We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
0_Lint Code Base.txt
2024-04-25T11:44:10.9563422Z 2024-04-25 11:44:10 [ERROR] Errors found in CHECKOV 2024-04-25T11:44:10.9885531Z 2024-04-25 11:44:10 [ERROR] Command output for CHECKOV: 2024-04-25T11:44:10.9886493Z ------ 2024-04-25T11:44:10.9887001Z terraform scan results: 2024-04-25T11:44:10.9887494Z 2024-04-25T11:44:10.9887857Z Passed checks: 99, Failed checks: 10, Skipped checks: 0 2024-04-25T11:44:10.9888475Z 2024-04-25T11:44:10.9889293Z Check: CKV_GCP_81: "Ensure Big Query Datasets are encrypted with Customer Supplied Encryption Keys (CSEK)" 2024-04-25T11:44:10.9890632Z FAILED for resource: google_bigquery_dataset.demo_dataset 2024-04-25T11:44:10.9892432Z File: /gemini/use-cases/applying-llms-to-data/using-gemini-with-bigquery-remote-functions/bigquery.tf:18-23 2024-04-25T11:44:10.9896039Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/ensure-gcp-big-query-tables-are-encrypted-with-customer-supplied-encryption-keys-csek-1 2024-04-25T11:44:10.9898087Z 2024-04-25T11:44:10.9898508Z 18 | resource "google_bigquery_dataset" "demo_dataset" { 2024-04-25T11:44:10.9899709Z 19 | project = module.project-services.project_id 2024-04-25T11:44:10.9900948Z 20 | dataset_id = "gemini_demo" 2024-04-25T11:44:10.9901664Z 21 | location = var.region 2024-04-25T11:44:10.9902496Z 22 | depends_on = [time_sleep.wait_after_apis] 2024-04-25T11:44:10.9903243Z 23 | } 2024-04-25T11:44:10.9903493Z 2024-04-25T11:44:10.9904264Z Check: CKV_GCP_80: "Ensure Big Query Tables are encrypted with Customer Supplied Encryption Keys (CSEK)" 2024-04-25T11:44:10.9905635Z FAILED for resource: google_bigquery_table.object_table 2024-04-25T11:44:10.9907241Z File: /gemini/use-cases/applying-llms-to-data/using-gemini-with-bigquery-remote-functions/bigquery.tf:56-70 2024-04-25T11:44:10.9910465Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/ensure-gcp-big-query-tables-are-encrypted-with-customer-supplied-encryption-keys-csek 2024-04-25T11:44:10.9912636Z 2024-04-25T11:44:10.9913023Z 56 | resource "google_bigquery_table" "object_table" { 2024-04-25T11:44:10.9914062Z 57 | project = module.project-services.project_id 2024-04-25T11:44:10.9915173Z 58 | dataset_id = google_bigquery_dataset.demo_dataset.dataset_id 2024-04-25T11:44:10.9916287Z 59 | table_id = "image_object_table" 2024-04-25T11:44:10.9917095Z 60 | deletion_protection = var.deletion_protection 2024-04-25T11:44:10.9917870Z 61 | 2024-04-25T11:44:10.9918487Z 62 | external_data_configuration { 2024-04-25T11:44:10.9919428Z 63 | autodetect = false 2024-04-25T11:44:10.9920340Z 64 | connection_id = google_bigquery_connection.function_connection.id 2024-04-25T11:44:10.9921588Z 65 | source_uris = ["${google_storage_bucket.demo_images.url}/*"] 2024-04-25T11:44:10.9922465Z 66 | object_metadata = "Simple" 2024-04-25T11:44:10.9923120Z 67 | } 2024-04-25T11:44:10.9923695Z 68 | 2024-04-25T11:44:10.9924618Z 69 | depends_on = [google_project_iam_member.functions_invoke_roles, google_storage_bucket.demo_images] 2024-04-25T11:44:10.9925741Z 70 | } 2024-04-25T11:44:10.9926102Z 2024-04-25T11:44:10.9926657Z Check: CKV_GCP_121: "Ensure BigQuery tables have deletion protection enabled" 2024-04-25T11:44:10.9927800Z FAILED for resource: google_bigquery_table.object_table 2024-04-25T11:44:10.9929349Z File: /gemini/use-cases/applying-llms-to-data/using-gemini-with-bigquery-remote-functions/bigquery.tf:56-70 2024-04-25T11:44:10.9931900Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/bc-google-cloud-121 2024-04-25T11:44:10.9933269Z 2024-04-25T11:44:10.9933660Z 56 | resource "google_bigquery_table" "object_table" { 2024-04-25T11:44:10.9934732Z 57 | project = module.project-services.project_id 2024-04-25T11:44:10.9937127Z 58 | dataset_id = google_bigquery_dataset.demo_dataset.dataset_id 2024-04-25T11:44:10.9938183Z 59 | table_id = "image_object_table" 2024-04-25T11:44:10.9939015Z 60 | deletion_protection = var.deletion_protection 2024-04-25T11:44:10.9940003Z 61 | 2024-04-25T11:44:10.9940548Z 62 | external_data_configuration { 2024-04-25T11:44:10.9941207Z 63 | autodetect = false 2024-04-25T11:44:10.9942292Z 64 | connection_id = google_bigquery_connection.function_connection.id 2024-04-25T11:44:10.9943437Z 65 | source_uris = ["${google_storage_bucket.demo_images.url}/*"] 2024-04-25T11:44:10.9944475Z 66 | object_metadata = "Simple" 2024-04-25T11:44:10.9945115Z 67 | } 2024-04-25T11:44:10.9945589Z 68 | 2024-04-25T11:44:10.9946683Z 69 | depends_on = [google_project_iam_member.functions_invoke_roles, google_storage_bucket.demo_images] 2024-04-25T11:44:10.9947774Z 70 | } 2024-04-25T11:44:10.9948080Z 2024-04-25T11:44:10.9948517Z Check: CKV_TF_1: "Ensure Terraform module sources use a commit hash" 2024-04-25T11:44:10.9949721Z FAILED for resource: project-services 2024-04-25T11:44:10.9951135Z File: /gemini/use-cases/applying-llms-to-data/using-gemini-with-bigquery-remote-functions/main.tf:17-60 2024-04-25T11:44:10.9954214Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-git-url-with-commit-hash-revision 2024-04-25T11:44:10.9955976Z 2024-04-25T11:44:10.9956457Z 17 | module "project-services" { 2024-04-25T11:44:10.9957690Z 18 | source = "terraform-google-modules/project-factory/google//modules/project_services" 2024-04-25T11:44:10.9958881Z 19 | version = "14.4" 2024-04-25T11:44:10.9959749Z 20 | disable_services_on_destroy = false 2024-04-25T11:44:10.9960469Z 21 | 2024-04-25T11:44:10.9960968Z 22 | project_id = var.project_id 2024-04-25T11:44:10.9961818Z 23 | enable_apis = var.enable_apis 2024-04-25T11:44:10.9962495Z 24 | 2024-04-25T11:44:10.9962966Z 25 | activate_apis = [ 2024-04-25T11:44:10.9963702Z 26 | "aiplatform.googleapis.com", 2024-04-25T11:44:10.9964471Z 27 | "bigquery.googleapis.com", 2024-04-25T11:44:10.9965202Z 28 | "bigqueryconnection.googleapis.com", 2024-04-25T11:44:10.9966138Z 29 | "bigquerystorage.googleapis.com", 2024-04-25T11:44:10.9966946Z 30 | "cloudapis.googleapis.com", 2024-04-25T11:44:10.9967656Z 31 | "cloudfunctions.googleapis.com", 2024-04-25T11:44:10.9968514Z 32 | "config.googleapis.com", 2024-04-25T11:44:10.9969247Z 33 | "dataflow.googleapis.com", 2024-04-25T11:44:10.9970124Z 34 | "dataform.googleapis.com", 2024-04-25T11:44:10.9970948Z 35 | "logging.googleapis.com", 2024-04-25T11:44:10.9971700Z 36 | "notebooks.googleapis.com", 2024-04-25T11:44:10.9972363Z 37 | "run.googleapis.com", 2024-04-25T11:44:10.9973183Z 38 | "serviceusage.googleapis.com", 2024-04-25T11:44:10.9973931Z 39 | "storage.googleapis.com", 2024-04-25T11:44:10.9974702Z 40 | "storage-api.googleapis.com", 2024-04-25T11:44:10.9975575Z 41 | "workflows.googleapis.com", 2024-04-25T11:44:10.9976478Z 42 | ] 2024-04-25T11:44:10.9976905Z 43 | 2024-04-25T11:44:10.9977576Z 44 | activate_api_identities = [ 2024-04-25T11:44:10.9978294Z 45 | { 2024-04-25T11:44:10.9978826Z 46 | api = "workflows.googleapis.com" 2024-04-25T11:44:10.9979672Z 47 | roles = [ 2024-04-25T11:44:10.9980270Z 48 | "roles/workflows.viewer" 2024-04-25T11:44:10.9980890Z 49 | ] 2024-04-25T11:44:10.9981625Z 50 | api = "cloudfunctions.googleapis.com" 2024-04-25T11:44:10.9982390Z 51 | roles = [ 2024-04-25T11:44:10.9982963Z 52 | "roles/cloudfunctions.invoker" 2024-04-25T11:44:10.9983794Z 53 | ] 2024-04-25T11:44:10.9984357Z 54 | api = "run.googleapis.com" 2024-04-25T11:44:10.9985010Z 55 | roles = [ 2024-04-25T11:44:10.9985686Z 56 | "roles/run.invoker" 2024-04-25T11:44:10.9986195Z 57 | ] 2024-04-25T11:44:10.9986491Z 58 | } 2024-04-25T11:44:10.9986875Z 59 | ] 2024-04-25T11:44:10.9987132Z 60 | } 2024-04-25T11:44:10.9987338Z 2024-04-25T11:44:10.9987513Z Check: CKV_GCP_62: "Bucket should log access" 2024-04-25T11:44:10.9988136Z FAILED for resource: google_storage_bucket.function_source 2024-04-25T11:44:10.9989104Z File: /gemini/use-cases/applying-llms-to-data/using-gemini-with-bigquery-remote-functions/storage.tf:19-26 2024-04-25T11:44:10.9990469Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-storage-gcs-policies/bc-gcp-logging-2 2024-04-25T11:44:10.9991314Z 2024-04-25T11:44:10.9991606Z 19 | resource "google_storage_bucket" "function_source" { 2024-04-25T11:44:10.9992302Z 20 | name = "gemini-bq-demo-${random_id.id.hex}" 2024-04-25T11:44:10.9992958Z 21 | project = module.project-services.project_id 2024-04-25T11:44:10.9993597Z 22 | location = var.region 2024-04-25T11:44:10.9994102Z 23 | uniform_bucket_level_access = true 2024-04-25T11:44:10.9994571Z 24 | force_destroy = var.force_destroy 2024-04-25T11:44:10.9995370Z 25 | depends_on = [time_sleep.wait_after_apis] 2024-04-25T11:44:10.9995908Z 26 | } 2024-04-25T11:44:10.9996065Z 2024-04-25T11:44:10.9996466Z Check: CKV_GCP_114: "Ensure public access prevention is enforced on Cloud Storage bucket" 2024-04-25T11:44:10.9997250Z FAILED for resource: google_storage_bucket.function_source 2024-04-25T11:44:10.9998231Z File: /gemini/use-cases/applying-llms-to-data/using-gemini-with-bigquery-remote-functions/storage.tf:19-26 2024-04-25T11:44:10.9999656Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/bc-google-cloud-114 2024-04-25T11:44:11.0000457Z 2024-04-25T11:44:11.0000760Z 19 | resource "google_storage_bucket" "function_source" { 2024-04-25T11:44:11.0001422Z 20 | name = "gemini-bq-demo-${random_id.id.hex}" 2024-04-25T11:44:11.0002106Z 21 | project = module.project-services.project_id 2024-04-25T11:44:11.0002771Z 22 | location = var.region 2024-04-25T11:44:11.0003219Z 23 | uniform_bucket_level_access = true 2024-04-25T11:44:11.0003719Z 24 | force_destroy = var.force_destroy 2024-04-25T11:44:11.0004371Z 25 | depends_on = [time_sleep.wait_after_apis] 2024-04-25T11:44:11.0004834Z 26 | } 2024-04-25T11:44:11.0005028Z 2024-04-25T11:44:11.0005274Z Check: CKV_GCP_78: "Ensure Cloud storage has versioning enabled" 2024-04-25T11:44:11.0006157Z FAILED for resource: google_storage_bucket.function_source 2024-04-25T11:44:11.0007075Z File: /gemini/use-cases/applying-llms-to-data/using-gemini-with-bigquery-remote-functions/storage.tf:19-26 2024-04-25T11:44:11.0008676Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/ensure-gcp-cloud-storage-has-versioning-enabled 2024-04-25T11:44:11.0009857Z 2024-04-25T11:44:11.0010079Z 19 | resource "google_storage_bucket" "function_source" { 2024-04-25T11:44:11.0010736Z 20 | name = "gemini-bq-demo-${random_id.id.hex}" 2024-04-25T11:44:11.0011457Z 21 | project = module.project-services.project_id 2024-04-25T11:44:11.0012099Z 22 | location = var.region 2024-04-25T11:44:11.0012608Z 23 | uniform_bucket_level_access = true 2024-04-25T11:44:11.0013125Z 24 | force_destroy = var.force_destroy 2024-04-25T11:44:11.0013762Z 25 | depends_on = [time_sleep.wait_after_apis] 2024-04-25T11:44:11.0014422Z 26 | } 2024-04-25T11:44:11.0014617Z 2024-04-25T11:44:11.0014790Z Check: CKV_GCP_62: "Bucket should log access" 2024-04-25T11:44:11.0015420Z FAILED for resource: google_storage_bucket.demo_images 2024-04-25T11:44:11.0016899Z File: /gemini/use-cases/applying-llms-to-data/using-gemini-with-bigquery-remote-functions/storage.tf:44-51 2024-04-25T11:44:11.0018483Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-storage-gcs-policies/bc-gcp-logging-2 2024-04-25T11:44:11.0019439Z 2024-04-25T11:44:11.0019785Z 44 | resource "google_storage_bucket" "demo_images" { 2024-04-25T11:44:11.0020466Z 45 | name = "gemini-bq-demo-images-${random_id.id.hex}" 2024-04-25T11:44:11.0021194Z 46 | project = module.project-services.project_id 2024-04-25T11:44:11.0021874Z 47 | location = var.region 2024-04-25T11:44:11.0022376Z 48 | uniform_bucket_level_access = true 2024-04-25T11:44:11.0022862Z 49 | force_destroy = var.force_destroy 2024-04-25T11:44:11.0023527Z 50 | depends_on = [time_sleep.wait_after_apis] 2024-04-25T11:44:11.0024039Z 51 | } 2024-04-25T11:44:11.0024195Z 2024-04-25T11:44:11.0024559Z Check: CKV_GCP_114: "Ensure public access prevention is enforced on Cloud Storage bucket" 2024-04-25T11:44:11.0025397Z FAILED for resource: google_storage_bucket.demo_images 2024-04-25T11:44:11.0026615Z File: /gemini/use-cases/applying-llms-to-data/using-gemini-with-bigquery-remote-functions/storage.tf:44-51 2024-04-25T11:44:11.0028080Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/bc-google-cloud-114 2024-04-25T11:44:11.0029044Z 2024-04-25T11:44:11.0029246Z 44 | resource "google_storage_bucket" "demo_images" { 2024-04-25T11:44:11.0029925Z 45 | name = "gemini-bq-demo-images-${random_id.id.hex}" 2024-04-25T11:44:11.0030739Z 46 | project = module.project-services.project_id 2024-04-25T11:44:11.0031322Z 47 | location = var.region 2024-04-25T11:44:11.0031830Z 48 | uniform_bucket_level_access = true 2024-04-25T11:44:11.0032449Z 49 | force_destroy = var.force_destroy 2024-04-25T11:44:11.0033023Z 50 | depends_on = [time_sleep.wait_after_apis] 2024-04-25T11:44:11.0033554Z 51 | } 2024-04-25T11:44:11.0033734Z 2024-04-25T11:44:11.0034107Z Check: CKV_GCP_78: "Ensure Cloud storage has versioning enabled" 2024-04-25T11:44:11.0034736Z FAILED for resource: google_storage_bucket.demo_images 2024-04-25T11:44:11.0035749Z File: /gemini/use-cases/applying-llms-to-data/using-gemini-with-bigquery-remote-functions/storage.tf:44-51 2024-04-25T11:44:11.0037593Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/ensure-gcp-cloud-storage-has-versioning-enabled 2024-04-25T11:44:11.0038846Z 2024-04-25T11:44:11.0039096Z 44 | resource "google_storage_bucket" "demo_images" { 2024-04-25T11:44:11.0039789Z 45 | name = "gemini-bq-demo-images-${random_id.id.hex}" 2024-04-25T11:44:11.0040615Z 46 | project = module.project-services.project_id 2024-04-25T11:44:11.0041223Z 47 | location = var.region 2024-04-25T11:44:11.0041719Z 48 | uniform_bucket_level_access = true 2024-04-25T11:44:11.0042326Z 49 | force_destroy = var.force_destroy 2024-04-25T11:44:11.0042955Z 50 | depends_on = [time_sleep.wait_after_apis] 2024-04-25T11:44:11.0043450Z 51 | } 2024-04-25T11:44:11.0043650Z 2024-04-25T11:44:11.0043854Z kubernetes scan results: 2024-04-25T11:44:11.0044080Z 2024-04-25T11:44:11.0044362Z Passed checks: 289, Failed checks: 65, Skipped checks: 0 2024-04-25T11:44:11.0044734Z 2024-04-25T11:44:11.0044991Z Check: CKV_K8S_21: "The default namespace should not be used" 2024-04-25T11:44:11.0045782Z FAILED for resource: Service.default.fixmycar-backend 2024-04-25T11:44:11.0046642Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/backend-service.yaml:1-12 2024-04-25T11:44:11.0047935Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-20 2024-04-25T11:44:11.0048716Z 2024-04-25T11:44:11.0048917Z 1 | apiVersion: v1 2024-04-25T11:44:11.0049316Z 2 | kind: Service 2024-04-25T11:44:11.0049678Z 3 | metadata: 2024-04-25T11:44:11.0050118Z 4 | name: fixmycar-backend 2024-04-25T11:44:11.0050546Z 5 | spec: 2024-04-25T11:44:11.0050874Z 6 | selector: 2024-04-25T11:44:11.0051307Z 7 | app: fixmycar-backend 2024-04-25T11:44:11.0051739Z 8 | ports: 2024-04-25T11:44:11.0052114Z 9 | - name: http 2024-04-25T11:44:11.0052536Z 10 | port: 8080 2024-04-25T11:44:11.0052918Z 11 | targetPort: 8080 2024-04-25T11:44:11.0053332Z 12 | type: ClusterIP 2024-04-25T11:44:11.0053560Z 2024-04-25T11:44:11.0054017Z Check: CKV_K8S_22: "Use read-only filesystem for containers where possible" 2024-04-25T11:44:11.0054810Z FAILED for resource: Deployment.default.fixmycar-backend 2024-04-25T11:44:11.0055684Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/backend-deployment.yaml:1-59 2024-04-25T11:44:11.0057345Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-21 2024-04-25T11:44:11.0058188Z 2024-04-25T11:44:11.0058765Z Code lines for this resource are too many. Please use IDE of your choice to review the file. 2024-04-25T11:44:11.0059661Z Check: CKV_K8S_21: "The default namespace should not be used" 2024-04-25T11:44:11.0060480Z FAILED for resource: Deployment.default.fixmycar-backend 2024-04-25T11:44:11.0061336Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/backend-deployment.yaml:1-59 2024-04-25T11:44:11.0062655Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-20 2024-04-25T11:44:11.0063460Z 2024-04-25T11:44:11.0063986Z Code lines for this resource are too many. Please use IDE of your choice to review the file. 2024-04-25T11:44:11.0064900Z Check: CKV_K8S_37: "Minimize the admission of containers with capabilities assigned" 2024-04-25T11:44:11.0065761Z FAILED for resource: Deployment.default.fixmycar-backend 2024-04-25T11:44:11.0066709Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/backend-deployment.yaml:1-59 2024-04-25T11:44:11.0068041Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-34 2024-04-25T11:44:11.0068828Z 2024-04-25T11:44:11.0069240Z Code lines for this resource are too many. Please use IDE of your choice to review the file. 2024-04-25T11:44:11.0070231Z Check: CKV_K8S_40: "Containers should run as a high UID to avoid host conflict" 2024-04-25T11:44:11.0071217Z FAILED for resource: Deployment.default.fixmycar-backend 2024-04-25T11:44:11.0072061Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/backend-deployment.yaml:1-59 2024-04-25T11:44:11.0073441Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-37 2024-04-25T11:44:11.0074276Z 2024-04-25T11:44:11.0074683Z Code lines for this resource are too many. Please use IDE of your choice to review the file. 2024-04-25T11:44:11.0075568Z Check: CKV_K8S_29: "Apply security context to your pods and containers" 2024-04-25T11:44:11.0076377Z FAILED for resource: Deployment.default.fixmycar-backend 2024-04-25T11:44:11.0077268Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/backend-deployment.yaml:1-59 2024-04-25T11:44:11.0078936Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-securitycontext-is-applied-to-pods-and-containers 2024-04-25T11:44:11.0080083Z 2024-04-25T11:44:11.0080513Z Code lines for this resource are too many. Please use IDE of your choice to review the file. 2024-04-25T11:44:11.0081356Z Check: CKV_K8S_30: "Apply security context to your containers" 2024-04-25T11:44:11.0082061Z FAILED for resource: Deployment.default.fixmycar-backend 2024-04-25T11:44:11.0082969Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/backend-deployment.yaml:1-59 2024-04-25T11:44:11.0084153Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-28 2024-04-25T11:44:11.0084925Z 2024-04-25T11:44:11.0085311Z Code lines for this resource are too many. Please use IDE of your choice to review the file. 2024-04-25T11:44:11.0086118Z Check: CKV_K8S_43: "Image should use digest" 2024-04-25T11:44:11.0086698Z FAILED for resource: Deployment.default.fixmycar-backend 2024-04-25T11:44:11.0087528Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/backend-deployment.yaml:1-59 2024-04-25T11:44:11.0088837Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-39 2024-04-25T11:44:11.0089575Z 2024-04-25T11:44:11.0090004Z Code lines for this resource are too many. Please use IDE of your choice to review the file. 2024-04-25T11:44:11.0090930Z Check: CKV_K8S_31: "Ensure that the seccomp profile is set to docker/default or runtime/default" 2024-04-25T11:44:11.0091846Z FAILED for resource: Deployment.default.fixmycar-backend 2024-04-25T11:44:11.0092799Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/backend-deployment.yaml:1-59 2024-04-25T11:44:11.0094016Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-29 2024-04-25T11:44:11.0094856Z 2024-04-25T11:44:11.0095244Z Code lines for this resource are too many. Please use IDE of your choice to review the file. 2024-04-25T11:44:11.0096641Z Check: CKV_K8S_28: "Minimize the admission of containers with the NET_RAW capability" 2024-04-25T11:44:11.0097576Z FAILED for resource: Deployment.default.fixmycar-backend 2024-04-25T11:44:11.0098390Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/backend-deployment.yaml:1-59 2024-04-25T11:44:11.0099637Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-27 2024-04-25T11:44:11.0100363Z 2024-04-25T11:44:11.0100869Z Code lines for this resource are too many. Please use IDE of your choice to review the file. 2024-04-25T11:44:11.0101718Z Check: CKV_K8S_14: "Image Tag should be fixed - not latest or blank" 2024-04-25T11:44:11.0102456Z FAILED for resource: Deployment.default.fixmycar-backend 2024-04-25T11:44:11.0103345Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/backend-deployment.yaml:1-59 2024-04-25T11:44:11.0104565Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-13 2024-04-25T11:44:11.0105492Z 2024-04-25T11:44:11.0105915Z Code lines for this resource are too many. Please use IDE of your choice to review the file. 2024-04-25T11:44:11.0106757Z Check: CKV_K8S_8: "Liveness Probe Should be Configured" 2024-04-25T11:44:11.0107456Z FAILED for resource: Deployment.default.fixmycar-backend 2024-04-25T11:44:11.0108245Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/backend-deployment.yaml:1-59 2024-04-25T11:44:11.0109522Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-7 2024-04-25T11:44:11.0110319Z 2024-04-25T11:44:11.0110711Z Code lines for this resource are too many. Please use IDE of your choice to review the file. 2024-04-25T11:44:11.0111585Z Check: CKV_K8S_20: "Containers should not run with allowPrivilegeEscalation" 2024-04-25T11:44:11.0112382Z FAILED for resource: Deployment.default.fixmycar-backend 2024-04-25T11:44:11.0113239Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/backend-deployment.yaml:1-59 2024-04-25T11:44:11.0114474Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-19 2024-04-25T11:44:11.0115284Z 2024-04-25T11:44:11.0115748Z Code lines for this resource are too many. Please use IDE of your choice to review the file. 2024-04-25T11:44:11.0116578Z Check: CKV_K8S_23: "Minimize the admission of root containers" 2024-04-25T11:44:11.0117274Z FAILED for resource: Deployment.default.fixmycar-backend 2024-04-25T11:44:11.0118206Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/backend-deployment.yaml:1-59 2024-04-25T11:44:11.0119415Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-22 2024-04-25T11:44:11.0120178Z 2024-04-25T11:44:11.0120561Z Code lines for this resource are too many. Please use IDE of your choice to review the file. 2024-04-25T11:44:11.0121561Z Check: CKV_K8S_38: "Ensure that Service Account Tokens are only mounted where necessary" 2024-04-25T11:44:11.0122341Z FAILED for resource: Deployment.default.fixmycar-backend 2024-04-25T11:44:11.0123176Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/backend-deployment.yaml:1-59 2024-04-25T11:44:11.0124492Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-35 2024-04-25T11:44:11.0125228Z 2024-04-25T11:44:11.0125655Z Code lines for this resource are too many. Please use IDE of your choice to review the file. 2024-04-25T11:44:11.0126695Z Check: CKV_K8S_35: "Prefer using secrets as files over secrets as environment variables" 2024-04-25T11:44:11.0127600Z FAILED for resource: Deployment.default.fixmycar-backend 2024-04-25T11:44:11.0128433Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/backend-deployment.yaml:1-59 2024-04-25T11:44:11.0129640Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-33 2024-04-25T11:44:11.0130486Z 2024-04-25T11:44:11.0130876Z Code lines for this resource are too many. Please use IDE of your choice to review the file. 2024-04-25T11:44:11.0131647Z Check: CKV_K8S_9: "Readiness Probe Should be Configured" 2024-04-25T11:44:11.0132326Z FAILED for resource: