Snyk test report

Project	manifests/install.yaml
Path	/argo-cd/manifests/install.yaml
Project Type	Kubernetes

Role with dangerous permissions

medium severity

Public ID: SNYK-CC-K8S-47
Introduced through: [DocId: 10] › rules[0] › resources
Line number: 9063

Impact

Using this role grants dangerous permissions

Remediation

Consider removing this permissions

More about this issue

Role with dangerous permissions

medium severity

Public ID: SNYK-CC-K8S-47
Introduced through: [DocId: 11] › rules[4] › resources
Line number: 9140

Impact

Using this role grants dangerous permissions

Remediation

Consider removing this permissions

More about this issue

Role with dangerous permissions

medium severity

Public ID: SNYK-CC-K8S-47
Introduced through: [DocId: 12] › rules[0] › resources
Line number: 9168

Impact

Using this role grants dangerous permissions

Remediation

Consider removing this permissions

More about this issue

Role with dangerous permissions

medium severity

Public ID: SNYK-CC-K8S-47
Introduced through: [DocId: 13] › rules[3] › resources
Line number: 9212

Impact

Using this role grants dangerous permissions

Remediation

Consider removing this permissions

More about this issue

Role with dangerous permissions

medium severity

Public ID: SNYK-CC-K8S-47
Introduced through: [DocId: 13] › rules[1] › resources
Line number: 9194

Impact

Using this role grants dangerous permissions

Remediation

Consider removing this permissions

More about this issue

Role with dangerous permissions

medium severity

Public ID: SNYK-CC-K8S-47
Introduced through: [DocId: 14] › rules[0] › resources
Line number: 9228

Impact

Using this role grants dangerous permissions

Remediation

Consider removing this permissions

More about this issue

Container could be running with outdated image

low severity

Public ID: SNYK-CC-K8S-42
Introduced through: [DocId: 46] › spec › template › spec › initContainers[copyutil] › imagePullPolicy
Line number: 10100

Impact

The container may run with outdated or unauthorized image

Remediation

Set `imagePullPolicy` attribute to `Always`

More about this issue

Container has no CPU limit

low severity

Public ID: SNYK-CC-K8S-5
Introduced through: [DocId: 42] › input › spec › template › spec › containers[argocd-applicationset-controller] › resources › limits › cpu
Line number: 9686

Impact

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

Remediation

Add `resources.limits.cpu` field with required CPU limit value

More about this issue

Container has no CPU limit

low severity

Public ID: SNYK-CC-K8S-5
Introduced through: [DocId: 43] › input › spec › template › spec › initContainers[copyutil] › resources › limits › cpu
Line number: 9786

Impact

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

Remediation

Add `resources.limits.cpu` field with required CPU limit value

More about this issue

Container has no CPU limit

low severity

Public ID: SNYK-CC-K8S-5
Introduced through: [DocId: 43] › input › spec › template › spec › containers[dex] › resources › limits › cpu
Line number: 9763

Impact

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

Remediation

Add `resources.limits.cpu` field with required CPU limit value

More about this issue

Container has no CPU limit

low severity

Public ID: SNYK-CC-K8S-5
Introduced through: [DocId: 44] › input › spec › template › spec › containers[argocd-notifications-controller] › resources › limits › cpu
Line number: 9829

Impact

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

Remediation

Add `resources.limits.cpu` field with required CPU limit value

More about this issue

Container has no CPU limit

low severity

Public ID: SNYK-CC-K8S-5
Introduced through: [DocId: 45] › input › spec › template › spec › containers[redis] › resources › limits › cpu
Line number: 9901

Impact

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

Remediation

Add `resources.limits.cpu` field with required CPU limit value

More about this issue

Container has no CPU limit

low severity

Public ID: SNYK-CC-K8S-5
Introduced through: [DocId: 46] › input › spec › template › spec › initContainers[copyutil] › resources › limits › cpu
Line number: 10100

Impact

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

Remediation

Add `resources.limits.cpu` field with required CPU limit value

More about this issue

Container has no CPU limit

low severity

Public ID: SNYK-CC-K8S-5
Introduced through: [DocId: 46] › input › spec › template › spec › containers[argocd-repo-server] › resources › limits › cpu
Line number: 9955

Impact

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

Remediation

Add `resources.limits.cpu` field with required CPU limit value

More about this issue

Container has no CPU limit

low severity

Public ID: SNYK-CC-K8S-5
Introduced through: [DocId: 47] › input › spec › template › spec › containers[argocd-server] › resources › limits › cpu
Line number: 10183

