{ "version": "2.1.0", "runs": [ { "tool": { "driver": { "name": "Trivy-k8s", "version": "0.49.1", "rules": [ { "id": "KSV014", "name": "Root file system is not read-only", "shortDescription": { "text": "An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk." } }, { "id": "KSV014", "name": "Root file system is not read-only", "shortDescription": { "text": "An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk." } }, { "id": "KSV014", "name": "Root file system is not read-only", "shortDescription": { "text": "An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk." } } ] } }, "results": [ { "ruleId": "KSV014", "level": "HIGH", "message": { "text": "Container 'pod-placement-controller' of Deployment 'pod-placement-controller' should set 'securityContext.readOnlyRootFilesystem' to true" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "Deployment/pod-placement-controller" }, "region": { "startLine": 60, "endLine": 127, "snippet": { "text": "[{\"Number\": 60, \"Content\": \" - args:\", \"IsCause\": true, \"Annotation\": \"\", \"Truncated\": false, \"Highlighted\": \" - \\u001b[38;5;33margs\\u001b[0m:\", \"FirstCause\": true, \"LastCause\": false}, {\"Number\": 61, \"Content\": \" - --health-probe-bind-address=:8081\", \"IsCause\": true, \"Annotation\": \"\", \"Truncated\": false, \"Highlighted\": \" - --health-probe-bind-address=:8081\", \"FirstCause\": false, \"LastCause\": false}, {\"Number\": 62, \"Content\": \" - --metrics-bind-address=:8443\", \"IsCause\": true, \"Annotation\": \"\", \"Truncated\": false, \"Highlighted\": \" - --metrics-bind-address=:8443\", \"FirstCause\": false, \"LastCause\": false}, {\"Number\": 63, \"Content\": \" - --initial-log-level=3\", \"IsCause\": true, \"Annotation\": \"\", \"Truncated\": false, \"Highlighted\": \" - --initial-log-level=3\", \"FirstCause\": false, \"LastCause\": false}, {\"Number\": 64, \"Content\": \" - --leader-elect\", \"IsCause\": true, \"Annotation\": \"\", \"Truncated\": false, \"Highlighted\": \" - --leader-elect\", \"FirstCause\": false, \"LastCause\": false}, {\"Number\": 65, \"Content\": \" - --enable-ppc-controllers\", \"IsCause\": true, \"Annotation\": \"\", \"Truncated\": false, \"Highlighted\": \" - --enable-ppc-controllers\", \"FirstCause\": false, \"LastCause\": false}, {\"Number\": 66, \"Content\": \" command:\", \"IsCause\": true, \"Annotation\": \"\", \"Truncated\": false, \"Highlighted\": \" \\u001b[38;5;33mcommand\\u001b[0m:\", \"FirstCause\": false, \"LastCause\": false}, {\"Number\": 67, \"Content\": \" - /manager\", \"IsCause\": true, \"Annotation\": \"\", \"Truncated\": false, \"Highlighted\": \" - /manager\", \"FirstCause\": false, \"LastCause\": false}, {\"Number\": 68, \"Content\": \" env:\", \"IsCause\": true, \"Annotation\": \"\", \"Truncated\": false, \"Highlighted\": \" \\u001b[38;5;33menv\\u001b[0m:\", \"FirstCause\": false, \"LastCause\": true}, {\"Number\": 69, \"Content\": \"\", \"IsCause\": false, \"Annotation\": \"\", \"Truncated\": true, \"FirstCause\": false, \"LastCause\": false}]" } } } } ] }, { "ruleId": "KSV014", "level": "HIGH", "message": { "text": "Container 'pod-placement-web-hook' of Deployment 'pod-placement-web-hook' should set 'securityContext.readOnlyRootFilesystem' to true" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "Deployment/pod-placement-web-hook" }, "region": { "startLine": 58, "endLine": 118, "snippet": { "text": "[{\"Number\": 58, \"Content\": \" - args:\", \"IsCause\": true, \"Annotation\": \"\", \"Truncated\": false, \"Highlighted\": \" - \\u001b[38;5;33margs\\u001b[0m:\", \"FirstCause\": true, \"LastCause\": false}, {\"Number\": 59, \"Content\": \" - --health-probe-bind-address=:8081\", \"IsCause\": true, \"Annotation\": \"\", \"Truncated\": false, \"Highlighted\": \" - --health-probe-bind-address=:8081\", \"FirstCause\": false, \"LastCause\": false}, {\"Number\": 60, \"Content\": \" - --metrics-bind-address=:8443\", \"IsCause\": true, \"Annotation\": \"\", \"Truncated\": false, \"Highlighted\": \" - --metrics-bind-address=:8443\", \"FirstCause\": false, \"LastCause\": false}, {\"Number\": 