Deployment.default.fixmycar-backend 2024-04-25T11:44:11.0133180Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/backend-deployment.yaml:1-59 2024-04-25T11:44:11.0134415Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-8 2024-04-25T11:44:11.0135139Z 2024-04-25T11:44:11.0135561Z Code lines for this resource are too many. Please use IDE of your choice to review the file. 2024-04-25T11:44:11.0136633Z Check: CKV_K8S_21: "The default namespace should not be used" 2024-04-25T11:44:11.0137351Z FAILED for resource: Service.default.fixmycar-frontend 2024-04-25T11:44:11.0138163Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/frontend-service.yaml:1-13 2024-04-25T11:44:11.0139655Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-20 2024-04-25T11:44:11.0140394Z 2024-04-25T11:44:11.0140526Z 1 | apiVersion: v1 2024-04-25T11:44:11.0140885Z 2 | kind: Service 2024-04-25T11:44:11.0141313Z 3 | metadata: 2024-04-25T11:44:11.0141666Z 4 | name: fixmycar-frontend 2024-04-25T11:44:11.0142067Z 5 | spec: 2024-04-25T11:44:11.0142476Z 6 | type: ClusterIP 2024-04-25T11:44:11.0142801Z 7 | selector: 2024-04-25T11:44:11.0143198Z 8 | app: fixmycar-frontend 2024-04-25T11:44:11.0143685Z 9 | ports: 2024-04-25T11:44:11.0144060Z 10 | - name: fixmycar-frontend-port 2024-04-25T11:44:11.0144515Z 11 | protocol: TCP 2024-04-25T11:44:11.0144968Z 12 | port: 80 2024-04-25T11:44:11.0145291Z 13 | targetPort: 8501 2024-04-25T11:44:11.0145556Z 2024-04-25T11:44:11.0145921Z Check: CKV_K8S_22: "Use read-only filesystem for containers where possible" 2024-04-25T11:44:11.0146768Z FAILED for resource: Deployment.default.fixmycar-frontend 2024-04-25T11:44:11.0147584Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/frontend-deployment.yaml:1-44 2024-04-25T11:44:11.0148834Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-21 2024-04-25T11:44:11.0149636Z 2024-04-25T11:44:11.0149812Z 1 | apiVersion: apps/v1 2024-04-25T11:44:11.0150154Z 2 | kind: Deployment 2024-04-25T11:44:11.0150530Z 3 | metadata: 2024-04-25T11:44:11.0150981Z 4 | name: fixmycar-frontend 2024-04-25T11:44:11.0151345Z 5 | labels: 2024-04-25T11:44:11.0151747Z 6 | app: fixmycar-frontend 2024-04-25T11:44:11.0152223Z 7 | spec: 2024-04-25T11:44:11.0152508Z 8 | replicas: 1 2024-04-25T11:44:11.0152875Z 9 | selector: 2024-04-25T11:44:11.0153278Z 10 | matchLabels: 2024-04-25T11:44:11.0153657Z 11 | app: fixmycar-frontend 2024-04-25T11:44:11.0154094Z 12 | template: 2024-04-25T11:44:11.0154496Z 13 | metadata: 2024-04-25T11:44:11.0154801Z 14 | labels: 2024-04-25T11:44:11.0155217Z 15 | app: fixmycar-frontend 2024-04-25T11:44:11.0155705Z 16 | spec: 2024-04-25T11:44:11.0156019Z 17 | containers: 2024-04-25T11:44:11.0156448Z 18 | - name: fixmycar-frontend 2024-04-25T11:44:11.0157291Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-cloud-sql:latest 2024-04-25T11:44:11.0157967Z 20 | imagePullPolicy: Always 2024-04-25T11:44:11.0158396Z 21 | env: 2024-04-25T11:44:11.0159032Z 22 | - name: BACKEND_URL 2024-04-25T11:44:11.0159730Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080" 2024-04-25T11:44:11.0160351Z 24 | ports: 2024-04-25T11:44:11.0160865Z 25 | - containerPort: 8501 2024-04-25T11:44:11.0161270Z 26 | livenessProbe: 2024-04-25T11:44:11.0161675Z 27 | httpGet: 2024-04-25T11:44:11.0162168Z 28 | path: /_stcore/health 2024-04-25T11:44:11.0162572Z 29 | port: 8501 2024-04-25T11:44:11.0162965Z 30 | scheme: HTTP 2024-04-25T11:44:11.0163458Z 31 | timeoutSeconds: 1 2024-04-25T11:44:11.0163852Z 32 | readinessProbe: 2024-04-25T11:44:11.0164255Z 33 | httpGet: 2024-04-25T11:44:11.0164734Z 34 | path: /_stcore/health 2024-04-25T11:44:11.0165137Z 35 | port: 8501 2024-04-25T11:44:11.0165538Z 36 | scheme: HTTP 2024-04-25T11:44:11.0166034Z 37 | timeoutSeconds: 1 2024-04-25T11:44:11.0166415Z 38 | resources: 2024-04-25T11:44:11.0166800Z 39 | limits: 2024-04-25T11:44:11.0167244Z 40 | cpu: 1 2024-04-25T11:44:11.0167589Z 41 | memory: 2Gi 2024-04-25T11:44:11.0167999Z 42 | requests: 2024-04-25T11:44:11.0168440Z 43 | cpu: 100m 2024-04-25T11:44:11.0168930Z 44 | memory: 745Mi 2024-04-25T11:44:11.0169239Z 2024-04-25T11:44:11.0169478Z Check: CKV_K8S_21: "The default namespace should not be used" 2024-04-25T11:44:11.0170270Z FAILED for resource: Deployment.default.fixmycar-frontend 2024-04-25T11:44:11.0171136Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/frontend-deployment.yaml:1-44 2024-04-25T11:44:11.0172350Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-20 2024-04-25T11:44:11.0173190Z 2024-04-25T11:44:11.0173324Z 1 | apiVersion: apps/v1 2024-04-25T11:44:11.0173723Z 2 | kind: Deployment 2024-04-25T11:44:11.0174043Z 3 | metadata: 2024-04-25T11:44:11.0174495Z 4 | name: fixmycar-frontend 2024-04-25T11:44:11.0174902Z 5 | labels: 2024-04-25T11:44:11.0175243Z 6 | app: fixmycar-frontend 2024-04-25T11:44:11.0175713Z 7 | spec: 2024-04-25T11:44:11.0176796Z 8 | replicas: 1 2024-04-25T11:44:11.0177121Z 9 | selector: 2024-04-25T11:44:11.0177549Z 10 | matchLabels: 2024-04-25T11:44:11.0178044Z 11 | app: fixmycar-frontend 2024-04-25T11:44:11.0178426Z 12 | template: 2024-04-25T11:44:11.0178841Z 13 | metadata: 2024-04-25T11:44:11.0179179Z 14 | labels: 2024-04-25T11:44:11.0179544Z 15 | app: fixmycar-frontend 2024-04-25T11:44:11.0180035Z 16 | spec: 2024-04-25T11:44:11.0180369Z 17 | containers: 2024-04-25T11:44:11.0180760Z 18 | - name: fixmycar-frontend 2024-04-25T11:44:11.0181612Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-cloud-sql:latest 2024-04-25T11:44:11.0182307Z 20 | imagePullPolicy: Always 2024-04-25T11:44:11.0182699Z 21 | env: 2024-04-25T11:44:11.0183184Z 22 | - name: BACKEND_URL 2024-04-25T11:44:11.0183866Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080" 2024-04-25T11:44:11.0184430Z 24 | ports: 2024-04-25T11:44:11.0184935Z 25 | - containerPort: 8501 2024-04-25T11:44:11.0185401Z 26 | livenessProbe: 2024-04-25T11:44:11.0185757Z 27 | httpGet: 2024-04-25T11:44:11.0186237Z 28 | path: /_stcore/health 2024-04-25T11:44:11.0186678Z 29 | port: 8501 2024-04-25T11:44:11.0187057Z 30 | scheme: HTTP 2024-04-25T11:44:11.0187529Z 31 | timeoutSeconds: 1 2024-04-25T11:44:11.0187955Z 32 | readinessProbe: 2024-04-25T11:44:11.0188333Z 33 | httpGet: 2024-04-25T11:44:11.0188793Z 34 | path: /_stcore/health 2024-04-25T11:44:11.0189419Z 35 | port: 8501 2024-04-25T11:44:11.0189793Z 36 | scheme: HTTP 2024-04-25T11:44:11.0190278Z 37 | timeoutSeconds: 1 2024-04-25T11:44:11.0190712Z 38 | resources: 2024-04-25T11:44:11.0191048Z 39 | limits: 2024-04-25T11:44:11.0191476Z 40 | cpu: 1 2024-04-25T11:44:11.0191868Z 41 | memory: 2Gi 2024-04-25T11:44:11.0192229Z 42 | requests: 2024-04-25T11:44:11.0192683Z 43 | cpu: 100m 2024-04-25T11:44:11.0193094Z 44 | memory: 745Mi 2024-04-25T11:44:11.0193342Z 2024-04-25T11:44:11.0193683Z Check: CKV_K8S_37: "Minimize the admission of containers with capabilities assigned" 2024-04-25T11:44:11.0194657Z FAILED for resource: Deployment.default.fixmycar-frontend 2024-04-25T11:44:11.0195506Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/frontend-deployment.yaml:1-44 2024-04-25T11:44:11.0196761Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-34 2024-04-25T11:44:11.0197541Z 2024-04-25T11:44:11.0197693Z 1 | apiVersion: apps/v1 2024-04-25T11:44:11.0198073Z 2 | kind: Deployment 2024-04-25T11:44:11.0198494Z 3 | metadata: 2024-04-25T11:44:11.0198866Z 4 | name: fixmycar-frontend 2024-04-25T11:44:11.0199259Z 5 | labels: 2024-04-25T11:44:11.0199707Z 6 | app: fixmycar-frontend 2024-04-25T11:44:11.0200259Z 7 | spec: 2024-04-25T11:44:11.0200583Z 8 | replicas: 1 2024-04-25T11:44:11.0200981Z 9 | selector: 2024-04-25T11:44:11.0201324Z 10 | matchLabels: 2024-04-25T11:44:11.0201752Z 11 | app: fixmycar-frontend 2024-04-25T11:44:11.0202205Z 12 | template: 2024-04-25T11:44:11.0202547Z 13 | metadata: 2024-04-25T11:44:11.0202884Z 14 | labels: 2024-04-25T11:44:11.0203322Z 15 | app: fixmycar-frontend 2024-04-25T11:44:11.0203738Z 16 | spec: 2024-04-25T11:44:11.0204069Z 17 | containers: 2024-04-25T11:44:11.0204541Z 18 | - name: fixmycar-frontend 2024-04-25T11:44:11.0205303Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-cloud-sql:latest 2024-04-25T11:44:11.0206014Z 20 | imagePullPolicy: Always 2024-04-25T11:44:11.0206469Z 21 | env: 2024-04-25T11:44:11.0206876Z 22 | - name: BACKEND_URL 2024-04-25T11:44:11.0207565Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080" 2024-04-25T11:44:11.0208198Z 24 | ports: 2024-04-25T11:44:11.0208623Z 25 | - containerPort: 8501 2024-04-25T11:44:11.0209077Z 26 | livenessProbe: 2024-04-25T11:44:11.0209503Z 27 | httpGet: 2024-04-25T11:44:11.0209907Z 28 | path: /_stcore/health 2024-04-25T11:44:11.0210364Z 29 | port: 8501 2024-04-25T11:44:11.0210787Z 30 | scheme: HTTP 2024-04-25T11:44:11.0211202Z 31 | timeoutSeconds: 1 2024-04-25T11:44:11.0211657Z 32 | readinessProbe: 2024-04-25T11:44:11.0212123Z 33 | httpGet: 2024-04-25T11:44:11.0212536Z 34 | path: /_stcore/health 2024-04-25T11:44:11.0212977Z 35 | port: 8501 2024-04-25T11:44:11.0213395Z 36 | scheme: HTTP 2024-04-25T11:44:11.0213829Z 37 | timeoutSeconds: 1 2024-04-25T11:44:11.0214243Z 38 | resources: 2024-04-25T11:44:11.0214659Z 39 | limits: 2024-04-25T11:44:11.0215048Z 40 | cpu: 1 2024-04-25T11:44:11.0215422Z 41 | memory: 2Gi 2024-04-25T11:44:11.0216112Z 42 | requests: 2024-04-25T11:44:11.0216546Z 43 | cpu: 100m 2024-04-25T11:44:11.0216939Z 44 | memory: 745Mi 2024-04-25T11:44:11.0217188Z 2024-04-25T11:44:11.0217634Z Check: CKV_K8S_40: "Containers should run as a high UID to avoid host conflict" 2024-04-25T11:44:11.0218405Z FAILED for resource: Deployment.default.fixmycar-frontend 2024-04-25T11:44:11.0219411Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/frontend-deployment.yaml:1-44 2024-04-25T11:44:11.0220773Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-37 2024-04-25T11:44:11.0221526Z 2024-04-25T11:44:11.0221669Z 1 | apiVersion: apps/v1 2024-04-25T11:44:11.0222053Z 2 | kind: Deployment 2024-04-25T11:44:11.0222496Z 3 | metadata: 2024-04-25T11:44:11.0222854Z 4 | name: fixmycar-frontend 2024-04-25T11:44:11.0223249Z 5 | labels: 2024-04-25T11:44:11.0223720Z 6 | app: fixmycar-frontend 2024-04-25T11:44:11.0224088Z 7 | spec: 2024-04-25T11:44:11.0224429Z 8 | replicas: 1 2024-04-25T11:44:11.0224837Z 9 | selector: 2024-04-25T11:44:11.0225140Z 10 | matchLabels: 2024-04-25T11:44:11.0225573Z 11 | app: fixmycar-frontend 2024-04-25T11:44:11.0226055Z 12 | template: 2024-04-25T11:44:11.0226354Z 13 | metadata: 2024-04-25T11:44:11.0226710Z 14 | labels: 2024-04-25T11:44:11.0227182Z 15 | app: fixmycar-frontend 2024-04-25T11:44:11.0227568Z 16 | spec: 2024-04-25T11:44:11.0227919Z 17 | containers: 2024-04-25T11:44:11.0228413Z 18 | - name: fixmycar-frontend 2024-04-25T11:44:11.0229139Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-cloud-sql:latest 2024-04-25T11:44:11.0229851Z 20 | imagePullPolicy: Always 2024-04-25T11:44:11.0230512Z 21 | env: 2024-04-25T11:44:11.0230907Z 22 | - name: BACKEND_URL 2024-04-25T11:44:11.0231579Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080" 2024-04-25T11:44:11.0232250Z 24 | ports: 2024-04-25T11:44:11.0232651Z 25 | - containerPort: 8501 2024-04-25T11:44:11.0233091Z 26 | livenessProbe: 2024-04-25T11:44:11.0233564Z 27 | httpGet: 2024-04-25T11:44:11.0233944Z 28 | path: /_stcore/health 2024-04-25T11:44:11.0234385Z 29 | port: 8501 2024-04-25T11:44:11.0234872Z 30 | scheme: HTTP 2024-04-25T11:44:11.0235251Z 31 | timeoutSeconds: 1 2024-04-25T11:44:11.0235679Z 32 | readinessProbe: 2024-04-25T11:44:11.0236153Z 33 | httpGet: 2024-04-25T11:44:11.0236515Z 34 | path: /_stcore/health 2024-04-25T11:44:11.0236954Z 35 | port: 8501 2024-04-25T11:44:11.0237429Z 36 | scheme: HTTP 