Container: step-report { "results": [ { "metadata": { "id": "e8fa21d4-a7fc-4abd-9a54-7bdb710a944a", "additionalInfo": { "name": "s0ndbn8px-java-springboot", "namespace": "default", "type": "Deployment" } }, "summary": { "CRITICAL": 0, "HIGH": 0, "LOW": 2, "MEDIUM": 1, "TOTAL": 3 }, "violatedPolicies": [ { "name": "Pod Service Account Token Automatically Mounted", "severity": "MEDIUM", "description": "Protect pod default service account tokens from compromise by minimizing the mounting of the default service account token to only those pods whose application requires interaction with the Kubernetes API.", "violation": [ "Deployment mounts the service account tokens.", "Namespace has name 'default'", "Service Account is set to 'default'" ], "remediation": "Add `automountServiceAccountToken: false` or a value distinct from 'default' for the `serviceAccountName` key to the deployment's Pod configuration.", "failingCheck": false }, { "name": "Docker CIS 4.1: Ensure That a User for the Container Has Been Created", "severity": "LOW", "description": "Containers should run as a non-root user", "violation": [ "Container 'container-image' has image with user 'root'" ], "remediation": "Ensure that the Dockerfile for each container switches from the root user", "failingCheck": false }, { "name": "Latest tag", "severity": "LOW", "description": "Alert on deployments with images using tag 'latest'", "violation": [ "Container 'container-image' has image with tag 'latest'" ], "remediation": "Consider moving to semantic versioning based on code releases (semver.org) or using the first 12 characters of the source control SHA. This will allow you to tie the Docker image to the code.", "failingCheck": false } ] } ], "summary": { "CRITICAL": 0, "HIGH": 0, "LOW": 2, "MEDIUM": 1, "TOTAL": 3 } }