Title: Scanners use runAsNonRoot: false in their values.yaml securityContext · Issue #723 · secureCodeBox/secureCodeBox · GitHub
Open Graph Title: Scanners use runAsNonRoot: false in their values.yaml securityContext · Issue #723 · secureCodeBox/secureCodeBox
X Title: Scanners use runAsNonRoot: false in their values.yaml securityContext · Issue #723 · secureCodeBox/secureCodeBox
Description: Once PR #714 is applied, all values.yaml files have a securityContext set. During testing this, it was noted that some scanners have to use runAsNonRoot: false and/or readOnlyRootFilesystem: false in order to function. This can be due to...
Open Graph Description: Once PR #714 is applied, all values.yaml files have a securityContext set. During testing this, it was noted that some scanners have to use runAsNonRoot: false and/or readOnlyRootFilesystem: false ...
X Description: Once PR #714 is applied, all values.yaml files have a securityContext set. During testing this, it was noted that some scanners have to use runAsNonRoot: false and/or readOnlyRootFilesystem: false ...
Opengraph URL: https://github.com/secureCodeBox/secureCodeBox/issues/723
X: @github
Domain: github.com
{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"Scanners use runAsNonRoot: false in their values.yaml securityContext","articleBody":"Once PR #714 is applied, all values.yaml files have a securityContext set. During testing this, it was noted that some scanners have to use *runAsNonRoot: false* and/or *readOnlyRootFilesystem: false* in order to function. This can be due to the behaviour of the underlying scanner or because the Dockerfile uses a non-numeric user. Fixing this may require our own Scanner Dockerfile where an already build original image is used or pull requests in other repositories in order to have them use non-numeric, kubernetes-friendly users.\r\n\r\nSee also: #285 \r\n\r\nAffected scanners:\r\n- [ ] amass (#715)\r\n- [ ] cmseek (readOnlyRootFilesystem)\r\n- [ ] gitleaks\r\n- [ ] kube-hunter\r\n- [ ] ssh-scan\r\n- [ ] sslyze\r\n- [ ] trivy\r\n- [ ] typo3scan (readOnlyRootFilesystem)\r\n- [ ] wpscan\r\n- [ ] zap\r\n- [ ] zap-advanced\r\n","author":{"url":"https://github.com/SebieF","@type":"Person","name":"SebieF"},"datePublished":"2021-10-13T10:05:17.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":1},"url":"https://github.com/723/secureCodeBox/issues/723"}| route-pattern | /_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format) |
| route-controller | voltron_issues_fragments |
| route-action | issue_layout |
| fetch-nonce | v2:b88511df-e89e-bff6-7ba5-678bbb9feba5 |
| current-catalog-service-hash | 81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114 |
| request-id | D1E6:2333C8:3493EB:46FD6A:6979448D |
| html-safe-nonce | 9330e114f4103918f55821f56ad19bac0fde94684dfc05df824d028003364a60 |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJEMUU2OjIzMzNDODozNDkzRUI6NDZGRDZBOjY5Nzk0NDhEIiwidmlzaXRvcl9pZCI6IjI2MTcxNzQwMTA0NzA0MTc1NDkiLCJyZWdpb25fZWRnZSI6ImlhZCIsInJlZ2lvbl9yZW5kZXIiOiJpYWQifQ== |
| visitor-hmac | a7d34532e09f1b3dd905b8d9e9b59b307d95e610082d6825ad032791a2aba0fb |
| hovercard-subject-tag | issue:1025046645 |
| github-keyboard-shortcuts | repository,issues,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/secureCodeBox/secureCodeBox/723/issue_layout |
| twitter:image | https://opengraph.githubassets.com/9fefa4c83f84ea603a24bc2a6f63fb3b776b1a8bfeb8dda88e977dbbb4a938c0/secureCodeBox/secureCodeBox/issues/723 |
| twitter:card | summary_large_image |
| og:image | https://opengraph.githubassets.com/9fefa4c83f84ea603a24bc2a6f63fb3b776b1a8bfeb8dda88e977dbbb4a938c0/secureCodeBox/secureCodeBox/issues/723 |
| og:image:alt | Once PR #714 is applied, all values.yaml files have a securityContext set. During testing this, it was noted that some scanners have to use runAsNonRoot: false and/or readOnlyRootFilesystem: false ... |
| og:image:width | 1200 |
| og:image:height | 600 |
| og:site_name | GitHub |
| og:type | object |
| og:author:username | SebieF |
| hostname | github.com |
| expected-hostname | github.com |
| None | f9bf80f4f4d71a2f9361692e65b326c887a4b25c15fe127257a2d331d14031bd |
| turbo-cache-control | no-preview |
| go-import | github.com/secureCodeBox/secureCodeBox git https://github.com/secureCodeBox/secureCodeBox.git |
| octolytics-dimension-user_id | 34573705 |
| octolytics-dimension-user_login | secureCodeBox |
| octolytics-dimension-repository_id | 80711933 |
| octolytics-dimension-repository_nwo | secureCodeBox/secureCodeBox |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 80711933 |
| octolytics-dimension-repository_network_root_nwo | secureCodeBox/secureCodeBox |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | false |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | 4aabbf3f1d27b754d95d7a9a6e02d14a5aaeb4e6 |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width