2024-04-25T11:44:11.0237809Z 37 | timeoutSeconds: 1 2024-04-25T11:44:11.0238223Z 38 | resources: 2024-04-25T11:44:11.0238676Z 39 | limits: 2024-04-25T11:44:11.0239009Z 40 | cpu: 1 2024-04-25T11:44:11.0239383Z 41 | memory: 2Gi 2024-04-25T11:44:11.0239852Z 42 | requests: 2024-04-25T11:44:11.0240194Z 43 | cpu: 100m 2024-04-25T11:44:11.0240581Z 44 | memory: 745Mi 2024-04-25T11:44:11.0240845Z 2024-04-25T11:44:11.0241225Z Check: CKV_K8S_29: "Apply security context to your pods and containers" 2024-04-25T11:44:11.0241940Z FAILED for resource: Deployment.default.fixmycar-frontend 2024-04-25T11:44:11.0242809Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/frontend-deployment.yaml:1-44 2024-04-25T11:44:11.0244429Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-securitycontext-is-applied-to-pods-and-containers 2024-04-25T11:44:11.0245448Z 2024-04-25T11:44:11.0245617Z 1 | apiVersion: apps/v1 2024-04-25T11:44:11.0245977Z 2 | kind: Deployment 2024-04-25T11:44:11.0246399Z 3 | metadata: 2024-04-25T11:44:11.0246783Z 4 | name: fixmycar-frontend 2024-04-25T11:44:11.0247163Z 5 | labels: 2024-04-25T11:44:11.0247610Z 6 | app: fixmycar-frontend 2024-04-25T11:44:11.0248008Z 7 | spec: 2024-04-25T11:44:11.0248311Z 8 | replicas: 1 2024-04-25T11:44:11.0248724Z 9 | selector: 2024-04-25T11:44:11.0249087Z 10 | matchLabels: 2024-04-25T11:44:11.0249590Z 11 | app: fixmycar-frontend 2024-04-25T11:44:11.0250084Z 12 | template: 2024-04-25T11:44:11.0250405Z 13 | metadata: 2024-04-25T11:44:11.0250748Z 14 | labels: 2024-04-25T11:44:11.0251214Z 15 | app: fixmycar-frontend 2024-04-25T11:44:11.0251614Z 16 | spec: 2024-04-25T11:44:11.0251962Z 17 | containers: 2024-04-25T11:44:11.0252459Z 18 | - name: fixmycar-frontend 2024-04-25T11:44:11.0253205Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-cloud-sql:latest 2024-04-25T11:44:11.0253902Z 20 | imagePullPolicy: Always 2024-04-25T11:44:11.0254416Z 21 | env: 2024-04-25T11:44:11.0254822Z 22 | - name: BACKEND_URL 2024-04-25T11:44:11.0255455Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080" 2024-04-25T11:44:11.0256424Z 24 | ports: 2024-04-25T11:44:11.0256866Z 25 | - containerPort: 8501 2024-04-25T11:44:11.0257267Z 26 | livenessProbe: 2024-04-25T11:44:11.0257765Z 27 | httpGet: 2024-04-25T11:44:11.0258163Z 28 | path: /_stcore/health 2024-04-25T11:44:11.0258568Z 29 | port: 8501 2024-04-25T11:44:11.0259057Z 30 | scheme: HTTP 2024-04-25T11:44:11.0259471Z 31 | timeoutSeconds: 1 2024-04-25T11:44:11.0259861Z 32 | readinessProbe: 2024-04-25T11:44:11.0260339Z 33 | httpGet: 2024-04-25T11:44:11.0261435Z 34 | path: /_stcore/health 2024-04-25T11:44:11.0262046Z 35 | port: 8501 2024-04-25T11:44:11.0262563Z 36 | scheme: HTTP 2024-04-25T11:44:11.0262977Z 37 | timeoutSeconds: 1 2024-04-25T11:44:11.0263381Z 38 | resources: 2024-04-25T11:44:11.0263853Z 39 | limits: 2024-04-25T11:44:11.0264270Z 40 | cpu: 1 2024-04-25T11:44:11.0264810Z 41 | memory: 2Gi 2024-04-25T11:44:11.0265429Z 42 | requests: 2024-04-25T11:44:11.0265979Z 43 | cpu: 100m 2024-04-25T11:44:11.0266425Z 44 | memory: 745Mi 2024-04-25T11:44:11.0266832Z 2024-04-25T11:44:11.0267141Z Check: CKV_K8S_30: "Apply security context to your containers" 2024-04-25T11:44:11.0268008Z FAILED for resource: Deployment.default.fixmycar-frontend 2024-04-25T11:44:11.0268954Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/frontend-deployment.yaml:1-44 2024-04-25T11:44:11.0270321Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-28 2024-04-25T11:44:11.0271059Z 2024-04-25T11:44:11.0271253Z 1 | apiVersion: apps/v1 2024-04-25T11:44:11.0271605Z 2 | kind: Deployment 2024-04-25T11:44:11.0272035Z 3 | metadata: 2024-04-25T11:44:11.0272452Z 4 | name: fixmycar-frontend 2024-04-25T11:44:11.0272812Z 5 | labels: 2024-04-25T11:44:11.0273268Z 6 | app: fixmycar-frontend 2024-04-25T11:44:11.0273685Z 7 | spec: 2024-04-25T11:44:11.0273976Z 8 | replicas: 1 2024-04-25T11:44:11.0274394Z 9 | selector: 2024-04-25T11:44:11.0274751Z 10 | matchLabels: 2024-04-25T11:44:11.0275126Z 11 | app: fixmycar-frontend 2024-04-25T11:44:11.0275620Z 12 | template: 2024-04-25T11:44:11.0275950Z 13 | metadata: 2024-04-25T11:44:11.0276252Z 14 | labels: 2024-04-25T11:44:11.0276731Z 15 | app: fixmycar-frontend 2024-04-25T11:44:11.0277148Z 16 | spec: 2024-04-25T11:44:11.0277450Z 17 | containers: 2024-04-25T11:44:11.0277969Z 18 | - name: fixmycar-frontend 2024-04-25T11:44:11.0278779Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-cloud-sql:latest 2024-04-25T11:44:11.0279435Z 20 | imagePullPolicy: Always 2024-04-25T11:44:11.0279960Z 21 | env: 2024-04-25T11:44:11.0280366Z 22 | - name: BACKEND_URL 2024-04-25T11:44:11.0281005Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080" 2024-04-25T11:44:11.0281692Z 24 | ports: 2024-04-25T11:44:11.0282306Z 25 | - containerPort: 8501 2024-04-25T11:44:11.0282744Z 26 | livenessProbe: 2024-04-25T11:44:11.0283216Z 27 | httpGet: 2024-04-25T11:44:11.0283620Z 28 | path: /_stcore/health 2024-04-25T11:44:11.0284047Z 29 | port: 8501 2024-04-25T11:44:11.0284512Z 30 | scheme: HTTP 2024-04-25T11:44:11.0284932Z 31 | timeoutSeconds: 1 2024-04-25T11:44:11.0285344Z 32 | readinessProbe: 2024-04-25T11:44:11.0285808Z 33 | httpGet: 2024-04-25T11:44:11.0286226Z 34 | path: /_stcore/health 2024-04-25T11:44:11.0286627Z 35 | port: 8501 2024-04-25T11:44:11.0287094Z 36 | scheme: HTTP 2024-04-25T11:44:11.0287526Z 37 | timeoutSeconds: 1 2024-04-25T11:44:11.0287903Z 38 | resources: 2024-04-25T11:44:11.0288345Z 39 | limits: 2024-04-25T11:44:11.0288729Z 40 | cpu: 1 2024-04-25T11:44:11.0289071Z 41 | memory: 2Gi 2024-04-25T11:44:11.0289528Z 42 | requests: 2024-04-25T11:44:11.0289923Z 43 | cpu: 100m 2024-04-25T11:44:11.0290279Z 44 | memory: 745Mi 2024-04-25T11:44:11.0290631Z 2024-04-25T11:44:11.0290800Z Check: CKV_K8S_43: "Image should use digest" 2024-04-25T11:44:11.0291464Z FAILED for resource: Deployment.default.fixmycar-frontend 2024-04-25T11:44:11.0292468Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/frontend-deployment.yaml:1-44 2024-04-25T11:44:11.0293890Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-39 2024-04-25T11:44:11.0294707Z 2024-04-25T11:44:11.0294847Z 1 | apiVersion: apps/v1 2024-04-25T11:44:11.0295245Z 2 | kind: Deployment 2024-04-25T11:44:11.0295664Z 3 | metadata: 2024-04-25T11:44:11.0296370Z 4 | name: fixmycar-frontend 2024-04-25T11:44:11.0296788Z 5 | labels: 2024-04-25T11:44:11.0297261Z 6 | app: fixmycar-frontend 2024-04-25T11:44:11.0297679Z 7 | spec: 2024-04-25T11:44:11.0298032Z 8 | replicas: 1 2024-04-25T11:44:11.0298432Z 9 | selector: 2024-04-25T11:44:11.0298785Z 10 | matchLabels: 2024-04-25T11:44:11.0299182Z 11 | app: fixmycar-frontend 2024-04-25T11:44:11.0299692Z 12 | template: 2024-04-25T11:44:11.0300041Z 13 | metadata: 2024-04-25T11:44:11.0300373Z 14 | labels: 2024-04-25T11:44:11.0300862Z 15 | app: fixmycar-frontend 2024-04-25T11:44:11.0301305Z 16 | spec: 2024-04-25T11:44:11.0301635Z 17 | containers: 2024-04-25T11:44:11.0302155Z 18 | - name: fixmycar-frontend 2024-04-25T11:44:11.0302947Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-cloud-sql:latest 2024-04-25T11:44:11.0303655Z 20 | imagePullPolicy: Always 2024-04-25T11:44:11.0304170Z 21 | env: 2024-04-25T11:44:11.0304588Z 22 | - name: BACKEND_URL 2024-04-25T11:44:11.0305313Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080" 2024-04-25T11:44:11.0305994Z 24 | ports: 2024-04-25T11:44:11.0306455Z 25 | - containerPort: 8501 2024-04-25T11:44:11.0306917Z 26 | livenessProbe: 2024-04-25T11:44:11.0307371Z 27 | httpGet: 2024-04-25T11:44:11.0307802Z 28 | path: /_stcore/health 2024-04-25T11:44:11.0308264Z 29 | port: 8501 2024-04-25T11:44:11.0308729Z 30 | scheme: HTTP 2024-04-25T11:44:11.0309180Z 31 | timeoutSeconds: 1 2024-04-25T11:44:11.0309624Z 32 | readinessProbe: 2024-04-25T11:44:11.0310072Z 33 | httpGet: 2024-04-25T11:44:11.0310500Z 34 | path: /_stcore/health 2024-04-25T11:44:11.0310958Z 35 | port: 8501 2024-04-25T11:44:11.0311401Z 36 | scheme: HTTP 2024-04-25T11:44:11.0311847Z 37 | timeoutSeconds: 1 2024-04-25T11:44:11.0312281Z 38 | resources: 2024-04-25T11:44:11.0312896Z 39 | limits: 2024-04-25T11:44:11.0313284Z 40 | cpu: 1 2024-04-25T11:44:11.0313673Z 41 | memory: 2Gi 2024-04-25T11:44:11.0314142Z 42 | requests: 2024-04-25T11:44:11.0314540Z 43 | cpu: 100m 2024-04-25T11:44:11.0314945Z 44 | memory: 745Mi 2024-04-25T11:44:11.0315319Z 2024-04-25T11:44:11.0315738Z Check: CKV_K8S_31: "Ensure that the seccomp profile is set to docker/default or runtime/default" 2024-04-25T11:44:11.0316654Z FAILED for resource: Deployment.default.fixmycar-frontend 2024-04-25T11:44:11.0317562Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/frontend-deployment.yaml:1-44 2024-04-25T11:44:11.0318921Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-29 2024-04-25T11:44:11.0319742Z 2024-04-25T11:44:11.0319885Z 1 | apiVersion: apps/v1 2024-04-25T11:44:11.0320304Z 2 | kind: Deployment 2024-04-25T11:44:11.0320719Z 3 | metadata: 2024-04-25T11:44:11.0321124Z 4 | name: fixmycar-frontend 2024-04-25T11:44:11.0321555Z 5 | labels: 2024-04-25T11:44:11.0321985Z 6 | app: fixmycar-frontend 2024-04-25T11:44:11.0322396Z 7 | spec: 2024-04-25T11:44:11.0322734Z 8 | replicas: 1 2024-04-25T11:44:11.0323129Z 9 | selector: 2024-04-25T11:44:11.0323472Z 10 | matchLabels: 2024-04-25T11:44:11.0323905Z 11 | app: fixmycar-frontend 2024-04-25T11:44:11.0324505Z 12 | template: 2024-04-25T11:44:11.0324858Z 13 | metadata: 2024-04-25T11:44:11.0325197Z 14 | labels: 2024-04-25T11:44:11.0325621Z 15 | app: fixmycar-frontend 2024-04-25T11:44:11.0326055Z 16 | spec: 2024-04-25T11:44:11.0326392Z 17 | containers: 2024-04-25T11:44:11.0326853Z 18 | - name: fixmycar-frontend 2024-04-25T11:44:11.0327627Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-cloud-sql:latest 2024-04-25T11:44:11.0328315Z 20 | imagePullPolicy: Always 2024-04-25T11:44:11.0328783Z 21 | env: 2024-04-25T11:44:11.0329201Z 22 | - name: BACKEND_URL 2024-04-25T11:44:11.0329866Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080" 2024-04-25T11:44:11.0330493Z 24 | ports: 2024-04-25T11:44:11.0330927Z 25 | - containerPort: 8501 2024-04-25T11:44:11.0331369Z 26 | livenessProbe: 2024-04-25T11:44:11.0331815Z 27 | httpGet: 2024-04-25T11:44:11.0332216Z 28 | path: /_stcore/health 2024-04-25T11:44:11.0332657Z 29 | port: 8501 2024-04-25T11:44:11.0333102Z 30 | scheme: HTTP 2024-04-25T11:44:11.0333582Z 31 | timeoutSeconds: 1 2024-04-25T11:44:11.0334007Z 32 | readinessProbe: 2024-04-25T11:44:11.0334459Z 33 | httpGet: 2024-04-25T11:44:11.0334856Z 34 | path: /_stcore/health 2024-04-25T11:44:11.0335292Z 35 | port: 8501 2024-04-25T11:44:11.0335733Z 36 | scheme: HTTP 2024-04-25T11:44:11.0336458Z 37 | timeoutSeconds: 1 2024-04-25T11:44:11.0336898Z 38 | resources: 2024-04-25T11:44:11.0337301Z 39 | limits: 2024-04-25T11:44:11.0337666Z 40 | cpu: 1 2024-04-25T11:44:11.0338059Z 41 | memory: 2Gi 2024-04-25T11:44:11.0338474Z 42 | requests: 2024-04-25T11:44:11.0338936Z 43 | cpu: 100m 2024-04-25T11:44:11.0339347Z 44 | memory: 745Mi 2024-04-25T11:44:11.0339657Z 2024-04-25T11:44:11.0340002Z Check: CKV_K8S_28: "Minimize the admission of containers with the NET_RAW capability" 2024-04-25T11:44:11.0340818Z FAILED for resource: Deployment.default.fixmycar-frontend 2024-04-25T11:44:11.0341678Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/frontend-deployment.yaml:1-44 2024-04-25T11:44:11.0342988Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-27 2024-04-25T11:44:11.0343895Z 2024-04-25T11:44:11.0344057Z 1 | apiVersion: apps/v1 2024-04-25T11:44:11.0344442Z 2 | kind: Deployment 2024-04-25T11:44:11.0344869Z 3 | metadata: 2024-04-25T11:44:11.0345241Z 4 | name: fixmycar-frontend 