All | Failed | Skipped |
---|---|---|
19 | 3 | 0 |
Severity | Control Name | Failed Resources | All Resources | Risk Score, % |
---|---|---|---|---|
High | Applications credentials in configuration files | 2 | 13 | 15 |
High | CVE-2021-25742-nginx-ingress-snippet-annotation-vulnerability | 0 | 0 | 0 |
High | Ensure CPU limits are set | 0 | 13 | 0 |
High | Ensure memory limits are set | 0 | 13 | 0 |
High | Host PID/IPC privileges | 0 | 13 | 0 |
High | HostNetwork access | 0 | 13 | 0 |
High | Insecure capabilities | 0 | 13 | 0 |
High | Privileged container | 0 | 13 | 0 |
Medium | Administrative Roles | 0 | 0 | 0 |
Medium | Allow privilege escalation | 0 | 13 | 0 |
Medium | Automatic mapping of service account | 0 | 21 | 0 |
Medium | Cluster internal networking | 0 | 0 | 0 |
Medium | Container hostPort | 0 | 13 | 0 |
Medium | Ingress and Egress blocked | 11 | 15 | 73 |
Medium | Linux hardening | 0 | 13 | 0 |
Medium | Non-root containers | 0 | 13 | 0 |
Medium | Prevent containers from allowing command execution | 0 | 0 | 0 |
Low | Immutable container filesystem | 1 | 13 | 8 |
Low | PSP enabled | 0 | 0 | 0 |
ApiVersion: apps/v1
Kind: Deployment
Name: -magnifhir
Namespace:
Severity | Name | Docs | Assisted Remediation |
---|---|---|---|
Medium | Ingress and Egress blocked | C-0030 |
ApiVersion: v1
Kind: Pod
Name: -fhir-server-exporter-test-metrics-endpoint
Namespace:
Severity | Name | Docs | Assisted Remediation |
---|---|---|---|
Medium | Ingress and Egress blocked | C-0030 |
ApiVersion: apps/v1
Kind: Deployment
Name: -ohdsi-webapi
Namespace:
Severity | Name | Docs | Assisted Remediation |
---|---|---|---|
Medium | Ingress and Egress blocked | C-0030 |
ApiVersion: v1
Kind: Pod
Name: -fhir-server-test-connection
Namespace:
Severity | Name | Docs | Assisted Remediation |
---|---|---|---|
Medium | Ingress and Egress blocked | C-0030 |
ApiVersion: v1
Kind: Pod
Name: -magnifhir-test
Namespace:
Severity | Name | Docs | Assisted Remediation |
---|---|---|---|
Medium | Ingress and Egress blocked | C-0030 |
ApiVersion: v1
Kind: Pod
Name: -pathling-server-test-connection
Namespace:
Severity | Name | Docs | Assisted Remediation |
---|---|---|---|
Medium | Ingress and Egress blocked | C-0030 |
ApiVersion: apps/v1
Kind: Deployment
Name: -fhir-server-exporter
Namespace:
Severity | Name | Docs | Assisted Remediation |
---|---|---|---|
Medium | Ingress and Egress blocked | C-0030 |
ApiVersion: apps/v1
Kind: Deployment
Name: -pathling-server
Namespace:
Severity | Name | Docs | Assisted Remediation |
---|---|---|---|
High | Applications credentials in configuration files | C-0012 | spec.template.spec.containers[0].env[3].name spec.template.spec.containers[0].env[3].value |
Medium | Ingress and Egress blocked | C-0030 |
ApiVersion: apps/v1
Kind: Deployment
Name: -ohdsi-atlas
Namespace:
Severity | Name | Docs | Assisted Remediation |
---|---|---|---|
Medium | Ingress and Egress blocked | C-0030 | |
Low | Immutable container filesystem | C-0017 | spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem=true |
ApiVersion: apps/v1
Kind: Deployment
Name: -minio
Namespace:
Severity | Name | Docs | Assisted Remediation |
---|---|---|---|
High | Applications credentials in configuration files | C-0012 | spec.template.spec.containers[0].env[2].name spec.template.spec.containers[0].env[2].value |
ApiVersion: v1
Kind: Pod
Name: -ohdsi-test-connection
Namespace:
Severity | Name | Docs | Assisted Remediation |
---|---|---|---|
Medium | Ingress and Egress blocked | C-0030 |
ApiVersion: apps/v1
Kind: Deployment
Name: -fhir-server
Namespace:
Severity | Name | Docs | Assisted Remediation |
---|---|---|---|
Medium | Ingress and Egress blocked | C-0030 |