[pre-commit.ci] pre-commit autoupdate #14

pre-commit-ci · 2024-04-01T19:13:56Z

updates:

robo-gotham · 2024-04-01T19:26:11Z

Snyk Scanning for Commit: badc0f9

Snyk Infrastructure as Code

Snyk testing Infrastructure as Code configuration issues.
✔ Test completed.

Issues

Medium Severity Issues: 3

[Medium] Container or Pod is running without root user control
Info: Container or Pod is running without root user control. Container or
Pod could be running with full administrative privileges
Rule: https://security.snyk.io/rules/cloud/SNYK-CC-K8S-10
Path: [DocId: 0] > input > spec > template > spec > containers[inflate] >
securityContext > runAsNonRoot
File: test/test.yaml
Resolve: Set securityContext.runAsNonRoot to true

[Medium] Container does not drop all default capabilities
Info: All default capabilities are not explicitly dropped. Containers are
running with potentially unnecessary privileges
Rule: https://security.snyk.io/rules/cloud/SNYK-CC-K8S-6
Path: [DocId: 0] > input > spec > template > spec > containers[inflate] >
securityContext > capabilities > drop
File: test/test.yaml
Resolve: Add ALL to securityContext.capabilities.drop list, and add only
required capabilities in securityContext.capabilities.add

[Medium] Container is running without privilege escalation control
Info: allowPrivilegeEscalation attribute is not set to false. Processes
could elevate current privileges via known vectors, for example SUID
binaries
Rule: https://security.snyk.io/rules/cloud/SNYK-CC-K8S-9
Path: [DocId: 0] > spec > template > spec > containers[inflate] >
securityContext > allowPrivilegeEscalation
File: test/test.yaml
Resolve: Set spec.{containers, initContainers}.securityContext.allowPrivilegeEscalation to false

Test Summary

Organization: batcave-ispg
Project name: CMS-Enterprise/batcave-tf-karpenter

✔ Files without issues: 8
✗ Files with issues: 1
Ignored issues: 0
Total issues: 3 [ 0 critical, 0 high, 3 medium, 0 low ]

Report Complete

Your test results are available at: https://snyk.io/org/batcave-ispg/projects
under the name: CMS-Enterprise/batcave-tf-karpenter

updates: - [github.com/pre-commit/pre-commit-hooks: v4.5.0 → v4.6.0](pre-commit/pre-commit-hooks@v4.5.0...v4.6.0) - [github.com/antonbabenko/pre-commit-terraform: v1.85.0 → v1.96.1](antonbabenko/pre-commit-terraform@v1.85.0...v1.96.1)

pre-commit-ci bot force-pushed the pre-commit-ci-update-config branch from fdd5f02 to 46bb875 Compare April 8, 2024 19:29

pre-commit-ci bot force-pushed the pre-commit-ci-update-config branch from 46bb875 to cf1f115 Compare April 22, 2024 19:14

pre-commit-ci bot force-pushed the pre-commit-ci-update-config branch from cf1f115 to a3acb78 Compare April 29, 2024 19:28

pre-commit-ci bot force-pushed the pre-commit-ci-update-config branch from a3acb78 to 4f042fc Compare May 27, 2024 19:15

pre-commit-ci bot force-pushed the pre-commit-ci-update-config branch from 4f042fc to 2368a4d Compare June 10, 2024 19:25

pre-commit-ci bot force-pushed the pre-commit-ci-update-config branch from 2368a4d to badc0f9 Compare June 24, 2024 19:22

pre-commit-ci bot force-pushed the pre-commit-ci-update-config branch from badc0f9 to 2ae5898 Compare August 5, 2024 19:48

pre-commit-ci bot force-pushed the pre-commit-ci-update-config branch from 2ae5898 to f8cea6e Compare August 19, 2024 19:33

pre-commit-ci bot force-pushed the pre-commit-ci-update-config branch from f8cea6e to 1c08623 Compare September 2, 2024 19:29

pre-commit-ci bot force-pushed the pre-commit-ci-update-config branch 2 times, most recently from a54e8d5 to 5c5df59 Compare September 16, 2024 19:34

pre-commit-ci bot force-pushed the pre-commit-ci-update-config branch from 5c5df59 to b59dd17 Compare September 23, 2024 19:35

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[pre-commit.ci] pre-commit autoupdate #14

[pre-commit.ci] pre-commit autoupdate #14

pre-commit-ci bot commented Apr 1, 2024 •

edited

Loading

robo-gotham commented Apr 1, 2024 •

edited

Loading

[pre-commit.ci] pre-commit autoupdate #14

Are you sure you want to change the base?

[pre-commit.ci] pre-commit autoupdate #14

Conversation

pre-commit-ci bot commented Apr 1, 2024 • edited Loading

robo-gotham commented Apr 1, 2024 • edited Loading

pre-commit-ci bot commented Apr 1, 2024 •

edited

Loading

robo-gotham commented Apr 1, 2024 •

edited

Loading