2024-04-25T11:44:11.0345634Z 5 | labels: 2024-04-25T11:44:11.0346168Z 6 | app: fixmycar-frontend 2024-04-25T11:44:11.0346547Z 7 | spec: 2024-04-25T11:44:11.0346866Z 8 | replicas: 1 2024-04-25T11:44:11.0347284Z 9 | selector: 2024-04-25T11:44:11.0347600Z 10 | matchLabels: 2024-04-25T11:44:11.0348013Z 11 | app: fixmycar-frontend 2024-04-25T11:44:11.0348503Z 12 | template: 2024-04-25T11:44:11.0348799Z 13 | metadata: 2024-04-25T11:44:11.0349139Z 14 | labels: 2024-04-25T11:44:11.0349613Z 15 | app: fixmycar-frontend 2024-04-25T11:44:11.0349997Z 16 | spec: 2024-04-25T11:44:11.0350327Z 17 | containers: 2024-04-25T11:44:11.0350881Z 18 | - name: fixmycar-frontend 2024-04-25T11:44:11.0351638Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-cloud-sql:latest 2024-04-25T11:44:11.0352330Z 20 | imagePullPolicy: Always 2024-04-25T11:44:11.0352837Z 21 | env: 2024-04-25T11:44:11.0353207Z 22 | - name: BACKEND_URL 2024-04-25T11:44:11.0353880Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080" 2024-04-25T11:44:11.0354740Z 24 | ports: 2024-04-25T11:44:11.0355135Z 25 | - containerPort: 8501 2024-04-25T11:44:11.0355596Z 26 | livenessProbe: 2024-04-25T11:44:11.0356059Z 27 | httpGet: 2024-04-25T11:44:11.0356420Z 28 | path: /_stcore/health 2024-04-25T11:44:11.0356959Z 29 | port: 8501 2024-04-25T11:44:11.0357424Z 30 | scheme: HTTP 2024-04-25T11:44:11.0357804Z 31 | timeoutSeconds: 1 2024-04-25T11:44:11.0358248Z 32 | readinessProbe: 2024-04-25T11:44:11.0358712Z 33 | httpGet: 2024-04-25T11:44:11.0359075Z 34 | path: /_stcore/health 2024-04-25T11:44:11.0359531Z 35 | port: 8501 2024-04-25T11:44:11.0359993Z 36 | scheme: HTTP 2024-04-25T11:44:11.0360368Z 37 | timeoutSeconds: 1 2024-04-25T11:44:11.0360809Z 38 | resources: 2024-04-25T11:44:11.0361252Z 39 | limits: 2024-04-25T11:44:11.0361594Z 40 | cpu: 1 2024-04-25T11:44:11.0362056Z 41 | memory: 2Gi 2024-04-25T11:44:11.0362511Z 42 | requests: 2024-04-25T11:44:11.0362865Z 43 | cpu: 100m 2024-04-25T11:44:11.0363256Z 44 | memory: 745Mi 2024-04-25T11:44:11.0363566Z 2024-04-25T11:44:11.0363932Z Check: CKV_K8S_14: "Image Tag should be fixed - not latest or blank" 2024-04-25T11:44:11.0364640Z FAILED for resource: Deployment.default.fixmycar-frontend 2024-04-25T11:44:11.0365483Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/frontend-deployment.yaml:1-44 2024-04-25T11:44:11.0366807Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-13 2024-04-25T11:44:11.0367565Z 2024-04-25T11:44:11.0367698Z 1 | apiVersion: apps/v1 2024-04-25T11:44:11.0368078Z 2 | kind: Deployment 2024-04-25T11:44:11.0368530Z 3 | metadata: 2024-04-25T11:44:11.0368880Z 4 | name: fixmycar-frontend 2024-04-25T11:44:11.0369364Z 5 | labels: 2024-04-25T11:44:11.0369845Z 6 | app: fixmycar-frontend 2024-04-25T11:44:11.0370208Z 7 | spec: 2024-04-25T11:44:11.0370529Z 8 | replicas: 1 2024-04-25T11:44:11.0370969Z 9 | selector: 2024-04-25T11:44:11.0371274Z 10 | matchLabels: 2024-04-25T11:44:11.0371687Z 11 | app: fixmycar-frontend 2024-04-25T11:44:11.0372182Z 12 | template: 2024-04-25T11:44:11.0372481Z 13 | metadata: 2024-04-25T11:44:11.0372820Z 14 | labels: 2024-04-25T11:44:11.0373299Z 15 | app: fixmycar-frontend 2024-04-25T11:44:11.0373679Z 16 | spec: 2024-04-25T11:44:11.0374229Z 17 | containers: 2024-04-25T11:44:11.0374747Z 18 | - name: fixmycar-frontend 2024-04-25T11:44:11.0375462Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-cloud-sql:latest 2024-04-25T11:44:11.0376433Z 20 | imagePullPolicy: Always 2024-04-25T11:44:11.0376959Z 21 | env: 2024-04-25T11:44:11.0377339Z 22 | - name: BACKEND_URL 2024-04-25T11:44:11.0378039Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080" 2024-04-25T11:44:11.0378737Z 24 | ports: 2024-04-25T11:44:11.0379130Z 25 | - containerPort: 8501 2024-04-25T11:44:11.0379592Z 26 | livenessProbe: 2024-04-25T11:44:11.0380054Z 27 | httpGet: 2024-04-25T11:44:11.0380497Z 28 | path: /_stcore/health 2024-04-25T11:44:11.0380962Z 29 | port: 8501 2024-04-25T11:44:11.0381424Z 30 | scheme: HTTP 2024-04-25T11:44:11.0381824Z 31 | timeoutSeconds: 1 2024-04-25T11:44:11.0382255Z 32 | readinessProbe: 2024-04-25T11:44:11.0382720Z 33 | httpGet: 2024-04-25T11:44:11.0383096Z 34 | path: /_stcore/health 2024-04-25T11:44:11.0383536Z 35 | port: 8501 2024-04-25T11:44:11.0383994Z 36 | scheme: HTTP 2024-04-25T11:44:11.0384390Z 37 | timeoutSeconds: 1 2024-04-25T11:44:11.0384987Z 38 | resources: 2024-04-25T11:44:11.0385448Z 39 | limits: 2024-04-25T11:44:11.0385859Z 40 | cpu: 1 2024-04-25T11:44:11.0386234Z 41 | memory: 2Gi 2024-04-25T11:44:11.0386733Z 42 | requests: 2024-04-25T11:44:11.0387076Z 43 | cpu: 100m 2024-04-25T11:44:11.0387469Z 44 | memory: 745Mi 2024-04-25T11:44:11.0387788Z 2024-04-25T11:44:11.0388154Z Check: CKV_K8S_20: "Containers should not run with allowPrivilegeEscalation" 2024-04-25T11:44:11.0388904Z FAILED for resource: Deployment.default.fixmycar-frontend 2024-04-25T11:44:11.0389753Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/frontend-deployment.yaml:1-44 2024-04-25T11:44:11.0391074Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-19 2024-04-25T11:44:11.0391811Z 2024-04-25T11:44:11.0391980Z 1 | apiVersion: apps/v1 2024-04-25T11:44:11.0392329Z 2 | kind: Deployment 2024-04-25T11:44:11.0392852Z 3 | metadata: 2024-04-25T11:44:11.0393235Z 4 | name: fixmycar-frontend 2024-04-25T11:44:11.0393615Z 5 | labels: 2024-04-25T11:44:11.0394057Z 6 | app: fixmycar-frontend 2024-04-25T11:44:11.0394458Z 7 | spec: 2024-04-25T11:44:11.0394758Z 8 | replicas: 1 2024-04-25T11:44:11.0395166Z 9 | selector: 2024-04-25T11:44:11.0395504Z 10 | matchLabels: 2024-04-25T11:44:11.0395896Z 11 | app: fixmycar-frontend 2024-04-25T11:44:11.0396371Z 12 | template: 2024-04-25T11:44:11.0396707Z 13 | metadata: 2024-04-25T11:44:11.0397033Z 14 | labels: 2024-04-25T11:44:11.0397565Z 15 | app: fixmycar-frontend 2024-04-25T11:44:11.0398002Z 16 | spec: 2024-04-25T11:44:11.0398299Z 17 | containers: 2024-04-25T11:44:11.0398788Z 18 | - name: fixmycar-frontend 2024-04-25T11:44:11.0399559Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-cloud-sql:latest 2024-04-25T11:44:11.0400215Z 20 | imagePullPolicy: Always 2024-04-25T11:44:11.0400722Z 21 | env: 2024-04-25T11:44:11.0401144Z 22 | - name: BACKEND_URL 2024-04-25T11:44:11.0401779Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080" 2024-04-25T11:44:11.0402449Z 24 | ports: 2024-04-25T11:44:11.0402888Z 25 | - containerPort: 8501 2024-04-25T11:44:11.0403291Z 26 | livenessProbe: 2024-04-25T11:44:11.0403837Z 27 | httpGet: 2024-04-25T11:44:11.0404254Z 28 | path: /_stcore/health 2024-04-25T11:44:11.0404808Z 29 | port: 8501 2024-04-25T11:44:11.0405296Z 30 | scheme: HTTP 2024-04-25T11:44:11.0405709Z 31 | timeoutSeconds: 1 2024-04-25T11:44:11.0406147Z 32 | readinessProbe: 2024-04-25T11:44:11.0406625Z 33 | httpGet: 2024-04-25T11:44:11.0407020Z 34 | path: /_stcore/health 2024-04-25T11:44:11.0407426Z 35 | port: 8501 2024-04-25T11:44:11.0407906Z 36 | scheme: HTTP 2024-04-25T11:44:11.0408314Z 37 | timeoutSeconds: 1 2024-04-25T11:44:11.0408781Z 38 | resources: 2024-04-25T11:44:11.0409242Z 39 | limits: 2024-04-25T11:44:11.0409607Z 40 | cpu: 1 2024-04-25T11:44:11.0409958Z 41 | memory: 2Gi 2024-04-25T11:44:11.0410416Z 42 | requests: 2024-04-25T11:44:11.0410793Z 43 | cpu: 100m 2024-04-25T11:44:11.0411164Z 44 | memory: 745Mi 2024-04-25T11:44:11.0411521Z 2024-04-25T11:44:11.0411764Z Check: CKV_K8S_23: "Minimize the admission of root containers" 2024-04-25T11:44:11.0412484Z FAILED for resource: Deployment.default.fixmycar-frontend 2024-04-25T11:44:11.0413312Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/frontend-deployment.yaml:1-44 2024-04-25T11:44:11.0414613Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-22 2024-04-25T11:44:11.0415484Z 2024-04-25T11:44:11.0415673Z 1 | apiVersion: apps/v1 2024-04-25T11:44:11.0416430Z 2 | kind: Deployment 2024-04-25T11:44:11.0416878Z 3 | metadata: 2024-04-25T11:44:11.0417312Z 4 | name: fixmycar-frontend 2024-04-25T11:44:11.0417673Z 5 | labels: 2024-04-25T11:44:11.0418122Z 6 | app: fixmycar-frontend 2024-04-25T11:44:11.0418537Z 7 | spec: 2024-04-25T11:44:11.0418820Z 8 | replicas: 1 2024-04-25T11:44:11.0419254Z 9 | selector: 2024-04-25T11:44:11.0419608Z 10 | matchLabels: 2024-04-25T11:44:11.0419998Z 11 | app: fixmycar-frontend 2024-04-25T11:44:11.0420479Z 12 | template: 2024-04-25T11:44:11.0420905Z 13 | metadata: 2024-04-25T11:44:11.0421204Z 14 | labels: 2024-04-25T11:44:11.0421679Z 15 | app: fixmycar-frontend 2024-04-25T11:44:11.0422107Z 16 | spec: 2024-04-25T11:44:11.0422402Z 17 | containers: 2024-04-25T11:44:11.0422909Z 18 | - name: fixmycar-frontend 2024-04-25T11:44:11.0423662Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-cloud-sql:latest 2024-04-25T11:44:11.0424316Z 20 | imagePullPolicy: Always 2024-04-25T11:44:11.0424836Z 21 | env: 2024-04-25T11:44:11.0425246Z 22 | - name: BACKEND_URL 2024-04-25T11:44:11.0425886Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080" 2024-04-25T11:44:11.0426570Z 24 | ports: 2024-04-25T11:44:11.0427084Z 25 | - containerPort: 8501 2024-04-25T11:44:11.0427490Z 26 | livenessProbe: 2024-04-25T11:44:11.0427967Z 27 | httpGet: 2024-04-25T11:44:11.0428368Z 28 | path: /_stcore/health 2024-04-25T11:44:11.0428769Z 29 | port: 8501 2024-04-25T11:44:11.0429240Z 30 | scheme: HTTP 2024-04-25T11:44:11.0429650Z 31 | timeoutSeconds: 1 2024-04-25T11:44:11.0430060Z 32 | readinessProbe: 2024-04-25T11:44:11.0430517Z 33 | httpGet: 2024-04-25T11:44:11.0430918Z 34 | path: /_stcore/health 2024-04-25T11:44:11.0431351Z 35 | port: 8501 2024-04-25T11:44:11.0431808Z 36 | scheme: HTTP 2024-04-25T11:44:11.0432287Z 37 | timeoutSeconds: 1 2024-04-25T11:44:11.0432680Z 38 | resources: 2024-04-25T11:44:11.0433108Z 39 | limits: 2024-04-25T11:44:11.0433472Z 40 | cpu: 1 2024-04-25T11:44:11.0433827Z 41 | memory: 2Gi 2024-04-25T11:44:11.0434278Z 42 | requests: 2024-04-25T11:44:11.0434836Z 43 | cpu: 100m 2024-04-25T11:44:11.0435203Z 44 | memory: 745Mi 2024-04-25T11:44:11.0435568Z 2024-04-25T11:44:11.0435920Z Check: CKV_K8S_38: "Ensure that Service Account Tokens are only mounted where necessary" 2024-04-25T11:44:11.0436766Z FAILED for resource: Deployment.default.fixmycar-frontend 2024-04-25T11:44:11.0437675Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/frontend-deployment.yaml:1-44 2024-04-25T11:44:11.0438890Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-35 2024-04-25T11:44:11.0439761Z 2024-04-25T11:44:11.0439896Z 1 | apiVersion: apps/v1 2024-04-25T11:44:11.0440336Z 2 | kind: Deployment 2024-04-25T11:44:11.0440660Z 3 | metadata: 2024-04-25T11:44:11.0441061Z 4 | name: fixmycar-frontend 2024-04-25T11:44:11.0441514Z 5 | labels: 2024-04-25T11:44:11.0441874Z 6 | app: fixmycar-frontend 2024-04-25T11:44:11.0442280Z 7 | spec: 2024-04-25T11:44:11.0442666Z 8 | replicas: 1 2024-04-25T11:44:11.0442993Z 9 | selector: 2024-04-25T11:44:11.0443332Z 10 | matchLabels: 2024-04-25T11:44:11.0443808Z 11 | app: fixmycar-frontend 2024-04-25T11:44:11.0444276Z 12 | template: 2024-04-25T11:44:11.0444607Z 13 | metadata: 2024-04-25T11:44:11.0445000Z 14 | labels: 2024-04-25T11:44:11.0445382Z 15 | app: fixmycar-frontend 2024-04-25T11:44:11.0445952Z 16 | spec: 2024-04-25T11:44:11.0446372Z 17 | containers: 2024-04-25T11:44:11.0446766Z 18 | - name: fixmycar-frontend 2024-04-25T11:44:11.0447520Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-cloud-sql:latest 2024-04-25T11:44:11.0448305Z 20 | imagePullPolicy: Always 2024-04-25T11:44:11.0448702Z 21 | env: 2024-04-25T11:44:11.0449105Z 22 | - name: BACKEND_URL 2024-04-25T11:44:11.0449865Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080" 2024-04-25T11:44:11.0450516Z 24 | ports: 2024-04-25T11:44:11.0450938Z 