| All | Failed | Skipped |
|---|---|---|
| 23 | 2 | 0 |
| Severity | Control Name | Failed Resources | All Resources | Risk Score, % |
|---|---|---|---|---|
| High | CIS-5.1.3 Minimize wildcard use in Roles and ClusterRoles | 0 | 0 | 0 |
| High | CIS-5.2.11 Minimize the admission of Windows HostProcess Containers | 0 | 0 | 0 |
| High | CIS-5.2.2 Minimize the admission of privileged containers | 0 | 0 | 0 |
| High | CIS-5.7.3 Apply Security Context to Your Pods and Containers | 11 | 13 | 85 |
| Medium | CIS-5.1.2 Minimize access to secrets | 0 | 0 | 0 |
| Medium | CIS-5.1.4 Minimize access to create pods | 0 | 0 | 0 |
| Medium | CIS-5.1.5 Ensure that default service accounts are not actively used | 0 | 0 | 0 |
| Medium | CIS-5.1.6 Ensure that Service Account Tokens are only mounted where necessary | 0 | 21 | 0 |
| Medium | CIS-5.1.8 Limit use of the Bind, Impersonate and Escalate permissions in the Kubernetes cluster | 0 | 0 | 0 |
| Medium | CIS-5.2.1 Ensure that the cluster has at least one active policy control mechanism in place | 0 | 0 | 0 |
| Medium | CIS-5.2.10 Minimize the admission of containers with capabilities assigned | 0 | 0 | 0 |
| Medium | CIS-5.2.12 Minimize the admission of HostPath volumes | 0 | 0 | 0 |
| Medium | CIS-5.2.13 Minimize the admission of containers which use HostPorts | 0 | 0 | 0 |
| Medium | CIS-5.2.3 Minimize the admission of containers wishing to share the host process ID namespace | 0 | 0 | 0 |
| Medium | CIS-5.2.4 Minimize the admission of containers wishing to share the host IPC namespace | 0 | 0 | 0 |
| Medium | CIS-5.2.5 Minimize the admission of containers wishing to share the host network namespace | 0 | 0 | 0 |
| Medium | CIS-5.2.6 Minimize the admission of containers with allowPrivilegeEscalation | 0 | 0 | 0 |
| Medium | CIS-5.2.7 Minimize the admission of root containers | 0 | 0 | 0 |
| Medium | CIS-5.2.8 Minimize the admission of containers with the NET_RAW capability | 0 | 0 | 0 |
| Medium | CIS-5.2.9 Minimize the admission of containers with added capabilities | 0 | 0 | 0 |
| Medium | CIS-5.3.2 Ensure that all Namespaces have Network Policies defined | 0 | 0 | 0 |
| Medium | CIS-5.4.1 Prefer using secrets as files over secrets as environment variables | 5 | 13 | 38 |
| Medium | CIS-5.7.2 Ensure that the seccomp profile is set to docker/default in your pod definitions | 0 | 13 | 0 |
ApiVersion: apps/v1
Kind: StatefulSet
Name: -postgresql
Namespace:
| Severity | Name | Docs | Assisted Remediation |
|---|---|---|---|
| Medium | CIS-5.4.1 Prefer using secrets as files over secrets as environment variables | C-0207 | spec.template.spec.containers[0].env[4].name |
ApiVersion: apps/v1
Kind: Deployment
Name: -fhir-server
Namespace:
| Severity | Name | Docs | Assisted Remediation |
|---|---|---|---|
| Medium | CIS-5.4.1 Prefer using secrets as files over secrets as environment variables | C-0207 | spec.template.spec.containers[0].env[10].name spec.template.spec.containers[0].env[11].name spec.template.spec.containers[0].env[9].name |