Impact

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

Remediation

Add `resources.limits.cpu` field with required CPU limit value

More about this issue

Container has no CPU limit

low severity

Public ID: SNYK-CC-K8S-5
Introduced through: [DocId: 48] › input › spec › template › spec › containers[argocd-application-controller] › resources › limits › cpu
Line number: 10443

Impact

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

Remediation

Add `resources.limits.cpu` field with required CPU limit value

More about this issue

Container is running with multiple open ports

low severity

Public ID: SNYK-CC-K8S-36
Introduced through: [DocId: 43] › spec › template › spec › containers[dex] › ports
Line number: 9770

Impact

Increases the attack surface of the application and the container.

Remediation

Reduce `ports` count to 2

More about this issue

Container is running with writable root filesystem

low severity

Public ID: SNYK-CC-K8S-8
Introduced through: [DocId: 45] › input › spec › template › spec › containers[redis] › securityContext › readOnlyRootFilesystem
Line number: 9911

Impact

Compromised process could abuse writable root filesystem to elevate privileges

Remediation

Set `securityContext.readOnlyRootFilesystem` to `true`

More about this issue

Container is running without liveness probe

low severity

Public ID: SNYK-CC-K8S-41
Introduced through: [DocId: 42] › spec › template › spec › containers[argocd-applicationset-controller] › livenessProbe
Line number: 9686

Impact

Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

Remediation

Add `livenessProbe` attribute

More about this issue

Container is running without liveness probe

low severity

Public ID: SNYK-CC-K8S-41
Introduced through: [DocId: 43] › spec › template › spec › containers[dex] › livenessProbe
Line number: 9763

Impact

Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

Remediation

Add `livenessProbe` attribute

More about this issue

Container is running without liveness probe

low severity

Public ID: SNYK-CC-K8S-41
Introduced through: [DocId: 43] › spec › template › spec › initContainers[copyutil] › livenessProbe
Line number: 9786

Impact

Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

Remediation

Add `livenessProbe` attribute

More about this issue

Container is running without liveness probe

low severity

Public ID: SNYK-CC-K8S-41
Introduced through: [DocId: 45] › spec › template › spec › containers[redis] › livenessProbe
Line number: 9901

Impact

Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

Remediation

Add `livenessProbe` attribute

More about this issue

Container is running without liveness probe

low severity

Public ID: SNYK-CC-K8S-41
Introduced through: [DocId: 46] › spec › template › spec › initContainers[copyutil] › livenessProbe
Line number: 10100

Impact

Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

Remediation

Add `livenessProbe` attribute

More about this issue

Container is running without memory limit

low severity

Public ID: SNYK-CC-K8S-4
Introduced through: [DocId: 42] › input › spec › template › spec › containers[argocd-applicationset-controller] › resources › limits › memory
Line number: 9686

Impact

Containers without memory limits are more likely to be terminated when the node runs out of memory

Remediation

Set `resources.limits.memory` value

More about this issue

Container is running without memory limit

low severity

Public ID: SNYK-CC-K8S-4
Introduced through: [DocId: 43] › input › spec › template › spec › containers[dex] › resources › limits › memory
Line number: 9763

Impact

Containers without memory limits are more likely to be terminated when the node runs out of memory

Remediation

Set `resources.limits.memory` value

More about this issue

Container is running without memory limit

low severity

Public ID: SNYK-CC-K8S-4
Introduced through: [DocId: 43] › input › spec › template › spec › initContainers[copyutil] › resources › limits › memory
Line number: 9786

Impact

Containers without memory limits are more likely to be terminated when the node runs out of memory

Remediation

Set `resources.limits.memory` value

More about this issue

Container is running without memory limit

low severity

Public ID: SNYK-CC-K8S-4
Introduced through: [DocId: 44] › input › spec › template › spec › containers[argocd-notifications-controller] › resources › limits › memory
Line number: 9829

Impact

Containers without memory limits are more likely to be terminated when the node runs out of memory

Remediation

Set `resources.limits.memory` value

More about this issue

Container is running without memory limit

low severity

Public ID: SNYK-CC-K8S-4
Introduced through: [DocId: 45] › input › spec › template › spec › containers[redis] › resources › limits › memory
Line number: 9901

Impact

Containers without memory limits are more likely to be terminated when the node runs out of memory