25 | - containerPort: 8501 2024-04-25T11:44:11.0451452Z 26 | livenessProbe: 2024-04-25T11:44:11.0451808Z 27 | httpGet: 2024-04-25T11:44:11.0452229Z 28 | path: /_stcore/health 2024-04-25T11:44:11.0452725Z 29 | port: 8501 2024-04-25T11:44:11.0453212Z 30 | scheme: HTTP 2024-04-25T11:44:11.0453608Z 31 | timeoutSeconds: 1 2024-04-25T11:44:11.0454099Z 32 | readinessProbe: 2024-04-25T11:44:11.0454476Z 33 | httpGet: 2024-04-25T11:44:11.0454867Z 34 | path: /_stcore/health 2024-04-25T11:44:11.0455440Z 35 | port: 8501 2024-04-25T11:44:11.0456158Z 36 | scheme: HTTP 2024-04-25T11:44:11.0456579Z 37 | timeoutSeconds: 1 2024-04-25T11:44:11.0457077Z 38 | resources: 2024-04-25T11:44:11.0457430Z 39 | limits: 2024-04-25T11:44:11.0457791Z 40 | cpu: 1 2024-04-25T11:44:11.0458237Z 41 | memory: 2Gi 2024-04-25T11:44:11.0458614Z 42 | requests: 2024-04-25T11:44:11.0458994Z 43 | cpu: 100m 2024-04-25T11:44:11.0459462Z 44 | memory: 745Mi 2024-04-25T11:44:11.0459711Z 2024-04-25T11:44:11.0459950Z Check: CKV_K8S_21: "The default namespace should not be used" 2024-04-25T11:44:11.0460641Z FAILED for resource: Service.default.fixmycar-backend 2024-04-25T11:44:11.0461653Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/backend-service.yaml:1-12 2024-04-25T11:44:11.0462879Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-20 2024-04-25T11:44:11.0463648Z 2024-04-25T11:44:11.0463775Z 1 | apiVersion: v1 2024-04-25T11:44:11.0464214Z 2 | kind: Service 2024-04-25T11:44:11.0464522Z 3 | metadata: 2024-04-25T11:44:11.0464905Z 4 | name: fixmycar-backend 2024-04-25T11:44:11.0465374Z 5 | spec: 2024-04-25T11:44:11.0465809Z 6 | selector: 2024-04-25T11:44:11.0466227Z 7 | app: fixmycar-backend 2024-04-25T11:44:11.0466700Z 8 | ports: 2024-04-25T11:44:11.0467024Z 9 | - name: http 2024-04-25T11:44:11.0467471Z 10 | port: 8080 2024-04-25T11:44:11.0467909Z 11 | targetPort: 8080 2024-04-25T11:44:11.0468262Z 12 | type: ClusterIP 2024-04-25T11:44:11.0468528Z 2024-04-25T11:44:11.0468892Z Check: CKV_K8S_22: "Use read-only filesystem for containers where possible" 2024-04-25T11:44:11.0469713Z FAILED for resource: Deployment.default.fixmycar-backend 2024-04-25T11:44:11.0470591Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/backend-deployment.yaml:1-34 2024-04-25T11:44:11.0471836Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-21 2024-04-25T11:44:11.0472664Z 2024-04-25T11:44:11.0472798Z 1 | apiVersion: apps/v1 2024-04-25T11:44:11.0473192Z 2 | kind: Deployment 2024-04-25T11:44:11.0473518Z 3 | metadata: 2024-04-25T11:44:11.0473966Z 4 | name: fixmycar-backend 2024-04-25T11:44:11.0474378Z 5 | labels: 2024-04-25T11:44:11.0474803Z 6 | app: fixmycar-backend 2024-04-25T11:44:11.0475266Z 7 | spec: 2024-04-25T11:44:11.0475602Z 8 | replicas: 1 2024-04-25T11:44:11.0475910Z 9 | selector: 2024-04-25T11:44:11.0476311Z 10 | matchLabels: 2024-04-25T11:44:11.0476736Z 11 | app: fixmycar-backend 2024-04-25T11:44:11.0477262Z 12 | template: 2024-04-25T11:44:11.0477688Z 13 | metadata: 2024-04-25T11:44:11.0478026Z 14 | labels: 2024-04-25T11:44:11.0478438Z 15 | app: fixmycar-backend 2024-04-25T11:44:11.0478936Z 16 | spec: 2024-04-25T11:44:11.0479353Z 17 | containers: 2024-04-25T11:44:11.0479736Z 18 | - name: fixmycar-backend 2024-04-25T11:44:11.0480604Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/backend-vertex-ai-search:latest 2024-04-25T11:44:11.0481335Z 20 | imagePullPolicy: Always 2024-04-25T11:44:11.0481733Z 21 | ports: 2024-04-25T11:44:11.0482229Z 22 | - containerPort: 3100 2024-04-25T11:44:11.0482659Z 23 | resources: 2024-04-25T11:44:11.0482991Z 24 | limits: 2024-04-25T11:44:11.0483438Z 25 | cpu: "1" 2024-04-25T11:44:11.0483831Z 26 | memory: "2Gi" 2024-04-25T11:44:11.0484190Z 27 | env: 2024-04-25T11:44:11.0484673Z 28 | - name: LOG_LEVEL 2024-04-25T11:44:11.0485171Z 29 | value: "debug" 2024-04-25T11:44:11.0485622Z 30 | - name: GCP_PROJECT_ID 2024-04-25T11:44:11.0486177Z 31 | value: "PROJECT-ID" 2024-04-25T11:44:11.0486693Z 32 | - name: VERTEX_AI_DATASTORE_ID 2024-04-25T11:44:11.0487215Z 33 | value: "YOUR-DATASTORE-ID" 2024-04-25T11:44:11.0487774Z 34 | serviceAccountName: fixmycar 2024-04-25T11:44:11.0488061Z 2024-04-25T11:44:11.0488339Z Check: CKV_K8S_21: "The default namespace should not be used" 2024-04-25T11:44:11.0489016Z FAILED for resource: Deployment.default.fixmycar-backend 2024-04-25T11:44:11.0489975Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/backend-deployment.yaml:1-34 2024-04-25T11:44:11.0491238Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-20 2024-04-25T11:44:11.0491989Z 2024-04-25T11:44:11.0492129Z 1 | apiVersion: apps/v1 2024-04-25T11:44:11.0492596Z 2 | kind: Deployment 2024-04-25T11:44:11.0493045Z 3 | metadata: 2024-04-25T11:44:11.0493390Z 4 | name: fixmycar-backend 2024-04-25T11:44:11.0493861Z 5 | labels: 2024-04-25T11:44:11.0494259Z 6 | app: fixmycar-backend 2024-04-25T11:44:11.0494616Z 7 | spec: 2024-04-25T11:44:11.0495010Z 8 | replicas: 1 2024-04-25T11:44:11.0495369Z 9 | selector: 2024-04-25T11:44:11.0495672Z 10 | matchLabels: 2024-04-25T11:44:11.0496439Z 11 | app: fixmycar-backend 2024-04-25T11:44:11.0497031Z 12 | template: 2024-04-25T11:44:11.0497341Z 13 | metadata: 2024-04-25T11:44:11.0497869Z 14 | labels: 2024-04-25T11:44:11.0498271Z 15 | app: fixmycar-backend 2024-04-25T11:44:11.0498651Z 16 | spec: 2024-04-25T11:44:11.0499221Z 17 | containers: 2024-04-25T11:44:11.0499719Z 18 | - name: fixmycar-backend 2024-04-25T11:44:11.0500482Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/backend-vertex-ai-search:latest 2024-04-25T11:44:11.0501330Z 20 | imagePullPolicy: Always 2024-04-25T11:44:11.0501767Z 21 | ports: 2024-04-25T11:44:11.0502159Z 22 | - containerPort: 3100 2024-04-25T11:44:11.0502698Z 23 | resources: 2024-04-25T11:44:11.0503077Z 24 | limits: 2024-04-25T11:44:11.0503412Z 25 | cpu: "1" 2024-04-25T11:44:11.0503951Z 26 | memory: "2Gi" 2024-04-25T11:44:11.0504351Z 27 | env: 2024-04-25T11:44:11.0504714Z 28 | - name: LOG_LEVEL 2024-04-25T11:44:11.0505214Z 29 | value: "debug" 2024-04-25T11:44:11.0505683Z 30 | - name: GCP_PROJECT_ID 2024-04-25T11:44:11.0506158Z 31 | value: "PROJECT-ID" 2024-04-25T11:44:11.0506760Z 32 | - name: VERTEX_AI_DATASTORE_ID 2024-04-25T11:44:11.0507304Z 33 | value: "YOUR-DATASTORE-ID" 2024-04-25T11:44:11.0507773Z 34 | serviceAccountName: fixmycar 2024-04-25T11:44:11.0508352Z 2024-04-25T11:44:11.0508693Z Check: CKV_K8S_37: "Minimize the admission of containers with capabilities assigned" 2024-04-25T11:44:11.0509518Z FAILED for resource: Deployment.default.fixmycar-backend 2024-04-25T11:44:11.0510547Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/backend-deployment.yaml:1-34 2024-04-25T11:44:11.0511779Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-34 2024-04-25T11:44:11.0512543Z 2024-04-25T11:44:11.0512701Z 1 | apiVersion: apps/v1 2024-04-25T11:44:11.0513145Z 2 | kind: Deployment 2024-04-25T11:44:11.0513466Z 3 | metadata: 2024-04-25T11:44:11.0513868Z 4 | name: fixmycar-backend 2024-04-25T11:44:11.0514318Z 5 | labels: 2024-04-25T11:44:11.0514658Z 6 | app: fixmycar-backend 2024-04-25T11:44:11.0515068Z 7 | spec: 2024-04-25T11:44:11.0515449Z 8 | replicas: 1 2024-04-25T11:44:11.0515759Z 9 | selector: 2024-04-25T11:44:11.0516119Z 10 | matchLabels: 2024-04-25T11:44:11.0516668Z 11 | app: fixmycar-backend 2024-04-25T11:44:11.0517039Z 12 | template: 2024-04-25T11:44:11.0517387Z 13 | metadata: 2024-04-25T11:44:11.0517783Z 14 | labels: 2024-04-25T11:44:11.0518159Z 15 | app: fixmycar-backend 2024-04-25T11:44:11.0518570Z 16 | spec: 2024-04-25T11:44:11.0518970Z 17 | containers: 2024-04-25T11:44:11.0519153Z 18 | - name: fixmycar-backend 2024-04-25T11:44:11.0519659Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/backend-vertex-ai-search:latest 2024-04-25T11:44:11.0519847Z 20 | imagePullPolicy: Always 2024-04-25T11:44:11.0519968Z 21 | ports: 2024-04-25T11:44:11.0520153Z 22 | - containerPort: 3100 2024-04-25T11:44:11.0520383Z 23 | resources: 2024-04-25T11:44:11.0520522Z 24 | limits: 2024-04-25T11:44:11.0520646Z 25 | cpu: "1" 2024-04-25T11:44:11.0520814Z 26 | memory: "2Gi" 2024-04-25T11:44:11.0520940Z 27 | env: 2024-04-25T11:44:11.0521110Z 28 | - name: LOG_LEVEL 2024-04-25T11:44:11.0521428Z 29 | value: "debug" 2024-04-25T11:44:11.0521632Z 30 | - name: GCP_PROJECT_ID 2024-04-25T11:44:11.0521812Z 31 | value: "PROJECT-ID" 2024-04-25T11:44:11.0522060Z 32 | - name: VERTEX_AI_DATASTORE_ID 2024-04-25T11:44:11.0522265Z 33 | value: "YOUR-DATASTORE-ID" 2024-04-25T11:44:11.0522455Z 34 | serviceAccountName: fixmycar 2024-04-25T11:44:11.0522601Z 2024-04-25T11:44:11.0523001Z Check: CKV_K8S_40: "Containers should run as a high UID to avoid host conflict" 2024-04-25T11:44:11.0523296Z FAILED for resource: Deployment.default.fixmycar-backend 2024-04-25T11:44:11.0523805Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/backend-deployment.yaml:1-34 2024-04-25T11:44:11.0524500Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-37 2024-04-25T11:44:11.0524510Z 2024-04-25T11:44:11.0524644Z 1 | apiVersion: apps/v1 2024-04-25T11:44:11.0524823Z 2 | kind: Deployment 2024-04-25T11:44:11.0525009Z 3 | metadata: 2024-04-25T11:44:11.0525184Z 4 | name: fixmycar-backend 2024-04-25T11:44:11.0525343Z 5 | labels: 2024-04-25T11:44:11.0525511Z 6 | app: fixmycar-backend 2024-04-25T11:44:11.0525682Z 7 | spec: 2024-04-25T11:44:11.0525805Z 8 | replicas: 1 2024-04-25T11:44:11.0525986Z 9 | selector: 2024-04-25T11:44:11.0526149Z 10 | matchLabels: 2024-04-25T11:44:11.0526321Z 11 | app: fixmycar-backend 2024-04-25T11:44:11.0526443Z 12 | template: 2024-04-25T11:44:11.0526692Z 13 | metadata: 2024-04-25T11:44:11.0526810Z 14 | labels: 2024-04-25T11:44:11.0527054Z 15 | app: fixmycar-backend 2024-04-25T11:44:11.0527206Z 16 | spec: 2024-04-25T11:44:11.0527331Z 17 | containers: 2024-04-25T11:44:11.0527509Z 18 | - name: fixmycar-backend 2024-04-25T11:44:11.0528172Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/backend-vertex-ai-search:latest 2024-04-25T11:44:11.0528322Z 20 | imagePullPolicy: Always 2024-04-25T11:44:11.0528519Z 21 | ports: 2024-04-25T11:44:11.0528744Z 22 | - containerPort: 3100 2024-04-25T11:44:11.0528871Z 23 | resources: 2024-04-25T11:44:11.0529012Z 24 | limits: 2024-04-25T11:44:11.0529173Z 25 | cpu: "1" 2024-04-25T11:44:11.0529303Z 26 | memory: "2Gi" 2024-04-25T11:44:11.0529487Z 27 | env: 2024-04-25T11:44:11.0529692Z 28 | - name: LOG_LEVEL 2024-04-25T11:44:11.0529838Z 29 | value: "debug" 2024-04-25T11:44:11.0530022Z 30 | - name: GCP_PROJECT_ID 2024-04-25T11:44:11.0530241Z 31 | value: "PROJECT-ID" 2024-04-25T11:44:11.0530449Z 32 | - name: VERTEX_AI_DATASTORE_ID 2024-04-25T11:44:11.0530754Z 33 | value: "YOUR-DATASTORE-ID" 2024-04-25T11:44:11.0530907Z 34 | serviceAccountName: fixmycar 2024-04-25T11:44:11.0530913Z 2024-04-25T11:44:11.0531215Z Check: CKV_K8S_29: "Apply security context to your pods and containers" 2024-04-25T11:44:11.0531610Z FAILED for resource: Deployment.default.fixmycar-backend 2024-04-25T11:44:11.0532082Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/backend-deployment.yaml:1-34 2024-04-25T11:44:11.0533090Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-securitycontext-is-applied-to-pods-and-containers 2024-04-25T11:44:11.0533197Z 2024-04-25T11:44:11.0533331Z 1 | apiVersion: apps/v1 2024-04-25T11:44:11.0533475Z 2 | kind: Deployment 2024-04-25T11:44:11.0533629Z 3 | metadata: 2024-04-25T11:44:11.0533803Z 4 | name: fixmycar-backend 2024-04-25T11:44:11.0533920Z 5 | labels: 2024-04-25T11:44:11.0534187Z 6 | app: fixmycar-backend 2024-04-25T11:44:11.0534309Z 7 | spec: 2024-04-25T11:44:11.0534449Z 8 | replicas: 1 2024-04-25T11:44:11.0534604Z 9 | selector: 