github-actions[bot]
commented
2 months ago Helm Release Diff: monitoring/trivy/trivy.yaml
--- /tmp/tmp.UU0uCABSgg 2024-07-23 01:58:59.350462960 +0000
+++ /tmp/tmp.30AtUt6ocA 2024-07-23 01:59:00.486454510 +0000
@@ -886,8 +886,6 @@
kind: ClusterComplianceReport
metadata:
name: k8s-cis-1.23
- platform: k8s
- type: cis
spec:
cron: "0 */6 * * *"
reportType: "summary"
@@ -1386,20 +1384,17 @@
authentication. However as there is no way to revoke these
certificates when a user leaves an organization or loses their
credential, they are not suitable for this purpose
- checks: null
severity: HIGH
- id: 3.2.1
name: Ensure that a minimal audit policy is created (Manual)
description: Kubernetes can audit the details of requests made to the API
server. The --audit- policy-file flag must be set for this logging to
be enabled.
- checks: null
severity: HIGH
- id: 3.2.2
name: Ensure that the audit policy covers key security concerns (Manual)
description: Ensure that the audit policy created for the cluster covers key
security concerns
- checks: null
severity: HIGH
- id: 4.1.1
name: Ensure that the kubelet service file permissions are set to 600 or more
@@ -1741,7 +1736,6 @@
description: There are a variety of CNI plugins available for Kubernetes. If the
CNI in use does not support Network Policies it may not be possible to
effectively restrict traffic in the cluster
- checks: null
severity: MEDIUM
- id: 5.3.2
name: Ensure that all Namespaces have Network Policies defined
@@ -1755,26 +1749,22 @@
description: Kubernetes supports mounting secrets as data volumes or as
environment variables. Minimize the use of environment variable
secrets
- checks: null
severity: MEDIUM
- id: 5.4.2
name: Consider external secret storage (Manual)
description: Consider the use of an external secrets storage and management
system, instead of using Kubernetes Secrets directly, if you have more
complex secret management needs
- checks: null
severity: MEDIUM
- id: 5.5.1
name: Configure Image Provenance using ImagePolicyWebhook admission controller
(Manual)
description: Configure Image Provenance for your deployment
- checks: null
severity: MEDIUM
- id: 5.7.1
name: Create administrative boundaries between resources using namespaces
(Manual)
description: Use namespaces to isolate your Kubernetes objects
- checks: null
severity: MEDIUM
- id: 5.7.2
name: Ensure that the seccomp profile is set to docker/default in your pod
This PR contains the following updates:
0.24.0->0.24.1Release Notes
aquasecurity/helm-charts (trivy-operator)
### [`v0.24.1`](https://togithub.com/aquasecurity/helm-charts/releases/tag/trivy-operator-0.24.1) [Compare Source](https://togithub.com/aquasecurity/helm-charts/compare/trivy-operator-0.24.0...trivy-operator-0.24.1) Keeps security report resources updatedConfiguration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.