Remediation

Set `resources.limits.memory` value

More about this issue

Container is running without memory limit

low severity

Public ID: SNYK-CC-K8S-4
Introduced through: [DocId: 46] › input › spec › template › spec › initContainers[copyutil] › resources › limits › memory
Line number: 10100

Impact

Containers without memory limits are more likely to be terminated when the node runs out of memory

Remediation

Set `resources.limits.memory` value

More about this issue

Container is running without memory limit

low severity

Public ID: SNYK-CC-K8S-4
Introduced through: [DocId: 46] › input › spec › template › spec › containers[argocd-repo-server] › resources › limits › memory
Line number: 9955

Impact

Containers without memory limits are more likely to be terminated when the node runs out of memory

Remediation

Set `resources.limits.memory` value

More about this issue

Container is running without memory limit

low severity

Public ID: SNYK-CC-K8S-4
Introduced through: [DocId: 47] › input › spec › template › spec › containers[argocd-server] › resources › limits › memory
Line number: 10183

Impact

Containers without memory limits are more likely to be terminated when the node runs out of memory

Remediation

Set `resources.limits.memory` value

More about this issue

Container is running without memory limit

low severity

Public ID: SNYK-CC-K8S-4
Introduced through: [DocId: 48] › input › spec › template › spec › containers[argocd-application-controller] › resources › limits › memory
Line number: 10443

Impact

Containers without memory limits are more likely to be terminated when the node runs out of memory

Remediation

Set `resources.limits.memory` value

More about this issue

Container's UID could clash with host's UID

low severity

Public ID: SNYK-CC-K8S-11
Introduced through: [DocId: 42] › input › spec › template › spec › containers[argocd-applicationset-controller] › securityContext › runAsUser
Line number: 9702

Impact

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

Remediation

Set `securityContext.runAsUser` value to greater or equal than 10000

More about this issue

Container's UID could clash with host's UID

low severity

Public ID: SNYK-CC-K8S-11
Introduced through: [DocId: 43] › input › spec › template › spec › initContainers[copyutil] › securityContext › runAsUser
Line number: 9794

Impact

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

Remediation

Set `securityContext.runAsUser` value to greater or equal than 10000

More about this issue

Container's UID could clash with host's UID

low severity

Public ID: SNYK-CC-K8S-11
Introduced through: [DocId: 43] › input › spec › template › spec › containers[dex] › securityContext › runAsUser
Line number: 9773

Impact

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

Remediation

Set `securityContext.runAsUser` value to greater or equal than 10000

More about this issue

Container's UID could clash with host's UID

low severity

Public ID: SNYK-CC-K8S-11
Introduced through: [DocId: 44] › input › spec › template › spec › containers[argocd-notifications-controller] › securityContext › runAsUser
Line number: 9837

Impact

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

Remediation

Set `securityContext.runAsUser` value to greater or equal than 10000

More about this issue

Container's UID could clash with host's UID

low severity

Public ID: SNYK-CC-K8S-11
Introduced through: [DocId: 45] › input › spec › template › spec › containers[redis] › securityContext › runAsUser
Line number: 9911

Impact

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

Remediation

Set `securityContext.runAsUser` value to greater or equal than 10000

More about this issue

Container's UID could clash with host's UID

low severity

Public ID: SNYK-CC-K8S-11
Introduced through: [DocId: 46] › input › spec › template › spec › initContainers[copyutil] › securityContext › runAsUser
Line number: 10107

Impact

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

Remediation

Set `securityContext.runAsUser` value to greater or equal than 10000

More about this issue

Container's UID could clash with host's UID

low severity

Public ID: SNYK-CC-K8S-11
Introduced through: [DocId: 46] › input › spec › template › spec › containers[argocd-repo-server] › securityContext › runAsUser
Line number: 10075

Impact

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

Remediation

Set `securityContext.runAsUser` value to greater or equal than 10000

More about this issue

Container's UID could clash with host's UID

low severity

Public ID: SNYK-CC-K8S-11
Introduced through: [DocId: 47] › input › spec › template › spec › containers[argocd-server] › securityContext › runAsUser
Line number: 10366

Impact

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

Remediation

Set `securityContext.runAsUser` value to greater or equal than 10000

More about this issue

Container's UID could clash with host's UID

low severity

Public ID: SNYK-CC-K8S-11
Introduced through: [DocId: 48] › input › spec › template › spec › containers[argocd-application-controller] › securityContext › runAsUser
Line number: 10567

Impact

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

Remediation

Set `securityContext.runAsUser` value to greater or equal than 10000

More about this issue