unrestricted access to Secrets"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Indicates when a subject (Group/User/ServiceAccount) has access to Secrets. CIS Benchmark 5.1.2: Access to secrets should be restricted to the smallest possible group of users to reduce the risk of privilege escalation.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "`cluster admin` role should be used only where required"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
CIS Benchmark 5.1.1 Ensure that the cluster-admin role is only used where required

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Missing `scaleTargetRef` in `HorizontalPodAutoscaler`"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Indicates when HorizontalPodAutoscalers target a missing resource.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Ingress without associated services"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Indicates when ingress do not have any associated services.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "NetworkPolicy without associated deployments"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Indicates when networkpolicies do not have any associated deployments.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Misconfigured NetworkPolicyPeer podSelectors"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Indicates when NetworkPolicyPeer in Egress/Ingress rules -in the Spec of NetworkPolicy- do not have any associated deployments. Applied on peer specified with podSelectors only.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Missing deployment for service"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Indicates when services do not have any associated deployments.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Pods using default service account"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Indicates when pods use the default service account.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Use of deprecated `serviceAccount` field in deployments"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Indicates when deployments use the deprecated serviceAccount field.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Missing `dnsConfig` options in deployments"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Alert on deployments that have no specified dnsConfig options

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "`docker.sock` volume mounted in containers"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Alert on deployments with docker.sock mounted in containers.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Container with `NET_RAW` capability"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Indicates when containers do not drop NET_RAW capability

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Duplicate env vars dedicated"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Check that duplicate named env vars aren't passed to a deployment like.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Insecure use of secrets in environment variables"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Indicates when objects use a secret in an environment variable.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Forbidden service types for exposed services"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Alert on services for forbidden types

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Sharing host's IPC namespace"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Alert on pods/deployment-likes with sharing host's IPC namespace

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Sharing host's process namespace"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Alert on pods/deployment-likes with sharing host's process namespace

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Insufficient `minReplicas` in `HorizontalPodAutoscaler`"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Indicates when a HorizontalPodAutoscaler specifies less than three minReplicas

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Invalid port names in deployments or services"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Indicates when deployments or services are using port names that are violating specifications.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Invalid container image"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Indicates when a deployment-like object is running a container with an invalid container image

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Insufficient number of replicas"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Indicates when a deployment uses less than three replicas

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Mismatching deployment selector and pod template labels"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Indicates when deployment selectors fail to match the pod template labels.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Missing inter-pod anti-affinity in deployments with multiple replicas"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Indicates when deployments with multiple replicas fail to specify inter-pod anti-affinity, to ensure that the orchestrator attempts to schedule replicas on different nodes.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Deprecated API versions used under `extensions/v1beta`"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Indicates when objects use deprecated API versions under extensions/v1beta.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Missing liveness probe in containers"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Indicates when containers fail to specify a liveness probe.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Missing node affinity in deployments"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Alert on deployments that have no node affinity defined

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Containers running without a read-only root filesystem"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Indicates when containers are running without a read-only root filesystem.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Missing readiness probe"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Indicates when containers fail to specify a readiness probe.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Invalid service account reference"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Indicates when pods reference a service account that is not found.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Missing NetworkPolicy for deployment-like objects"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Alert on deployment-like objects that are not selected by any NetworkPolicy.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "`PodDisruptionBudget` with `maxUnavailable` value preventing disruption
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Indicates when a PodDisruptionBudget has a maxUnavailable value that will always prevent disruptions of pods created by related deployment-like objects.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Misconfigured `minAvailable` in `PodDisruptionBudget`"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Indicates when a PodDisruptionBudget sets a minAvailable value that will always prevent disruptions of pods created by related deployment-like objects.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ title = "Container allows privilege escalation"
weight = 70
severity = "major"
category = "antipattern"
verbose_name = ""
description = """
Alert on containers of allowing privilege escalation that could gain more privileges than its parent process.

Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
title = "privileged-container"
title = "Containers running in privileged mode"
severity = "major"
category = "antipattern"
weight = 70
Expand Down
4 changes: 2 additions & 2 deletions analyzers/kube-linter/.deepsource/issues/KUBELIN-W1038.toml
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
title = "privileged-ports"
title = "Containers mapping privileged ports"
severity = "major"
category = "antipattern"
weight = 70
description = """
Alert on deployments with privileged ports mapped in containers
Alert on deployments with privileged ports mapped in containers.

<!--more-->

Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
title = "read-secret-from-env-var"
title = "Reading secrets from environment variables"
severity = "major"
category = "antipattern"
weight = 70
Expand Down