-
Notifications
You must be signed in to change notification settings - Fork 0
/
lastPolicyCheck.json
1 lines (1 loc) · 4.06 KB
/
lastPolicyCheck.json
1
{"policyValidationResults":[{"fileName":"/Users/hadarco/Desktop/yamls/stsful.yaml","ruleResults":[{"identifier":"CONTAINERS_MISSING_LIVENESSPROBE_KEY","name":"Ensure each container has a configured liveness probe","messageOnFailure":"Missing property object `livenessProbe` - add a properly configured livenessProbe to catch possible deadlocks","occurrencesDetails":[{"metadataName":"web","kind":"StatefulSet","skipMessage":"","occurrences":1,"isSkipped":false}]},{"identifier":"CONTAINERS_MISSING_KEY_ALLOWPRIVILEGEESCALATION","name":"Prevent containers from escalating privileges","messageOnFailure":"Missing key `allowPrivilegeEscalation` - set to false to prevent attackers from exploiting escalated container privileges","occurrencesDetails":[{"metadataName":"web","kind":"StatefulSet","skipMessage":"","occurrences":1,"isSkipped":false}]},{"identifier":"CONTAINERS_INCORRECT_RUNASNONROOT_VALUE","name":"Prevent container from running with root privileges","messageOnFailure":"Invalid value for key `runAsNonRoot` - must be set to `true` to prevent unnecessary privileges","occurrencesDetails":[{"metadataName":"web","kind":"StatefulSet","skipMessage":"","occurrences":1,"isSkipped":false}]},{"identifier":"CONTAINERS_MISSING_MEMORY_REQUEST_KEY","name":"Ensure each container has a configured memory request","messageOnFailure":"Missing property object `requests.memory` - value should be within the accepted boundaries recommended by the organization","occurrencesDetails":[{"metadataName":"web","kind":"StatefulSet","skipMessage":"","occurrences":1,"isSkipped":false}]},{"identifier":"CONTAINERS_MISSING_CPU_REQUEST_KEY","name":"Ensure each container has a configured CPU request","messageOnFailure":"Missing property object `requests.cpu` - value should be within the accepted boundaries recommended by the organization","occurrencesDetails":[{"metadataName":"web","kind":"StatefulSet","skipMessage":"","occurrences":1,"isSkipped":false}]},{"identifier":"CONTAINERS_MISSING_CPU_LIMIT_KEY","name":"Ensure each container has a configured CPU limit","messageOnFailure":"Missing property object `limits.cpu` - value should be within the accepted boundaries recommended by the organization","occurrencesDetails":[{"metadataName":"web","kind":"StatefulSet","skipMessage":"","occurrences":1,"isSkipped":false}]},{"identifier":"CONTAINERS_INCORRECT_READONLYROOTFILESYSTEM_VALUE","name":"Ensure each container has a read-only root filesystem","messageOnFailure":"Incorrect value for key `readOnlyRootFilesystem` - set to 'true' to protect filesystem from potential attacks","occurrencesDetails":[{"metadataName":"web","kind":"StatefulSet","skipMessage":"","occurrences":1,"isSkipped":false}]},{"identifier":"CONTAINERS_MISSING_MEMORY_LIMIT_KEY","name":"Ensure each container has a configured memory limit","messageOnFailure":"Missing property object `limits.memory` - value should be within the accepted boundaries recommended by the organization","occurrencesDetails":[{"metadataName":"web","kind":"StatefulSet","skipMessage":"","occurrences":1,"isSkipped":false}]},{"identifier":"CONTAINERS_MISSING_READINESSPROBE_KEY","name":"Ensure each container has a configured readiness probe","messageOnFailure":"Missing property object `readinessProbe` - add a properly configured readinessProbe to notify kubelet your Pods are ready for traffic","occurrencesDetails":[{"metadataName":"web","kind":"StatefulSet","skipMessage":"","occurrences":1,"isSkipped":false}]},{"identifier":"CONTAINERS_MISSING_IMAGE_VALUE_DIGEST","name":"Ensure each container image has a digest tag","messageOnFailure":"Incorrect value for key `image` - add a digest tag (starts with `@sha256:`) to represent an immutable version of the image","occurrencesDetails":[{"metadataName":"web","kind":"StatefulSet","skipMessage":"","occurrences":1,"isSkipped":false}]}]}],"policySummary":{"policyName":"Default","totalRulesInPolicy":52,"totalSkippedRules":0,"totalRulesFailed":10,"totalPassedCount":42},"evaluationSummary":{"configsCount":1,"filesCount":1,"passedYamlValidationCount":1,"k8sValidation":"1/1","passedPolicyValidationCount":0},"yamlValidationResults":null,"k8sValidationResults":null}