61, \"Content\": \" - --initial-log-level=3\", \"IsCause\": true, \"Annotation\": \"\", \"Truncated\": false, \"Highlighted\": \" - --initial-log-level=3\", \"FirstCause\": false, \"LastCause\": false}, {\"Number\": 62, \"Content\": \" - --enable-ppc-webhook\", \"IsCause\": true, \"Annotation\": \"\", \"Truncated\": false, \"Highlighted\": \" - --enable-ppc-webhook\", \"FirstCause\": false, \"LastCause\": false}, {\"Number\": 63, \"Content\": \" command:\", \"IsCause\": true, \"Annotation\": \"\", \"Truncated\": false, \"Highlighted\": \" \\u001b[38;5;33mcommand\\u001b[0m:\", \"FirstCause\": false, \"LastCause\": false}, {\"Number\": 64, \"Content\": \" - /manager\", \"IsCause\": true, \"Annotation\": \"\", \"Truncated\": false, \"Highlighted\": \" - /manager\", \"FirstCause\": false, \"LastCause\": false}, {\"Number\": 65, \"Content\": \" env:\", \"IsCause\": true, \"Annotation\": \"\", \"Truncated\": false, \"Highlighted\": \" \\u001b[38;5;33menv\\u001b[0m:\", \"FirstCause\": false, \"LastCause\": false}, {\"Number\": 66, \"Content\": \" - name: NAMESPACE\", \"IsCause\": true, \"Annotation\": \"\", \"Truncated\": false, \"Highlighted\": \" - \\u001b[38;5;33mname\\u001b[0m: NAMESPACE\", \"FirstCause\": false, \"LastCause\": true}, {\"Number\": 67, \"Content\": \"\", \"IsCause\": false, \"Annotation\": \"\", \"Truncated\": true, \"FirstCause\": false, \"LastCause\": false}]" } } } } ] }, { "ruleId": "KSV014", "level": "HIGH", "message": { "text": "Container 'manager' of Deployment 'multiarch-tuning-operator-controller-manager' should set 'securityContext.readOnlyRootFilesystem' to true" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "Deployment/multiarch-tuning-operator-controller-manager" }, "region": { "startLine": 122, "endLine": 193, "snippet": { "text": "[{\"Number\": 122, \"Content\": \" - args:\", \"IsCause\": true, \"Annotation\": \"\", \"Truncated\": false, \"Highlighted\": \" - \\u001b[38;5;33margs\\u001b[0m:\", \"FirstCause\": true, \"LastCause\": false}, {\"Number\": 123, \"Content\": \" - --health-probe-bind-address=:8081\", \"IsCause\": true, \"Annotation\": \"\", \"Truncated\": false, \"Highlighted\": \" - --health-probe-bind-address=:8081\", \"FirstCause\": false, \"LastCause\": false}, {\"Number\": 124, \"Content\": \" - --metrics-bind-address=:8443\", \"IsCause\": true, \"Annotation\": \"\", \"Truncated\": false, \"Highlighted\": \" - --metrics-bind-address=:8443\", \"FirstCause\": false, \"LastCause\": false}, {\"Number\": 125, \"Content\": \" - --leader-elect\", \"IsCause\": true, \"Annotation\": \"\", \"Truncated\": false, \"Highlighted\": \" - --leader-elect\", \"FirstCause\": false, \"LastCause\": false}, {\"Number\": 126, \"Content\": \" - --enable-operator\", \"IsCause\": true, \"Annotation\": \"\", \"Truncated\": false, \"Highlighted\": \" - --enable-operator\", \"FirstCause\": false, \"LastCause\": false}, {\"Number\": 127, \"Content\": \" command:\", \"IsCause\": true, \"Annotation\": \"\", \"Truncated\": false, \"Highlighted\": \" \\u001b[38;5;33mcommand\\u001b[0m:\", \"FirstCause\": false, \"LastCause\": false}, {\"Number\": 128, \"Content\": \" - /manager\", \"IsCause\": true, \"Annotation\": \"\", \"Truncated\": false, \"Highlighted\": \" - /manager\", \"FirstCause\": false, \"LastCause\": false}, {\"Number\": 129, \"Content\": \" env:\", \"IsCause\": true, \"Annotation\": \"\", \"Truncated\": false, \"Highlighted\": \" \\u001b[38;5;33menv\\u001b[0m:\", \"FirstCause\": false, \"LastCause\": false}, {\"Number\": 130, \"Content\": \" - name: NAMESPACE\", \"IsCause\": true, \"Annotation\": \"\", \"Truncated\": false, \"Highlighted\": \" - \\u001b[38;5;33mname\\u001b[0m: NAMESPACE\", \"FirstCause\": false, \"LastCause\": true}, {\"Number\": 131, \"Content\": \"\", \"IsCause\": false, \"Annotation\": \"\", \"Truncated\": true, \"FirstCause\": false, \"LastCause\": false}]" } } } } ] } ] } ] }