Skip to content

build(2.0.0-rc9): merge release into main #587

build(2.0.0-rc9): merge release into main

build(2.0.0-rc9): merge release into main #587

Triggered via push May 22, 2024 17:30
Status Success
Total duration 38s
Artifacts

kics.yml

on: push
Fit to window
Zoom out
Zoom in

Annotations

6 warnings
[LOW] Unpinned Actions Full Length Commit SHA: .github/workflows/chart-release.yaml#L68
Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
[INFO] Ensure Administrative Boundaries Between Resources: charts/localdev/templates/centralidp-spi.yaml#L25
As a best practice, ensure that is made the correct use of namespaces to adequately administer your resources. Kubernetes Authorization plugins can also be used to create policies that segregate user access to namespaces.
[INFO] Using Kubernetes Native Secret Management: charts/localdev/templates/sharedidp-spi.yaml#L24
Kubernetes External Secret Storage and Management System usage should be considered if you have more complex secret management needs, rather than using Kubernetes Secrets directly. Additionally, ensure that access to secrets is carefully limited
[INFO] Using Kubernetes Native Secret Management: charts/localdev/templates/secret-postgres-init.yaml#L24
Kubernetes External Secret Storage and Management System usage should be considered if you have more complex secret management needs, rather than using Kubernetes Secrets directly. Additionally, ensure that access to secrets is carefully limited
[INFO] Using Kubernetes Native Secret Management: charts/localdev/templates/centralidp-spi.yaml#L24
Kubernetes External Secret Storage and Management System usage should be considered if you have more complex secret management needs, rather than using Kubernetes Secrets directly. Additionally, ensure that access to secrets is carefully limited
[INFO] Using Kubernetes Native Secret Management: charts/localdev/templates/secret-sharedidp-example-realm.yaml#L24
Kubernetes External Secret Storage and Management System usage should be considered if you have more complex secret management needs, rather than using Kubernetes Secrets directly. Additionally, ensure that access to secrets is carefully limited