| High | CIS-5.7.3 Apply Security Context to Your Pods and Containers | C-0211 | spec.template.spec.containers[0].securityContext.seLinuxOptions=YOUR_VALUE spec.template.spec.securityContext.fsGroup=YOUR_VALUE spec.template.spec.securityContext.fsGroupChangePolicy=Always spec.template.spec.securityContext.sysctls.name=YOUR_VALUE spec.template.spec.securityContext.sysctls.value=YOUR_VALUE spec.template.spec.securityContext.supplementalGroups=YOUR_VALUE |
ApiVersion: apps/v1
Kind: Deployment
Name: -fhir-server-exporter
Namespace:
| Severity | Name | Docs | Assisted Remediation |
|---|---|---|---|
| High | CIS-5.7.3 Apply Security Context to Your Pods and Containers | C-0211 | spec.template.spec.containers[0].securityContext.seLinuxOptions=YOUR_VALUE spec.template.spec.securityContext.fsGroup=YOUR_VALUE spec.template.spec.securityContext.fsGroupChangePolicy=Always spec.template.spec.securityContext.sysctls.name=YOUR_VALUE spec.template.spec.securityContext.sysctls.value=YOUR_VALUE spec.template.spec.securityContext.supplementalGroups=YOUR_VALUE |
ApiVersion: v1
Kind: Pod
Name: -fhir-server-exporter-test-metrics-endpoint
Namespace:
| Severity | Name | Docs | Assisted Remediation |
|---|---|---|---|
| High | CIS-5.7.3 Apply Security Context to Your Pods and Containers | C-0211 | spec.containers[0].securityContext.seLinuxOptions=YOUR_VALUE spec.securityContext.sysctls.name=YOUR_VALUE spec.securityContext.sysctls.value=YOUR_VALUE spec.securityContext.supplementalGroups=YOUR_VALUE |
ApiVersion: apps/v1
Kind: Deployment
Name: -pathling-server
Namespace:
| Severity | Name | Docs | Assisted Remediation |
|---|---|---|---|
| Medium | CIS-5.4.1 Prefer using secrets as files over secrets as environment variables | C-0207 | spec.template.spec.containers[0].env[4].name spec.template.spec.containers[0].env[5].name |
| High | CIS-5.7.3 Apply Security Context to Your Pods and Containers | C-0211 | spec.template.spec.containers[0].securityContext.seLinuxOptions=YOUR_VALUE spec.template.spec.securityContext.fsGroup=YOUR_VALUE spec.template.spec.securityContext.fsGroupChangePolicy=Always spec.template.spec.securityContext.sysctls.name=YOUR_VALUE spec.template.spec.securityContext.sysctls.value=YOUR_VALUE spec.template.spec.securityContext.supplementalGroups=YOUR_VALUE |
ApiVersion: apps/v1
Kind: Deployment
Name: -magnifhir
Namespace:
| Severity | Name | Docs | Assisted Remediation |
|---|---|---|---|
| High | CIS-5.7.3 Apply Security Context to Your Pods and Containers | C-0211 | spec.template.spec.containers[0].securityContext.seLinuxOptions=YOUR_VALUE spec.template.spec.securityContext.fsGroup=YOUR_VALUE spec.template.spec.securityContext.fsGroupChangePolicy=Always spec.template.spec.securityContext.sysctls.name=YOUR_VALUE spec.template.spec.securityContext.sysctls.value=YOUR_VALUE spec.template.spec.securityContext.supplementalGroups=YOUR_VALUE |
ApiVersion: apps/v1
Kind: Deployment
Name: -ohdsi-atlas
Namespace:
| Severity | Name | Docs | Assisted Remediation |
|---|---|---|---|
| High | CIS-5.7.3 Apply Security Context to Your Pods and Containers | C-0211 | spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem=true spec.template.spec.containers[0].securityContext.seLinuxOptions=YOUR_VALUE spec.template.spec.securityContext.sysctls.name=YOUR_VALUE spec.template.spec.securityContext.sysctls.value=YOUR_VALUE spec.template.spec.securityContext.supplementalGroups=YOUR_VALUE |