2024-04-25T11:44:11.0534727Z 10 | matchLabels: 2024-04-25T11:44:11.0534900Z 11 | app: fixmycar-backend 2024-04-25T11:44:11.0535124Z 12 | template: 2024-04-25T11:44:11.0535258Z 13 | metadata: 2024-04-25T11:44:11.0535377Z 14 | labels: 2024-04-25T11:44:11.0535588Z 15 | app: fixmycar-backend 2024-04-25T11:44:11.0535706Z 16 | spec: 2024-04-25T11:44:11.0536120Z 17 | containers: 2024-04-25T11:44:11.0536633Z 18 | - name: fixmycar-backend 2024-04-25T11:44:11.0537136Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/backend-vertex-ai-search:latest 2024-04-25T11:44:11.0537370Z 20 | imagePullPolicy: Always 2024-04-25T11:44:11.0537530Z 21 | ports: 2024-04-25T11:44:11.0537714Z 22 | - containerPort: 3100 2024-04-25T11:44:11.0537838Z 23 | resources: 2024-04-25T11:44:11.0538095Z 24 | limits: 2024-04-25T11:44:11.0538221Z 25 | cpu: "1" 2024-04-25T11:44:11.0538353Z 26 | memory: "2Gi" 2024-04-25T11:44:11.0538515Z 27 | env: 2024-04-25T11:44:11.0538684Z 28 | - name: LOG_LEVEL 2024-04-25T11:44:11.0538867Z 29 | value: "debug" 2024-04-25T11:44:11.0539108Z 30 | - name: GCP_PROJECT_ID 2024-04-25T11:44:11.0539287Z 31 | value: "PROJECT-ID" 2024-04-25T11:44:11.0539532Z 32 | - name: VERTEX_AI_DATASTORE_ID 2024-04-25T11:44:11.0539740Z 33 | value: "YOUR-DATASTORE-ID" 2024-04-25T11:44:11.0539892Z 34 | serviceAccountName: fixmycar 2024-04-25T11:44:11.0539899Z 2024-04-25T11:44:11.0540308Z Check: CKV_K8S_30: "Apply security context to your containers" 2024-04-25T11:44:11.0540670Z FAILED for resource: Deployment.default.fixmycar-backend 2024-04-25T11:44:11.0541149Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/backend-deployment.yaml:1-34 2024-04-25T11:44:11.0542075Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-28 2024-04-25T11:44:11.0542082Z 2024-04-25T11:44:11.0542214Z 1 | apiVersion: apps/v1 2024-04-25T11:44:11.0542394Z 2 | kind: Deployment 2024-04-25T11:44:11.0542512Z 3 | metadata: 2024-04-25T11:44:11.0542754Z 4 | name: fixmycar-backend 2024-04-25T11:44:11.0542984Z 5 | labels: 2024-04-25T11:44:11.0543153Z 6 | app: fixmycar-backend 2024-04-25T11:44:11.0543286Z 7 | spec: 2024-04-25T11:44:11.0543447Z 8 | replicas: 1 2024-04-25T11:44:11.0543564Z 9 | selector: 2024-04-25T11:44:11.0543750Z 10 | matchLabels: 2024-04-25T11:44:11.0543953Z 11 | app: fixmycar-backend 2024-04-25T11:44:11.0544069Z 12 | template: 2024-04-25T11:44:11.0544201Z 13 | metadata: 2024-04-25T11:44:11.0544352Z 14 | labels: 2024-04-25T11:44:11.0544523Z 15 | app: fixmycar-backend 2024-04-25T11:44:11.0544707Z 16 | spec: 2024-04-25T11:44:11.0544866Z 17 | containers: 2024-04-25T11:44:11.0545060Z 18 | - name: fixmycar-backend 2024-04-25T11:44:11.0545521Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/backend-vertex-ai-search:latest 2024-04-25T11:44:11.0545705Z 20 | imagePullPolicy: Always 2024-04-25T11:44:11.0545824Z 21 | ports: 2024-04-25T11:44:11.0546070Z 22 | - containerPort: 3100 2024-04-25T11:44:11.0546232Z 23 | resources: 2024-04-25T11:44:11.0546368Z 24 | limits: 2024-04-25T11:44:11.0546532Z 25 | cpu: "1" 2024-04-25T11:44:11.0546775Z 26 | memory: "2Gi" 2024-04-25T11:44:11.0546895Z 27 | env: 2024-04-25T11:44:11.0547566Z 28 | - name: LOG_LEVEL 2024-04-25T11:44:11.0547757Z 29 | value: "debug" 2024-04-25T11:44:11.0547968Z 30 | - name: GCP_PROJECT_ID 2024-04-25T11:44:11.0548181Z 31 | value: "PROJECT-ID" 2024-04-25T11:44:11.0548395Z 32 | - name: VERTEX_AI_DATASTORE_ID 2024-04-25T11:44:11.0548597Z 33 | value: "YOUR-DATASTORE-ID" 2024-04-25T11:44:11.0548966Z 34 | serviceAccountName: fixmycar 2024-04-25T11:44:11.0548974Z 2024-04-25T11:44:11.0549163Z Check: CKV_K8S_43: "Image should use digest" 2024-04-25T11:44:11.0549471Z FAILED for resource: Deployment.default.fixmycar-backend 2024-04-25T11:44:11.0549982Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/backend-deployment.yaml:1-34 2024-04-25T11:44:11.0550790Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-39 2024-04-25T11:44:11.0550798Z 2024-04-25T11:44:11.0552031Z 1 | apiVersion: apps/v1 2024-04-25T11:44:11.0552192Z 2 | kind: Deployment 2024-04-25T11:44:11.0552317Z 3 | metadata: 2024-04-25T11:44:11.0552542Z 4 | name: fixmycar-backend 2024-04-25T11:44:11.0552658Z 5 | labels: 2024-04-25T11:44:11.0552834Z 6 | app: fixmycar-backend 2024-04-25T11:44:11.0553095Z 7 | spec: 2024-04-25T11:44:11.0553220Z 8 | replicas: 1 2024-04-25T11:44:11.0553338Z 9 | selector: 2024-04-25T11:44:11.0553498Z 10 | matchLabels: 2024-04-25T11:44:11.0553671Z 11 | app: fixmycar-backend 2024-04-25T11:44:11.0553790Z 12 | template: 2024-04-25T11:44:11.0554119Z 13 | metadata: 2024-04-25T11:44:11.0554234Z 14 | labels: 2024-04-25T11:44:11.0554408Z 15 | app: fixmycar-backend 2024-04-25T11:44:11.0554560Z 16 | spec: 2024-04-25T11:44:11.0554689Z 17 | containers: 2024-04-25T11:44:11.0554869Z 18 | - name: fixmycar-backend 2024-04-25T11:44:11.0555449Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/backend-vertex-ai-search:latest 2024-04-25T11:44:11.0555602Z 20 | imagePullPolicy: Always 2024-04-25T11:44:11.0555721Z 21 | ports: 2024-04-25T11:44:11.0555940Z 22 | - containerPort: 3100 2024-04-25T11:44:11.0556228Z 23 | resources: 2024-04-25T11:44:11.0556386Z 24 | limits: 2024-04-25T11:44:11.0556579Z 25 | cpu: "1" 2024-04-25T11:44:11.0556713Z 26 | memory: "2Gi" 2024-04-25T11:44:11.0556865Z 27 | env: 2024-04-25T11:44:11.0557038Z 28 | - name: LOG_LEVEL 2024-04-25T11:44:11.0557185Z 29 | value: "debug" 2024-04-25T11:44:11.0557406Z 30 | - name: GCP_PROJECT_ID 2024-04-25T11:44:11.0557648Z 31 | value: "PROJECT-ID" 2024-04-25T11:44:11.0557863Z 32 | - name: VERTEX_AI_DATASTORE_ID 2024-04-25T11:44:11.0558102Z 33 | value: "YOUR-DATASTORE-ID" 2024-04-25T11:44:11.0558272Z 34 | serviceAccountName: fixmycar 2024-04-25T11:44:11.0558278Z 2024-04-25T11:44:11.0558747Z Check: CKV_K8S_31: "Ensure that the seccomp profile is set to docker/default or runtime/default" 2024-04-25T11:44:11.0559061Z FAILED for resource: Deployment.default.fixmycar-backend 2024-04-25T11:44:11.0559582Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/backend-deployment.yaml:1-34 2024-04-25T11:44:11.0560283Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-29 2024-04-25T11:44:11.0560289Z 2024-04-25T11:44:11.0560422Z 1 | apiVersion: apps/v1 2024-04-25T11:44:11.0560568Z 2 | kind: Deployment 2024-04-25T11:44:11.0560723Z 3 | metadata: 2024-04-25T11:44:11.0560891Z 4 | name: fixmycar-backend 2024-04-25T11:44:11.0561073Z 5 | labels: 2024-04-25T11:44:11.0561285Z 6 | app: fixmycar-backend 2024-04-25T11:44:11.0561416Z 7 | spec: 2024-04-25T11:44:11.0561538Z 8 | replicas: 1 2024-04-25T11:44:11.0561692Z 9 | selector: 2024-04-25T11:44:11.0561815Z 10 | matchLabels: 2024-04-25T11:44:11.0562055Z 11 | app: fixmycar-backend 2024-04-25T11:44:11.0562211Z 12 | template: 2024-04-25T11:44:11.0562349Z 13 | metadata: 2024-04-25T11:44:11.0562473Z 14 | labels: 2024-04-25T11:44:11.0562694Z 15 | app: fixmycar-backend 2024-04-25T11:44:11.0562813Z 16 | spec: 2024-04-25T11:44:11.0563002Z 17 | containers: 2024-04-25T11:44:11.0563239Z 18 | - name: fixmycar-backend 2024-04-25T11:44:11.0563724Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/backend-vertex-ai-search:latest 2024-04-25T11:44:11.0564007Z 20 | imagePullPolicy: Always 2024-04-25T11:44:11.0564128Z 21 | ports: 2024-04-25T11:44:11.0564311Z 22 | - containerPort: 3100 2024-04-25T11:44:11.0564687Z 23 | resources: 2024-04-25T11:44:11.0564818Z 24 | limits: 2024-04-25T11:44:11.0564944Z 25 | cpu: "1" 2024-04-25T11:44:11.0565110Z 26 | memory: "2Gi" 2024-04-25T11:44:11.0565227Z 27 | env: 2024-04-25T11:44:11.0565401Z 28 | - name: LOG_LEVEL 2024-04-25T11:44:11.0565655Z 29 | value: "debug" 2024-04-25T11:44:11.0565844Z 30 | - name: GCP_PROJECT_ID 2024-04-25T11:44:11.0566031Z 31 | value: "PROJECT-ID" 2024-04-25T11:44:11.0566275Z 32 | - name: VERTEX_AI_DATASTORE_ID 2024-04-25T11:44:11.0566483Z 33 | value: "YOUR-DATASTORE-ID" 2024-04-25T11:44:11.0566636Z 34 | serviceAccountName: fixmycar 2024-04-25T11:44:11.0566642Z 2024-04-25T11:44:11.0567104Z Check: CKV_K8S_28: "Minimize the admission of containers with the NET_RAW capability" 2024-04-25T11:44:11.0567399Z FAILED for resource: Deployment.default.fixmycar-backend 2024-04-25T11:44:11.0567909Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/backend-deployment.yaml:1-34 2024-04-25T11:44:11.0568601Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-27 2024-04-25T11:44:11.0568607Z 2024-04-25T11:44:11.0568740Z 1 | apiVersion: apps/v1 2024-04-25T11:44:11.0568986Z 2 | kind: Deployment 2024-04-25T11:44:11.0569108Z 3 | metadata: 2024-04-25T11:44:11.0569533Z 4 | name: fixmycar-backend 2024-04-25T11:44:11.0569687Z 5 | labels: 2024-04-25T11:44:11.0569860Z 6 | app: fixmycar-backend 2024-04-25T11:44:11.0569994Z 7 | spec: 2024-04-25T11:44:11.0570222Z 8 | replicas: 1 2024-04-25T11:44:11.0570344Z 9 | selector: 2024-04-25T11:44:11.0570468Z 10 | matchLabels: 2024-04-25T11:44:11.0570676Z 11 | app: fixmycar-backend 2024-04-25T11:44:11.0570813Z 12 | template: 2024-04-25T11:44:11.0570932Z 13 | metadata: 2024-04-25T11:44:11.0571156Z 14 | labels: 2024-04-25T11:44:11.0571335Z 15 | app: fixmycar-backend 2024-04-25T11:44:11.0571454Z 16 | spec: 2024-04-25T11:44:11.0571613Z 17 | containers: 2024-04-25T11:44:11.0571810Z 18 | - name: fixmycar-backend 2024-04-25T11:44:11.0572322Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/backend-vertex-ai-search:latest 2024-04-25T11:44:11.0572547Z 20 | imagePullPolicy: Always 2024-04-25T11:44:11.0572673Z 21 | ports: 2024-04-25T11:44:11.0572897Z 22 | - containerPort: 3100 2024-04-25T11:44:11.0573039Z 23 | resources: 2024-04-25T11:44:11.0573160Z 24 | limits: 2024-04-25T11:44:11.0573322Z 25 | cpu: "1" 2024-04-25T11:44:11.0573511Z 26 | memory: "2Gi" 2024-04-25T11:44:11.0573630Z 27 | env: 2024-04-25T11:44:11.0573917Z 28 | - name: LOG_LEVEL 2024-04-25T11:44:11.0574065Z 29 | value: "debug" 2024-04-25T11:44:11.0574251Z 30 | - name: GCP_PROJECT_ID 2024-04-25T11:44:11.0574469Z 31 | value: "PROJECT-ID" 2024-04-25T11:44:11.0574737Z 32 | - name: VERTEX_AI_DATASTORE_ID 2024-04-25T11:44:11.0574943Z 33 | value: "YOUR-DATASTORE-ID" 2024-04-25T11:44:11.0575150Z 34 | serviceAccountName: fixmycar 2024-04-25T11:44:11.0575156Z 2024-04-25T11:44:11.0575477Z Check: CKV_K8S_14: "Image Tag should be fixed - not latest or blank" 2024-04-25T11:44:11.0577165Z FAILED for resource: Deployment.default.fixmycar-backend 2024-04-25T11:44:11.0577695Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/backend-deployment.yaml:1-34 2024-04-25T11:44:11.0578530Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-13 2024-04-25T11:44:11.0578538Z 2024-04-25T11:44:11.0578713Z 1 | apiVersion: apps/v1 2024-04-25T11:44:11.0578861Z 2 | kind: Deployment 2024-04-25T11:44:11.0578981Z 3 | metadata: 2024-04-25T11:44:11.0579361Z 4 | name: fixmycar-backend 2024-04-25T11:44:11.0579486Z 5 | labels: 2024-04-25T11:44:11.0579731Z 6 | app: fixmycar-backend 2024-04-25T11:44:11.0579903Z 7 | spec: 2024-04-25T11:44:11.0580027Z 8 | replicas: 1 2024-04-25T11:44:11.0580147Z 9 | selector: 2024-04-25T11:44:11.0580309Z 10 | matchLabels: 2024-04-25T11:44:11.0580485Z 11 | app: fixmycar-backend 2024-04-25T11:44:11.0580746Z 12 | template: 2024-04-25T11:44:11.0580921Z 13 | metadata: 2024-04-25T11:44:11.0581038Z 14 | labels: 2024-04-25T11:44:11.0581213Z 15 | app: fixmycar-backend 2024-04-25T11:44:11.0581372Z 16 | spec: 2024-04-25T11:44:11.0581497Z 17 | containers: 2024-04-25T11:44:11.0581795Z 18 | - name: fixmycar-backend 2024-04-25T11:44:11.0582285Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/backend-vertex-ai-search:latest 2024-04-25T11:44:11.0582440Z 20 | imagePullPolicy: Always 2024-04-25T11:44:11.0582596Z 21 | ports: 2024-04-25T11:44:11.0582784Z 