Skip to content

Merge pull request #477 from eclipse-tractusx/merge/v2.3.0-RC3 #810

Merge pull request #477 from eclipse-tractusx/merge/v2.3.0-RC3

Merge pull request #477 from eclipse-tractusx/merge/v2.3.0-RC3 #810

Triggered via push November 13, 2024 18:19
Status Success
Total duration 47s
Artifacts

kics.yml

on: push
Fit to window
Zoom out
Zoom in

Annotations

3 warnings
[LOW] Unpinned Actions Full Length Commit SHA: .github/workflows/chart-release.yaml#L68
Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
[INFO] Ensure Administrative Boundaries Between Resources: charts/localdev/templates/secret-postgres-init.yaml#L25
As a best practice, ensure that is made the correct use of namespaces to adequately administer your resources. Kubernetes Authorization plugins can also be used to create policies that segregate user access to namespaces.
[INFO] Using Kubernetes Native Secret Management: charts/localdev/templates/secret-postgres-init.yaml#L24
Kubernetes External Secret Storage and Management System usage should be considered if you have more complex secret management needs, rather than using Kubernetes Secrets directly. Additionally, ensure that access to secrets is carefully limited