Kubescape Scan Report

Summary:

All	Failed	Skipped
19	3	0

Details

Severity	Control Name	Failed Resources	All Resources	Risk Score, %
High	Applications credentials in configuration files	2	13	15
High	CVE-2021-25742-nginx-ingress-snippet-annotation-vulnerability	0	0	0
High	Ensure CPU limits are set	0	13	0
High	Ensure memory limits are set	0	13	0
High	Host PID/IPC privileges	0	13	0
High	HostNetwork access	0	13	0
High	Insecure capabilities	0	13	0
High	Privileged container	0	13	0
Medium	Administrative Roles	0	0	0
Medium	Allow privilege escalation	0	13	0
Medium	Automatic mapping of service account	0	21	0
Medium	Cluster internal networking	0	0	0
Medium	Container hostPort	0	13	0
Medium	Ingress and Egress blocked	11	15	73
Medium	Linux hardening	0	13	0
Medium	Non-root containers	0	13	0
Medium	Prevent containers from allowing command execution	0	0	0
Low	Immutable container filesystem	1	13	8
Low	PSP enabled	0	0	0

Failed Resources:

Name: -ohdsi-webapi

ApiVersion: apps/v1

Kind: Deployment

Name: -ohdsi-webapi

Namespace:

Severity	Name	Docs	Assisted Remediation
Medium	Ingress and Egress blocked	C-0030

Name: -ohdsi-test-connection

ApiVersion: v1

Kind: Pod

Name: -ohdsi-test-connection

Namespace:

Severity	Name	Docs	Assisted Remediation
Medium	Ingress and Egress blocked	C-0030

Name: -minio

ApiVersion: apps/v1

Kind: Deployment

Name: -minio

Namespace:

Severity	Name	Docs	Assisted Remediation
High	Applications credentials in configuration files	C-0012	spec.template.spec.containers[0].env[2].name spec.template.spec.containers[0].env[2].value

Severity

Name

Docs

Assisted Remediation

High

Applications credentials in configuration files

C-0012

spec.template.spec.containers[0].env[2].name

spec.template.spec.containers[0].env[2].value

Name: -fhir-server-exporter-test-metrics-endpoint

ApiVersion: v1

Kind: Pod

Name: -fhir-server-exporter-test-metrics-endpoint

Namespace:

Severity	Name	Docs	Assisted Remediation
Medium	Ingress and Egress blocked	C-0030

Name: -fhir-server-exporter

ApiVersion: apps/v1

Kind: Deployment

Name: -fhir-server-exporter

Namespace:

Severity	Name	Docs	Assisted Remediation
Medium	Ingress and Egress blocked	C-0030

Name: -magnifhir

ApiVersion: apps/v1

Kind: Deployment

Name: -magnifhir

Namespace:

Severity	Name	Docs	Assisted Remediation
Medium	Ingress and Egress blocked	C-0030

Name: -magnifhir-test

ApiVersion: v1

Kind: Pod

Name: -magnifhir-test

Namespace:

Severity	Name	Docs	Assisted Remediation
Medium	Ingress and Egress blocked	C-0030

Name: -fhir-server

ApiVersion: apps/v1

Kind: Deployment

Name: -fhir-server

Namespace:

Severity	Name	Docs	Assisted Remediation
Medium	Ingress and Egress blocked	C-0030

Name: -pathling-server

ApiVersion: apps/v1

Kind: Deployment

Name: -pathling-server

Namespace:

Severity	Name	Docs	Assisted Remediation
High	Applications credentials in configuration files	C-0012	spec.template.spec.containers[0].env[3].name spec.template.spec.containers[0].env[3].value
Medium	Ingress and Egress blocked	C-0030

Severity

Name

Docs

Assisted Remediation

High

Applications credentials in configuration files

C-0012

spec.template.spec.containers[0].env[3].name

spec.template.spec.containers[0].env[3].value

Medium

Ingress and Egress blocked

C-0030

Name: -pathling-server-test-connection

ApiVersion: v1

Kind: Pod

Name: -pathling-server-test-connection

Namespace:

Severity	Name	Docs	Assisted Remediation
Medium	Ingress and Egress blocked	C-0030

Name: -fhir-server-test-connection

ApiVersion: v1

Kind: Pod

Name: -fhir-server-test-connection

Namespace:

Severity	Name	Docs	Assisted Remediation
Medium	Ingress and Egress blocked	C-0030

Name: -ohdsi-atlas

ApiVersion: apps/v1

Kind: Deployment

Name: -ohdsi-atlas

Namespace:

Severity	Name	Docs	Assisted Remediation
Low	Immutable container filesystem	C-0017	spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem=true
Medium	Ingress and Egress blocked	C-0030