View Code? Open in Web Editor
NEW
This project forked from madhuakula /kubernetes-goat
Kubernetes Goat ๐ is a "Vulnerable by Design" Kubernetes Cluster. Designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security ๐
Home Page: https://madhuakula.com/kubernetes-goat
License: MIT License
Dockerfile 1.67%
HTML 94.12%
Shell 2.48%
Python 0.38%
JavaScript 0.45%
Go 0.43%
Smarty 0.11%
Mustache 0.38%
iac_demo's People
iac_demo's Issues
deployment-kind.yaml - Ensure that Service Account Tokens are only mounted where necessary
Violation detected in /scenarios/health-check/deployment-kind.yaml:[1-33]
๐ File Type:
kubernetes
โ Details - Ensure that Service Account Tokens are only mounted where necessary
deployment.yaml - Minimize the admission of containers with capabilities assigned
Violation detected in /scenarios/metadata-db/templates/deployment.yaml:[3-48]
๐ File Type:
helm
โ Details - Minimize the admission of containers with capabilities assigned
deployment-kind.yaml - Containers should run as a high UID to avoid host conflict
Violation detected in /scenarios/health-check/deployment-kind.yaml:[1-33]
๐ File Type:
kubernetes
โ Details - Containers should run as a high UID to avoid host conflict
deployment.yaml - Liveness Probe Should be Configured
Violation detected in /scenarios/internal-proxy/deployment.yaml:[1-39]
๐ File Type:
kubernetes
โ Details - Liveness Probe Should be Configured
master-job.yaml - Ensure that Service Account Tokens are only mounted where necessary
Violation detected in /scenarios/kube-bench-security/master-job.yaml:[2-42]
๐ File Type:
kubernetes
โ Details - Ensure that Service Account Tokens are only mounted where necessary
job.yaml - The default namespace should not be used
Violation detected in /scenarios/batch-check/job.yaml:[1-17]
๐ File Type:
kubernetes
โ Details - The default namespace should not be used
job.yaml - Image Tag should be fixed - not latest or blank
Violation detected in /scenarios/batch-check/job.yaml:[1-17]
๐ File Type:
kubernetes
โ Details - Image Tag should be fixed - not latest or blank
node-job.yaml - Containers should run as a high UID to avoid host conflict
Violation detected in /scenarios/kube-bench-security/node-job.yaml:[2-43]
๐ File Type:
kubernetes
โ Details - Containers should run as a high UID to avoid host conflict
deployment.yaml - Memory limits should be set
Violation detected in /scenarios/hidden-in-layers/deployment.yaml:[1-17]
๐ File Type:
kubernetes
โ Details - Memory limits should be set
deployment.yaml - Ensure that Service Account Tokens are only mounted where necessary
Violation detected in /scenarios/metadata-db/templates/deployment.yaml:[3-48]
๐ File Type:
helm
โ Details - Ensure that Service Account Tokens are only mounted where necessary
deployment.yaml - Memory requests should be set
Violation detected in /scenarios/hidden-in-layers/deployment.yaml:[1-17]
๐ File Type:
kubernetes
โ Details - Memory requests should be set
deployment.yaml - CPU requests should be set
Violation detected in /scenarios/hidden-in-layers/deployment.yaml:[1-17]
๐ File Type:
kubernetes
โ Details - CPU requests should be set
deployment.yaml - Minimize wildcard use in Roles and ClusterRoles
Violation detected in /scenarios/hunger-check/deployment.yaml:[7-16]
๐ File Type:
kubernetes
โ Details - Minimize wildcard use in Roles and ClusterRoles
deployment-kind.yaml - Minimize the admission of root containers
Violation detected in /scenarios/health-check/deployment-kind.yaml:[1-33]
๐ File Type:
kubernetes
โ Details - Minimize the admission of root containers
deployment.yaml - Image Tag should be fixed - not latest or blank
Violation detected in /scenarios/metadata-db/templates/deployment.yaml:[3-48]
๐ File Type:
helm
โ Details - Image Tag should be fixed - not latest or blank
node-job.yaml - Apply security context to your pods and containers
Violation detected in /scenarios/kube-bench-security/node-job.yaml:[2-43]
๐ File Type:
kubernetes
