Skip to content

my test #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ktech810 merged 1 commit into from
Mar 16, 2026

my test

e91f8d7
Select commit
Loading
Failed to load commit list.
Merged

my test #2

my test
e91f8d7
Select commit
Loading
Failed to load commit list.
gcp-us4-usw1 / Sysdig check failed Mar 13, 2026 in 54s

Sysdig Pull Request Policy Evaluation

Sysdig Secure evaluated the Infrastructure-as-Code files in the pull request and identified violations to the following policies and zones:

Policies: CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.5.0 • CIS Kubernetes V1.18 Benchmark • CIS Kubernetes V1.28 Benchmark • Sysdig Kubernetes

Zones: Entire Git • Voting-App-Zone

View more details at Sysdig docs

Summary

Severity: 🔴 High 🟠 Medium 🟡 Low
Count: 3 9 8

Details

The following controls’ violations were identified:

Container with NET_RAW capability | 🔴 High | 1 Occurrences
Failed Resource Kind Resource Location Source
vote Deployment capabilities in container vote
 /k8s-specifications/vote-deployment.yaml

Failed Requirements:

  • 5.2.7 Minimize the admission of containers with the NET_RAW capability [CIS Kubernetes V1.18 Benchmark]
  • 5.2.8 Minimize the admission of containers with the NET_RAW capability [CIS Kubernetes V1.28 Benchmark]
Container with RunAsUser root or not set | 🔴 High | 1 Occurrences
Failed Resource Kind Resource Location Source
vote Deployment runAsUser in container vote
 /k8s-specifications/vote-deployment.yaml

Failed Requirements:

  • 5.2.6 Minimize the admission of root containers [CIS Kubernetes V1.18 Benchmark]
  • 5.2.7 Minimize the admission of root containers [CIS Kubernetes V1.28 Benchmark]
Container with writable root file system | 🔴 High | 1 Occurrences
Failed Resource Kind Resource Location Source
vote Deployment readOnlyRootFilesystem in container vote
 /k8s-specifications/vote-deployment.yaml

Failed Requirements:

  • 1.2 - Immutable container filesystem [Sysdig Kubernetes]
Approved Registries | 🟠 Medium | 1 Occurrences
Failed Resource Kind Resource Location Source
vote Deployment image in container vote
 /k8s-specifications/vote-deployment.yaml

Failed Requirements:

  • 5.1.4 Minimize Container Registries to only those approved [CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.5.0]
Container using image without digest | 🟠 Medium | 1 Occurrences
Failed Resource Kind Resource Location Source
vote Deployment image in container vote
 /k8s-specifications/vote-deployment.yaml

Failed Requirements:

  • 2.4 - Container image tag [Sysdig Kubernetes]
Container using latest image | 🟠 Medium | 1 Occurrences
Failed Resource Kind Resource Location Source
vote Deployment image in container vote
 /k8s-specifications/vote-deployment.yaml

Failed Requirements:

  • 2.4 - Container image tag [Sysdig Kubernetes]
Container with ANY capability | 🟠 Medium | 1 Occurrences
Failed Resource Kind Resource Location Source
vote Deployment Capabilities Count in container vote
 /k8s-specifications/vote-deployment.yaml

Failed Requirements:

  • 5.2.10 Minimize the admission of containers with capabilities assigned [CIS Kubernetes V1.28 Benchmark]
  • 5.2.8 Minimize the admission of containers with added capabilities [CIS Kubernetes V1.18 Benchmark]
  • 5.2.9 Minimize the admission of containers with added capabilities [CIS Kubernetes V1.28 Benchmark]
  • 5.2.9 Minimize the admission of containers with capabilities assigned [CIS Kubernetes V1.18 Benchmark]
Container with root group access | 🟠 Medium | 1 Occurrences
Failed Resource Kind Resource Location Source
vote Deployment runAsGroup in container vote
 /k8s-specifications/vote-deployment.yaml

Failed Requirements:

  • 1.6 - Container root group access [Sysdig Kubernetes]
Policies - Defined Containers Security Context | 🟠 Medium | 1 Occurrences
Failed Resource Kind Resource Location Source
vote Deployment securityContext in container vote
 /k8s-specifications/vote-deployment.yaml

