Skip to content

KICS

KICS #734

Triggered via schedule September 19, 2024 00:27
Status Success
Total duration 41s
Artifacts

kics.yml

on: schedule
Fit to window
Zoom out
Zoom in

Annotations

3 warnings
[LOW] Unpinned Actions Full Length Commit SHA: .github/workflows/chart-release.yaml#L68
Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
[INFO] Ensure Administrative Boundaries Between Resources: charts/localdev/templates/secret-postgres-init.yaml#L25
As a best practice, ensure that is made the correct use of namespaces to adequately administer your resources. Kubernetes Authorization plugins can also be used to create policies that segregate user access to namespaces.
[INFO] Using Kubernetes Native Secret Management: charts/localdev/templates/secret-postgres-init.yaml#L24
Kubernetes External Secret Storage and Management System usage should be considered if you have more complex secret management needs, rather than using Kubernetes Secrets directly. Additionally, ensure that access to secrets is carefully limited