โ Details - Apply security context to your pods and containers
deployment.yaml - Use read-only filesystem for containers where possible
Violation detected in /scenarios/metadata-db/templates/deployment.yaml:[3-48]
๐ File Type:
helm
โ Details - Use read-only filesystem for containers where possible
node-job.yaml - Memory requests should be set
Violation detected in /scenarios/kube-bench-security/node-job.yaml:[2-43]
๐ File Type:
kubernetes
โ Details - Memory requests should be set
node-job.yaml - Ensure that Service Account Tokens are only mounted where necessary
Violation detected in /scenarios/kube-bench-security/node-job.yaml:[2-43]
๐ File Type:
kubernetes
โ Details - Ensure that Service Account Tokens are only mounted where necessary
master-job.yaml - Containers should not share the host process ID namespace
Violation detected in /scenarios/kube-bench-security/master-job.yaml:[2-42]
๐ File Type:
kubernetes
โ Details - Containers should not share the host process ID namespace
deployment.yaml - Containers should not share the host network namespace
Violation detected in /scenarios/docker-bench-security/deployment.yaml:[12-92]
๐ File Type:
kubernetes
โ Details - Containers should not share the host network namespace
master-job.yaml - Containers should not run with allowPrivilegeEscalation
Violation detected in /scenarios/kube-bench-security/master-job.yaml:[2-42]
๐ File Type:
kubernetes
โ Details - Containers should not run with allowPrivilegeEscalation
job.yaml - CPU requests should be set
Violation detected in /scenarios/batch-check/job.yaml:[1-17]
๐ File Type:
kubernetes
โ Details - CPU requests should be set
master-job.yaml - Minimize the admission of containers with the NET_RAW capability
Violation detected in /scenarios/kube-bench-security/master-job.yaml:[2-42]
๐ File Type:
kubernetes
โ Details - Minimize the admission of containers with the NET_RAW capability
deployment.yaml - Do not expose the docker daemon socket to containers
Violation detected in /scenarios/health-check/deployment.yaml:[1-34]
๐ File Type:
kubernetes
โ Details - Do not expose the docker daemon socket to containers
job.yaml - Ensure that the seccomp profile is set to docker/default or runtime/default
Violation detected in /scenarios/batch-check/job.yaml:[1-17]
๐ File Type:
kubernetes
โ Details - Ensure that the seccomp profile is set to docker/default or runtime/default
node-job.yaml - Memory limits should be set
Violation detected in /scenarios/kube-bench-security/node-job.yaml:[2-43]
๐ File Type:
kubernetes
โ Details - Memory limits should be set
node-job.yaml - Ensure that the seccomp profile is set to docker/default or runtime/default
Violation detected in /scenarios/kube-bench-security/node-job.yaml:[2-43]
๐ File Type:
kubernetes
โ Details - Ensure that the seccomp profile is set to docker/default or runtime/default
deployment.yaml - Containers should not share the host process ID namespace
Violation detected in /scenarios/docker-bench-security/deployment.yaml:[12-92]
๐ File Type:
kubernetes
โ Details - Containers should not share the host process ID namespace
clusterrole.yaml - Minimize wildcard use in Roles and ClusterRoles
Violation detected in /infrastructure/helm-tiller/pwnchart/templates/clusterrole.yaml:[3-10]
๐ File Type:
helm
โ Details - Minimize wildcard use in Roles and ClusterRoles
deployment-kind.yaml - The default namespace should not be used
Violation detected in /scenarios/health-check/deployment-kind.yaml:[34-44]
๐ File Type:
kubernetes
โ Details - The default namespace should not be used
deployment.yaml - Container should not be privileged
Violation detected in /scenarios/health-check/deployment.yaml:[1-34]
๐ File Type:
kubernetes
โ Details - Container should not be privileged
deployment.yaml - Ensure that the seccomp profile is set to docker/default or runtime/default
Violation detected in /scenarios/metadata-db/templates/deployment.yaml:[3-48]
๐ File Type:
helm
