AKS multiple False Positives #6416
Closed
Pionerd
started this conversation in
False Detection
Replies: 2 comments
-
|
@Pionerd can you please open this issue on trivy-operator github and we can take discussion their. |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
@Pionerd opened an issue aquasecurity/trivy-operator#1970 |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
IDs
AVD-KCV-0083, AVD-KCV-0088, AVD-KCV-0089, AVD-KCV-0090, AVD-KCV-0091, AVD-KCV-0092
Description
AVD-KCV-0083: verified that my AKS Kubelet does run with the flag --protect-kernel-defaults set to true
AVD-KCV-0088: --tls-cert-file is correctly set (/etc/kubernetes/certs/kubeletserver.crt)
AVD-KCV-0089: this one is a bit different, --tls-key-file is not set, but --tls-private-key-file is (/etc/kubernetes/certs/kubeletserver.key)
AVD-KCV-0090: --rotate-certificates is correctly set to true
AVD-KCV-0091: the mentioned config file (/etc/kubernetes/kubelet.conf) is not existing / used by AKS
AVD-KCV-0092: cipher suites are set (--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256)
Reproduction Steps
Target
Kubernetes
Scanner
Misconfiguration
Target OS
Ubuntu
Debug Output
Version
Checklist
-f jsonthat shows data sources and confirmed that the security advisory in data sources was correctBeta Was this translation helpful? Give feedback.
All reactions