Skip to content

Initial phase 1-3 of a per-node Kata config delivery#78

Merged
ebourgeois merged 1 commit into
mainfrom
kata-config
Jun 10, 2026
Merged

Initial phase 1-3 of a per-node Kata config delivery#78
ebourgeois merged 1 commit into
mainfrom
kata-config

Initial phase 1-3 of a per-node Kata config delivery

8d5caaa
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / Trivy completed Jun 10, 2026 in 3s

2 configurations not found

Warning: Code scanning may not have found all the alerts introduced by this pull request, because 2 configurations present on refs/heads/main were not found:

Actions workflow (build.yaml)

  • ❓  trivy-push-Chainguard
  • ❓  trivy-push-Distroless

New alerts in code changed by this pull request

Security Alerts:

  • 1 medium
  • 2 low

See annotations below for details.

View all branch alerts.

Annotations

Check warning on line 108 in deploy/kata-config-agent/daemonset.yaml

See this annotation in the file changed.

Code scanning / Trivy

Can elevate its own privileges Medium

Artifact: deploy/kata-config-agent/daemonset.yaml
Type: kubernetes
Vulnerability KSV-0001
Severity: MEDIUM
Message: Container 'agent' of DaemonSet '5spot-kata-config-agent' should set 'securityContext.allowPrivilegeEscalation' to false
Link: KSV-0001

Check notice on line 108 in deploy/kata-config-agent/daemonset.yaml

See this annotation in the file changed.

Code scanning / Trivy

Default capabilities: some containers do not drop all Low

Artifact: deploy/kata-config-agent/daemonset.yaml
Type: kubernetes
Vulnerability KSV-0003
Severity: LOW
Message: Container 'agent' of DaemonSet '5spot-kata-config-agent' should add 'ALL' to 'securityContext.capabilities.drop'
Link: KSV-0003

Check notice on line 108 in deploy/kata-config-agent/daemonset.yaml

See this annotation in the file changed.

Code scanning / Trivy

Default capabilities: some containers do not drop any Low

Artifact: deploy/kata-config-agent/daemonset.yaml
Type: kubernetes
Vulnerability KSV-0004
Severity: LOW
Message: Container 'agent' of 'daemonset' '5spot-kata-config-agent' in '5spot-system' namespace should set securityContext.capabilities.drop
Link: KSV-0004