โ Details - Ensure that the seccomp profile is set to docker/default or runtime/default
Dockerfile - Ensure that HEALTHCHECK instructions have been added to container images
Violation detected in /infrastructure/internal-api/Dockerfile:[1-15]
๐ File Type:
dockerfile
โ Details - Ensure that HEALTHCHECK instructions have been added to container images
node-job.yaml - Minimize the admission of containers with capabilities assigned
Violation detected in /scenarios/kube-bench-security/node-job.yaml:[2-43]
๐ File Type:
kubernetes
โ Details - Minimize the admission of containers with capabilities assigned
deployment-kind.yaml - Memory requests should be set
Violation detected in /scenarios/health-check/deployment-kind.yaml:[1-33]
๐ File Type:
kubernetes
โ Details - Memory requests should be set
master-job.yaml - Ensure that the seccomp profile is set to docker/default or runtime/default
Violation detected in /scenarios/kube-bench-security/master-job.yaml:[2-42]
๐ File Type:
kubernetes
โ Details - Ensure that the seccomp profile is set to docker/default or runtime/default
deployment.yaml - Minimize the admission of containers with the NET_RAW capability
Violation detected in /scenarios/metadata-db/templates/deployment.yaml:[3-48]
๐ File Type:
helm
โ Details - Minimize the admission of containers with the NET_RAW capability
deployment.yaml - Containers should not run with allowPrivilegeEscalation
Violation detected in /scenarios/metadata-db/templates/deployment.yaml:[3-48]
๐ File Type:
helm
โ Details - Containers should not run with allowPrivilegeEscalation
node-job.yaml - The default namespace should not be used
Violation detected in /scenarios/kube-bench-security/node-job.yaml:[2-43]
๐ File Type:
kubernetes
โ Details - The default namespace should not be used
node-job.yaml - Minimize the admission of containers with the NET_RAW capability
Violation detected in /scenarios/kube-bench-security/node-job.yaml:[2-43]
๐ File Type:
kubernetes
โ Details - Minimize the admission of containers with the NET_RAW capability
node-job.yaml - Image should use digest
Violation detected in /scenarios/kube-bench-security/node-job.yaml:[2-43]
๐ File Type:
kubernetes
โ Details - Image should use digest
job.yaml - Use read-only filesystem for containers where possible
Violation detected in /scenarios/batch-check/job.yaml:[1-17]
๐ File Type:
kubernetes
โ Details - Use read-only filesystem for containers where possible
deployment-kind.yaml - Image Tag should be fixed - not latest or blank
Violation detected in /scenarios/health-check/deployment-kind.yaml:[1-33]
๐ File Type:
kubernetes
โ Details - Image Tag should be fixed - not latest or blank
deployment-kind.yaml - Minimize the admission of containers with the NET_RAW capability
Violation detected in /scenarios/health-check/deployment-kind.yaml:[1-33]
๐ File Type:
kubernetes
โ Details - Minimize the admission of containers with the NET_RAW capability
deployment-kind.yaml - Image should use digest
Violation detected in /scenarios/health-check/deployment-kind.yaml:[1-33]
๐ File Type:
kubernetes
โ Details - Image should use digest
deployment-kind.yaml - Do not expose the docker daemon socket to containers
Violation detected in /scenarios/health-check/deployment-kind.yaml:[1-33]
๐ File Type:
kubernetes
โ Details - Do not expose the docker daemon socket to containers
node-job.yaml - Containers should not run with allowPrivilegeEscalation
Violation detected in /scenarios/kube-bench-security/node-job.yaml:[2-43]
๐ File Type:
kubernetes
โ Details - Containers should not run with allowPrivilegeEscalation
master-job.yaml - Use read-only filesystem for containers where possible
Violation detected in /scenarios/kube-bench-security/master-job.yaml:[2-42]
๐ File Type:
kubernetes
โ Details - Use read-only filesystem for containers where possible
deployment.yaml - Image should use digest
Violation detected in /scenarios/metadata-db/templates/deployment.yaml:[3-48]
๐ File Type:
helm
โ Details - Image should use digest