Skip to content
🤖 Issue/PR Automation

✨(project:maison): Add the project maison to atlas #12

# to view logs

✨(project:maison): Add the project maison to atlas

✨(project:maison): Add the project maison to atlas #12

Triggered via pull request December 22, 2024 22:29
@xunleiixunleii
synchronize #206
wip/iron-age_features/project-maison
Status Success
Total duration 11s
Artifacts

pull_request.automations.yaml

on: pull_request
🏷️ Labeler
3s
🏷️ Labeler
Fit to window
Zoom out
Zoom in

Annotations

32 errors and 1 warning
checkov(CKV_K8S_49): projects/maison/src/clusters/production/flux-system/gotk-components.yaml#L95
[new] Minimize wildcard use in Roles and ClusterRoles
trivy(KSV046): projects/maison/src/clusters/production/flux-system/gotk-components.yaml#L104
[new] ClusterRole 'crd-controller-flux-system' shouldn't manage all resources
trivy(KSV046): projects/maison/src/clusters/production/flux-system/gotk-components.yaml#L110
[new] ClusterRole 'crd-controller-flux-system' shouldn't manage all resources
trivy(KSV046): projects/maison/src/clusters/production/flux-system/gotk-components.yaml#L116
[new] ClusterRole 'crd-controller-flux-system' shouldn't manage all resources
trivy(KSV046): projects/maison/src/clusters/production/flux-system/gotk-components.yaml#L122
[new] ClusterRole 'crd-controller-flux-system' shouldn't manage all resources
trivy(KSV046): projects/maison/src/clusters/production/flux-system/gotk-components.yaml#L128
[new] ClusterRole 'crd-controller-flux-system' shouldn't manage all resources
trivy(KSV041): projects/maison/src/clusters/production/flux-system/gotk-components.yaml#L134
[new] ClusterRole 'crd-controller-flux-system' shouldn't have access to manage resource 'secrets'
trivy(KSV049): projects/maison/src/clusters/production/flux-system/gotk-components.yaml#L152
[new] ClusterRole 'crd-controller-flux-system' should not have access to resource 'configmaps' for verbs ["create", "update", "patch", "delete", "deletecollection", "impersonate", "*"]
checkov(CKV_K8S_49): projects/maison/src/clusters/production/flux-system/gotk-components.yaml#L189
[new] Minimize wildcard use in Roles and ClusterRoles
trivy(KSV046): projects/maison/src/clusters/production/flux-system/gotk-components.yaml#L200
[new] ClusterRole 'flux-edit-flux-system' shouldn't manage all resources
checkov(CKV_K8S_49): projects/maison/src/clusters/production/flux-system/gotk-components.yaml#L215
[new] Minimize wildcard use in Roles and ClusterRoles
trivy(KSV046): projects/maison/src/clusters/production/flux-system/gotk-components.yaml#L227
[new] ClusterRole 'flux-view-flux-system' shouldn't manage all resources
trivy(KSV111): projects/maison/src/clusters/production/flux-system/gotk-components.yaml#L243
[new] ClusterRoleBinding 'cluster-reconciler-flux-system' should not bind to roles ["cluster-admin", "admin", "edit"]
checkov(CKV_K8S_15): projects/maison/src/clusters/production/flux-system/gotk-components.yaml#L4521
[new] Image Pull Policy should be Always
checkov(CKV_K8S_38): projects/maison/src/clusters/production/flux-system/gotk-components.yaml#L4521
[new] Ensure that Service Account Tokens are only mounted where necessary
checkov(CKV_K8S_40): projects/maison/src/clusters/production/flux-system/gotk-components.yaml#L4521
[new] Containers should run as a high UID to avoid host conflict
checkov(CKV_K8S_43): projects/maison/src/clusters/production/flux-system/gotk-components.yaml#L4521
[new] Image should use digest
trivy(KSV020): projects/maison/src/clusters/production/flux-system/gotk-components.yaml#L4548
[new] Container 'manager' of Deployment 'source-controller' should set 'securityContext.runAsUser' > 10000
trivy(KSV021): projects/maison/src/clusters/production/flux-system/gotk-components.yaml#L4548
[new] Container 'manager' of Deployment 'source-controller' should set 'securityContext.runAsGroup' > 10000
checkov(CKV_K8S_15): projects/maison/src/clusters/production/flux-system/gotk-components.yaml#L6398
[new] Image Pull Policy should be Always
checkov(CKV_K8S_38): projects/maison/src/clusters/production/flux-system/gotk-components.yaml#L6398
[new] Ensure that Service Account Tokens are only mounted where necessary
checkov(CKV_K8S_40): projects/maison/src/clusters/production/flux-system/gotk-components.yaml#L6398
[new] Containers should run as a high UID to avoid host conflict
checkov(CKV_K8S_43): projects/maison/src/clusters/production/flux-system/gotk-components.yaml#L6398
[new] Image should use digest
trivy(KSV020): projects/maison/src/clusters/production/flux-system/gotk-components.yaml#L6423
[new] Container 'manager' of Deployment 'kustomize-controller' should set 'securityContext.runAsUser' > 10000
trivy(KSV021): projects/maison/src/clusters/production/flux-system/gotk-components.yaml#L6423
[new] Container 'manager' of Deployment 'kustomize-controller' should set 'securityContext.runAsGroup' > 10000
checkov(CKV_K8S_15): projects/maison/src/clusters/production/flux-system/gotk-components.yaml#L10258
[new] Image Pull Policy should be Always
checkov(CKV_K8S_38): projects/maison/src/clusters/production/flux-system/gotk-components.yaml#L10258
[new] Ensure that Service Account Tokens are only mounted where necessary
checkov(CKV_K8S_40): projects/maison/src/clusters/production/flux-system/gotk-components.yaml#L10258
[new] Containers should run as a high UID to avoid host conflict
checkov(CKV_K8S_43): projects/maison/src/clusters/production/flux-system/gotk-components.yaml#L10258
[new] Image should use digest
trivy(KSV020): projects/maison/src/clusters/production/flux-system/gotk-components.yaml#L10283
[new] Container 'manager' of Deployment 'helm-controller' should set 'securityContext.runAsUser' > 10000
trivy(KSV021): projects/maison/src/clusters/production/flux-system/gotk-components.yaml#L10283
[new] Container 'manager' of Deployment 'helm-controller' should set 'securityContext.runAsGroup' > 10000
prettier: projects/maison/src/clusters/production/flux-system/gotk-components.yaml#L1
Incorrect formatting, autoformat by running 'trunk fmt'
🏷️ Labeler
ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636