Kubescape Scan Report


Summary:

All Failed Skipped
19 3 0

Details

Severity Control Name Failed Resources All Resources Risk Score, %
High Applications credentials in configuration files 3 14 21
High CVE-2021-25742-nginx-ingress-snippet-annotation-vulnerability 0 0 0
High Ensure CPU limits are set 0 14 0
High Ensure memory limits are set 0 14 0
High Host PID/IPC privileges 0 14 0
High HostNetwork access 0 14 0
High Insecure capabilities 0 14 0
High Privileged container 0 14 0
Medium Administrative Roles 0 0 0
Medium Allow privilege escalation 0 14 0
Medium Automatic mapping of service account 0 22 0
Medium Cluster internal networking 0 0 0
Medium Container hostPort 0 14 0
Medium Ingress and Egress blocked 11 17 65
Medium Linux hardening 0 14 0
Medium Non-root containers 0 14 0
Medium Prevent containers from allowing command execution 0 0 0
Low Immutable container filesystem 1 14 7
Low PSP enabled 0 0 0

Failed Resources:


Name: -magnifhir-test

ApiVersion: v1

Kind: Pod

Name: -magnifhir-test

Namespace:

Severity Name Docs Assisted Remediation
Medium Ingress and Egress blocked C-0030

Name: -magnifhir

ApiVersion: apps/v1

Kind: Deployment

Name: -magnifhir

Namespace:

Severity Name Docs Assisted Remediation
Medium Ingress and Egress blocked C-0030

Name: -ohdsi-atlas

ApiVersion: apps/v1

Kind: Deployment

Name: -ohdsi-atlas

Namespace:

Severity Name Docs Assisted Remediation
Medium Ingress and Egress blocked C-0030
Low Immutable container filesystem C-0017

spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem=true

Name: -pathling-server-test-connection

ApiVersion: v1

Kind: Pod

Name: -pathling-server-test-connection

Namespace:

Severity Name Docs Assisted Remediation
Medium Ingress and Egress blocked C-0030

Name: -ohdsi-test-connection

ApiVersion: v1

Kind: Pod

Name: -ohdsi-test-connection

Namespace:

Severity Name Docs Assisted Remediation
Medium Ingress and Egress blocked C-0030

Name: -fhir-server-exporter

ApiVersion: apps/v1

Kind: Deployment

Name: -fhir-server-exporter

Namespace:

Severity Name Docs Assisted Remediation
Medium Ingress and Egress blocked C-0030

Name: -minio

ApiVersion: apps/v1

Kind: Deployment

Name: -minio

Namespace:

Severity Name Docs Assisted Remediation
High Applications credentials in configuration files C-0012

spec.template.spec.containers[0].env[3].name

spec.template.spec.containers[0].env[3].value

spec.template.spec.containers[0].env[5].name

spec.template.spec.containers[0].env[5].value

Name: -fhir-server

ApiVersion: apps/v1

Kind: Deployment

Name: -fhir-server

Namespace:

Severity Name Docs Assisted Remediation
Medium Ingress and Egress blocked C-0030

Name: -postgresql

ApiVersion: apps/v1

Kind: StatefulSet

Name: -postgresql

Namespace:

Severity Name Docs Assisted Remediation
High Applications credentials in configuration files C-0012

spec.template.spec.containers[0].env[4].name

spec.template.spec.containers[0].env[4].value

Name: -fhir-server-test-connection

ApiVersion: v1

Kind: Pod

Name: -fhir-server-test-connection

Namespace:

Severity Name Docs Assisted Remediation
Medium Ingress and Egress blocked C-0030

Name: -ohdsi-webapi

ApiVersion: apps/v1

Kind: Deployment

Name: -ohdsi-webapi

Namespace:

Severity Name Docs Assisted Remediation
Medium Ingress and Egress blocked C-0030

Name: -fhir-server-exporter-test-metrics-endpoint

ApiVersion: v1

Kind: Pod

Name: -fhir-server-exporter-test-metrics-endpoint

Namespace:

Severity Name Docs Assisted Remediation
Medium Ingress and Egress blocked C-0030

Name: -pathling-server

ApiVersion: apps/v1

Kind: Deployment

Name: -pathling-server

Namespace:

Severity Name Docs Assisted Remediation
Medium Ingress and Egress blocked C-0030
High Applications credentials in configuration files C-0012

spec.template.spec.containers[0].env[3].name

spec.template.spec.containers[0].env[3].value