Failed Requirements:

  • 4.5.2 Apply Security Context to Your Pods and Containers [CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.5.0]
  • 5.7.3 Apply Security Context to Your Pods and Containers [CIS Kubernetes V1.18 Benchmark]
  • 5.7.3 Apply Security Context to Your Pods and Containers [CIS Kubernetes V1.28 Benchmark]
Workload container default RunAsGroup root | 🟠 Medium | 1 Occurrences
Failed Resource Kind Resource Location Source
vote Deployment runAsGroup in workload
 /k8s-specifications/vote-deployment.yaml

Failed Requirements:

  • 1.1 - Workload Default SecurityContext [Sysdig Kubernetes]
Workload missing CPU limit | 🟠 Medium | 1 Occurrences
Failed Resource Kind Resource Location Source
vote Deployment limits.cpu in container vote
 /k8s-specifications/vote-deployment.yaml

Failed Requirements:

  • 2.2 - Missing container limits [Sysdig Kubernetes]
Workload missing memory limit | 🟠 Medium | 1 Occurrences
Failed Resource Kind Resource Location Source
vote Deployment limits.memory in container vote
 /k8s-specifications/vote-deployment.yaml

Failed Requirements:

  • 2.2 - Missing container limits [Sysdig Kubernetes]
Container permitting root | 🟡 Low | 1 Occurrences
Failed Resource Kind Resource Location Source
vote Deployment runAsNonRoot in container vote
 /k8s-specifications/vote-deployment.yaml

Failed Requirements:

  • 5.2.6 Minimize the admission of root containers [CIS Kubernetes V1.18 Benchmark]
  • 5.2.7 Minimize the admission of root containers [CIS Kubernetes V1.28 Benchmark]
Container uid is host range | 🟡 Low | 1 Occurrences
Failed Resource Kind Resource Location Source
vote Deployment runAsUser in container vote
 /k8s-specifications/vote-deployment.yaml

Failed Requirements:

  • 3.2 - Container overlap host UID Range [Sysdig Kubernetes]
  • 5.2.6 Minimize the admission of root containers [CIS Kubernetes V1.18 Benchmark]
  • 5.2.7 Minimize the admission of root containers [CIS Kubernetes V1.28 Benchmark]
Container without liveness probe | 🟡 Low | 1 Occurrences
Failed Resource Kind Resource Location Source
vote Deployment livenessProbe in container vote
 /k8s-specifications/vote-deployment.yaml

Failed Requirements:

  • 2.5 - Container probes [Sysdig Kubernetes]
Container without readiness probe | 🟡 Low | 1 Occurrences
Failed Resource Kind Resource Location Source
vote Deployment readinessProbe in container vote
 /k8s-specifications/vote-deployment.yaml

Failed Requirements:

  • 2.5 - Container probes [Sysdig Kubernetes]
Workload container default RunAsUser root | 🟡 Low | 1 Occurrences
Failed Resource Kind Resource Location Source
vote Deployment runAsUser in workload
 /k8s-specifications/vote-deployment.yaml

Failed Requirements:

  • 1.1 - Workload Default SecurityContext [Sysdig Kubernetes]
Workload container default permits root | 🟡 Low | 1 Occurrences
Failed Resource Kind Resource Location Source
vote Deployment runAsNonRoot in workload
 /k8s-specifications/vote-deployment.yaml

Failed Requirements:

  • 1.1 - Workload Default SecurityContext [Sysdig Kubernetes]
Workload missing CPU request | 🟡 Low | 1 Occurrences
Failed Resource Kind Resource Location Source
vote Deployment requests.cpu in container vote
 /k8s-specifications/vote-deployment.yaml

Failed Requirements:

  • 2.1 - Missing container requirements [Sysdig Kubernetes]
Workload missing memory request | 🟡 Low | 1 Occurrences
Failed Resource Kind Resource Location Source
vote Deployment requests.memory in container vote
 /k8s-specifications/vote-deployment.yaml

Failed Requirements:

  • 2.1 - Missing container requirements [Sysdig Kubernetes]
View more details on gcp-us4-usw1