ApiVersion: v1
Kind: Pod
Name: -ohdsi-test-connection
Namespace:
| Severity | Name | Docs | Assisted Remediation |
|---|---|---|---|
| High | CIS-5.7.3 Apply Security Context to Your Pods and Containers | C-0211 | spec.containers[0].securityContext.seLinuxOptions=YOUR_VALUE spec.containers[1].securityContext.seLinuxOptions=YOUR_VALUE spec.securityContext.sysctls.name=YOUR_VALUE spec.securityContext.sysctls.value=YOUR_VALUE spec.securityContext.supplementalGroups=YOUR_VALUE |
ApiVersion: v1
Kind: Pod
Name: -fhir-server-test-connection
Namespace:
| Severity | Name | Docs | Assisted Remediation |
|---|---|---|---|
| High | CIS-5.7.3 Apply Security Context to Your Pods and Containers | C-0211 | spec.containers[0].securityContext.seLinuxOptions=YOUR_VALUE spec.containers[1].securityContext.seLinuxOptions=YOUR_VALUE spec.securityContext.sysctls.name=YOUR_VALUE spec.securityContext.sysctls.value=YOUR_VALUE spec.securityContext.supplementalGroups=YOUR_VALUE |
ApiVersion: v1
Kind: Pod
Name: -magnifhir-test
Namespace:
| Severity | Name | Docs | Assisted Remediation |
|---|---|---|---|
| High | CIS-5.7.3 Apply Security Context to Your Pods and Containers | C-0211 | spec.containers[0].securityContext.seLinuxOptions=YOUR_VALUE spec.containers[1].securityContext.seLinuxOptions=YOUR_VALUE spec.securityContext.sysctls.name=YOUR_VALUE spec.securityContext.sysctls.value=YOUR_VALUE spec.securityContext.supplementalGroups=YOUR_VALUE |
ApiVersion: v1
Kind: Pod
Name: -pathling-server-test-connection
Namespace:
| Severity | Name | Docs | Assisted Remediation |
|---|---|---|---|
| High | CIS-5.7.3 Apply Security Context to Your Pods and Containers | C-0211 | spec.containers[0].securityContext.seLinuxOptions=YOUR_VALUE spec.containers[1].securityContext.seLinuxOptions=YOUR_VALUE spec.containers[2].securityContext.seLinuxOptions=YOUR_VALUE spec.containers[3].securityContext.seLinuxOptions=YOUR_VALUE spec.securityContext.sysctls.name=YOUR_VALUE spec.securityContext.sysctls.value=YOUR_VALUE spec.securityContext.supplementalGroups=YOUR_VALUE |
ApiVersion: apps/v1
Kind: Deployment
Name: -ohdsi-webapi
Namespace:
| Severity | Name | Docs | Assisted Remediation |
|---|---|---|---|
| Medium | CIS-5.4.1 Prefer using secrets as files over secrets as environment variables | C-0207 | spec.template.spec.containers[0].env[14].name spec.template.spec.containers[0].env[4].name |
| High | CIS-5.7.3 Apply Security Context to Your Pods and Containers | C-0211 | spec.template.spec.containers[0].securityContext.seLinuxOptions=YOUR_VALUE spec.template.spec.securityContext.fsGroup=YOUR_VALUE spec.template.spec.securityContext.fsGroupChangePolicy=Always spec.template.spec.securityContext.sysctls.name=YOUR_VALUE spec.template.spec.securityContext.sysctls.value=YOUR_VALUE spec.template.spec.securityContext.supplementalGroups=YOUR_VALUE |
ApiVersion: apps/v1
Kind: Deployment
Name: -minio
Namespace:
| Severity | Name | Docs | Assisted Remediation |
|---|---|---|---|
| Medium | CIS-5.4.1 Prefer using secrets as files over secrets as environment variables | C-0207 | spec.template.spec.containers[0].env[4].name spec.template.spec.containers[0].env[5].name |