22 | - containerPort: 3100 2024-04-25T11:44:11.0582912Z 23 | resources: 2024-04-25T11:44:11.0583150Z 24 | limits: 2024-04-25T11:44:11.0583275Z 25 | cpu: "1" 2024-04-25T11:44:11.0583406Z 26 | memory: "2Gi" 2024-04-25T11:44:11.0583560Z 27 | env: 2024-04-25T11:44:11.0583732Z 28 | - name: LOG_LEVEL 2024-04-25T11:44:11.0584367Z 29 | value: "debug" 2024-04-25T11:44:11.0584669Z 30 | - name: GCP_PROJECT_ID 2024-04-25T11:44:11.0584853Z 31 | value: "PROJECT-ID" 2024-04-25T11:44:11.0585066Z 32 | - name: VERTEX_AI_DATASTORE_ID 2024-04-25T11:44:11.0585313Z 33 | value: "YOUR-DATASTORE-ID" 2024-04-25T11:44:11.0585485Z 34 | serviceAccountName: fixmycar 2024-04-25T11:44:11.0585491Z 2024-04-25T11:44:11.0585880Z Check: CKV_K8S_8: "Liveness Probe Should be Configured" 2024-04-25T11:44:11.0586172Z FAILED for resource: Deployment.default.fixmycar-backend 2024-04-25T11:44:11.0586647Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/backend-deployment.yaml:1-34 2024-04-25T11:44:11.0587370Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-7 2024-04-25T11:44:11.0587376Z 2024-04-25T11:44:11.0587530Z 1 | apiVersion: apps/v1 2024-04-25T11:44:11.0587661Z 2 | kind: Deployment 2024-04-25T11:44:11.0587883Z 3 | metadata: 2024-04-25T11:44:11.0588055Z 4 | name: fixmycar-backend 2024-04-25T11:44:11.0588170Z 5 | labels: 2024-04-25T11:44:11.0588378Z 6 | app: fixmycar-backend 2024-04-25T11:44:11.0588512Z 7 | spec: 2024-04-25T11:44:11.0588636Z 8 | replicas: 1 2024-04-25T11:44:11.0588854Z 9 | selector: 2024-04-25T11:44:11.0588980Z 10 | matchLabels: 2024-04-25T11:44:11.0589152Z 11 | app: fixmycar-backend 2024-04-25T11:44:11.0589324Z 12 | template: 2024-04-25T11:44:11.0589444Z 13 | metadata: 2024-04-25T11:44:11.0589602Z 14 | labels: 2024-04-25T11:44:11.0589839Z 15 | app: fixmycar-backend 2024-04-25T11:44:11.0589958Z 16 | spec: 2024-04-25T11:44:11.0590117Z 17 | containers: 2024-04-25T11:44:11.0590315Z 18 | - name: fixmycar-backend 2024-04-25T11:44:11.0590804Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/backend-vertex-ai-search:latest 2024-04-25T11:44:11.0591077Z 20 | imagePullPolicy: Always 2024-04-25T11:44:11.0591263Z 21 | ports: 2024-04-25T11:44:11.0591448Z 22 | - containerPort: 3100 2024-04-25T11:44:11.0591625Z 23 | resources: 2024-04-25T11:44:11.0591745Z 24 | limits: 2024-04-25T11:44:11.0591872Z 25 | cpu: "1" 2024-04-25T11:44:11.0592039Z 26 | memory: "2Gi" 2024-04-25T11:44:11.0592220Z 27 | env: 2024-04-25T11:44:11.0592390Z 28 | - name: LOG_LEVEL 2024-04-25T11:44:11.0592576Z 29 | value: "debug" 2024-04-25T11:44:11.0592886Z 30 | - name: GCP_PROJECT_ID 2024-04-25T11:44:11.0593075Z 31 | value: "PROJECT-ID" 2024-04-25T11:44:11.0593413Z 32 | - name: VERTEX_AI_DATASTORE_ID 2024-04-25T11:44:11.0593701Z 33 | value: "YOUR-DATASTORE-ID" 2024-04-25T11:44:11.0593914Z 34 | serviceAccountName: fixmycar 2024-04-25T11:44:11.0593920Z 2024-04-25T11:44:11.0594240Z Check: CKV_K8S_20: "Containers should not run with allowPrivilegeEscalation" 2024-04-25T11:44:11.0594525Z FAILED for resource: Deployment.default.fixmycar-backend 2024-04-25T11:44:11.0595031Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/backend-deployment.yaml:1-34 2024-04-25T11:44:11.0595726Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-19 2024-04-25T11:44:11.0595732Z 2024-04-25T11:44:11.0595951Z 1 | apiVersion: apps/v1 2024-04-25T11:44:11.0596117Z 2 | kind: Deployment 2024-04-25T11:44:11.0596239Z 3 | metadata: 2024-04-25T11:44:11.0596482Z 4 | name: fixmycar-backend 2024-04-25T11:44:11.0596637Z 5 | labels: 2024-04-25T11:44:11.0596808Z 6 | app: fixmycar-backend 2024-04-25T11:44:11.0597018Z 7 | spec: 2024-04-25T11:44:11.0597181Z 8 | replicas: 1 2024-04-25T11:44:11.0597305Z 9 | selector: 2024-04-25T11:44:11.0597464Z 10 | matchLabels: 2024-04-25T11:44:11.0597639Z 11 | app: fixmycar-backend 2024-04-25T11:44:11.0597905Z 12 | template: 2024-04-25T11:44:11.0598132Z 13 | metadata: 2024-04-25T11:44:11.0598251Z 14 | labels: 2024-04-25T11:44:11.0598431Z 15 | app: fixmycar-backend 2024-04-25T11:44:11.0598582Z 16 | spec: 2024-04-25T11:44:11.0598723Z 17 | containers: 2024-04-25T11:44:11.0598902Z 18 | - name: fixmycar-backend 2024-04-25T11:44:11.0599480Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/backend-vertex-ai-search:latest 2024-04-25T11:44:11.0599634Z 20 | imagePullPolicy: Always 2024-04-25T11:44:11.0599757Z 21 | ports: 2024-04-25T11:44:11.0599992Z 22 | - containerPort: 3100 2024-04-25T11:44:11.0600116Z 23 | resources: 2024-04-25T11:44:11.0600239Z 24 | limits: 2024-04-25T11:44:11.0600464Z 25 | cpu: "1" 2024-04-25T11:44:11.0600593Z 26 | memory: "2Gi" 2024-04-25T11:44:11.0600788Z 27 | env: 2024-04-25T11:44:11.0601016Z 28 | - name: LOG_LEVEL 2024-04-25T11:44:11.0601147Z 29 | value: "debug" 2024-04-25T11:44:11.0601331Z 30 | - name: GCP_PROJECT_ID 2024-04-25T11:44:11.0601621Z 31 | value: "PROJECT-ID" 2024-04-25T11:44:11.0601834Z 32 | - name: VERTEX_AI_DATASTORE_ID 2024-04-25T11:44:11.0602095Z 33 | value: "YOUR-DATASTORE-ID" 2024-04-25T11:44:11.0602248Z 34 | serviceAccountName: fixmycar 2024-04-25T11:44:11.0602254Z 2024-04-25T11:44:11.0602499Z Check: CKV_K8S_23: "Minimize the admission of root containers" 2024-04-25T11:44:11.0602887Z FAILED for resource: Deployment.default.fixmycar-backend 2024-04-25T11:44:11.0603363Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/backend-deployment.yaml:1-34 2024-04-25T11:44:11.0604059Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-22 2024-04-25T11:44:11.0604064Z 2024-04-25T11:44:11.0604253Z 1 | apiVersion: apps/v1 2024-04-25T11:44:11.0604380Z 2 | kind: Deployment 2024-04-25T11:44:11.0604497Z 3 | metadata: 2024-04-25T11:44:11.0604770Z 4 | name: fixmycar-backend 2024-04-25T11:44:11.0604886Z 5 | labels: 2024-04-25T11:44:11.0605110Z 6 | app: fixmycar-backend 2024-04-25T11:44:11.0605225Z 7 | spec: 2024-04-25T11:44:11.0605348Z 8 | replicas: 1 2024-04-25T11:44:11.0605503Z 9 | selector: 2024-04-25T11:44:11.0605692Z 10 | matchLabels: 2024-04-25T11:44:11.0605867Z 11 | app: fixmycar-backend 2024-04-25T11:44:11.0606242Z 12 | template: 2024-04-25T11:44:11.0606365Z 13 | metadata: 2024-04-25T11:44:11.0606481Z 14 | labels: 2024-04-25T11:44:11.0606691Z 15 | app: fixmycar-backend 2024-04-25T11:44:11.0606876Z 16 | spec: 2024-04-25T11:44:11.0607021Z 17 | containers: 2024-04-25T11:44:11.0607237Z 18 | - name: fixmycar-backend 2024-04-25T11:44:11.0607711Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/backend-vertex-ai-search:latest 2024-04-25T11:44:11.0607864Z 20 | imagePullPolicy: Always 2024-04-25T11:44:11.0608018Z 21 | ports: 2024-04-25T11:44:11.0608268Z 22 | - containerPort: 3100 2024-04-25T11:44:11.0608410Z 23 | resources: 2024-04-25T11:44:11.0608567Z 24 | limits: 2024-04-25T11:44:11.0608693Z 25 | cpu: "1" 2024-04-25T11:44:11.0608823Z 26 | memory: "2Gi" 2024-04-25T11:44:11.0608979Z 27 | env: 2024-04-25T11:44:11.0609230Z 28 | - name: LOG_LEVEL 2024-04-25T11:44:11.0609360Z 29 | value: "debug" 2024-04-25T11:44:11.0609582Z 30 | - name: GCP_PROJECT_ID 2024-04-25T11:44:11.0609763Z 31 | value: "PROJECT-ID" 2024-04-25T11:44:11.0610008Z 32 | - name: VERTEX_AI_DATASTORE_ID 2024-04-25T11:44:11.0610212Z 33 | value: "YOUR-DATASTORE-ID" 2024-04-25T11:44:11.0610450Z 34 | serviceAccountName: fixmycar 2024-04-25T11:44:11.0610649Z 2024-04-25T11:44:11.0611048Z Check: CKV_K8S_38: "Ensure that Service Account Tokens are only mounted where necessary" 2024-04-25T11:44:11.0611334Z FAILED for resource: Deployment.default.fixmycar-backend 2024-04-25T11:44:11.0611800Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/backend-deployment.yaml:1-34 2024-04-25T11:44:11.0612549Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-35 2024-04-25T11:44:11.0612554Z 2024-04-25T11:44:11.0612690Z 1 | apiVersion: apps/v1 2024-04-25T11:44:11.0612926Z 2 | kind: Deployment 2024-04-25T11:44:11.0613048Z 3 | metadata: 2024-04-25T11:44:11.0613215Z 4 | name: fixmycar-backend 2024-04-25T11:44:11.0613367Z 5 | labels: 2024-04-25T11:44:11.0613553Z 6 | app: fixmycar-backend 2024-04-25T11:44:11.0613669Z 7 | spec: 2024-04-25T11:44:11.0613900Z 8 | replicas: 1 2024-04-25T11:44:11.0614018Z 9 | selector: 2024-04-25T11:44:11.0614147Z 10 | matchLabels: 2024-04-25T11:44:11.0614373Z 11 | app: fixmycar-backend 2024-04-25T11:44:11.0614492Z 12 | template: 2024-04-25T11:44:11.0614609Z 13 | metadata: 2024-04-25T11:44:11.0614825Z 14 | labels: 2024-04-25T11:44:11.0614998Z 15 | app: fixmycar-backend 2024-04-25T11:44:11.0615116Z 16 | spec: 2024-04-25T11:44:11.0615291Z 17 | containers: 2024-04-25T11:44:11.0615471Z 18 | - name: fixmycar-backend 2024-04-25T11:44:11.0616156Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/backend-vertex-ai-search:latest 2024-04-25T11:44:11.0616421Z 20 | imagePullPolicy: Always 2024-04-25T11:44:11.0616540Z 21 | ports: 2024-04-25T11:44:11.0616729Z 22 | - containerPort: 3100 2024-04-25T11:44:11.0616909Z 23 | resources: 2024-04-25T11:44:11.0617032Z 24 | limits: 2024-04-25T11:44:11.0617160Z 25 | cpu: "1" 2024-04-25T11:44:11.0617397Z 26 | memory: "2Gi" 2024-04-25T11:44:11.0617516Z 27 | env: 2024-04-25T11:44:11.0617737Z 28 | - name: LOG_LEVEL 2024-04-25T11:44:11.0617868Z 29 | value: "debug" 2024-04-25T11:44:11.0618052Z 30 | - name: GCP_PROJECT_ID 2024-04-25T11:44:11.0618334Z 31 | value: "PROJECT-ID" 2024-04-25T11:44:11.0618545Z 32 | - name: VERTEX_AI_DATASTORE_ID 2024-04-25T11:44:11.0618750Z 33 | value: "YOUR-DATASTORE-ID" 2024-04-25T11:44:11.0618954Z 34 | serviceAccountName: fixmycar 2024-04-25T11:44:11.0619112Z 2024-04-25T11:44:11.0619341Z Check: CKV_K8S_9: "Readiness Probe Should be Configured" 2024-04-25T11:44:11.0619628Z FAILED for resource: Deployment.default.fixmycar-backend 2024-04-25T11:44:11.0620206Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/backend-deployment.yaml:1-34 2024-04-25T11:44:11.0620892Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-8 2024-04-25T11:44:11.0620904Z 2024-04-25T11:44:11.0621093Z 1 | apiVersion: apps/v1 2024-04-25T11:44:11.0621218Z 2 | kind: Deployment 2024-04-25T11:44:11.0621337Z 3 | metadata: 2024-04-25T11:44:11.0621626Z 4 | name: fixmycar-backend 2024-04-25T11:44:11.0621812Z 5 | labels: 2024-04-25T11:44:11.0622001Z 6 | app: fixmycar-backend 2024-04-25T11:44:11.0622153Z 7 | spec: 2024-04-25T11:44:11.0622275Z 8 | replicas: 1 2024-04-25T11:44:11.0622395Z 9 | selector: 2024-04-25T11:44:11.0622562Z 10 | matchLabels: 2024-04-25T11:44:11.0622802Z 11 | app: fixmycar-backend 2024-04-25T11:44:11.0622939Z 12 | template: 2024-04-25T11:44:11.0623093Z 13 | metadata: 2024-04-25T11:44:11.0623213Z 14 | labels: 2024-04-25T11:44:11.0623392Z 15 | app: fixmycar-backend 2024-04-25T11:44:11.0623543Z 16 | spec: 2024-04-25T11:44:11.0623747Z 17 | containers: 2024-04-25T11:44:11.0623928Z 18 | - name: fixmycar-backend 2024-04-25T11:44:11.0624598Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/backend-vertex-ai-search:latest 2024-04-25T11:44:11.0624747Z 20 | imagePullPolicy: Always 2024-04-25T11:44:11.0624867Z 21 | ports: 2024-04-25T11:44:11.0625105Z 22 | - containerPort: 3100 2024-04-25T11:44:11.0625299Z 23 | resources: 2024-04-25T11:44:11.0625420Z 24 | limits: 2024-04-25T11:44:11.0625582Z 25 | cpu: "1" 2024-04-25T11:44:11.0625787Z 26 | memory: "2Gi" 2024-04-25T11:44:11.0625963Z 27 | env: 2024-04-25T11:44:11.0626134Z 28 | - name: LOG_LEVEL 2024-04-25T11:44:11.0626335Z 29 | value: "debug" 2024-04-25T11:44:11.0626559Z 30 | - name: GCP_PROJECT_ID 2024-04-25T11:44:11.0626736Z 31 | value: "PROJECT-ID" 2024-04-25T11:44:11.0626946Z 32 | - name: VERTEX_AI_DATASTORE_ID 2024-04-25T11:44:11.0627201Z 33 | value: "YOUR-DATASTORE-ID" 2024-04-25T11:44:11.0627359Z 34 | serviceAccountName: fixmycar 2024-04-25T11:44:11.0627364Z 2024-04-25T11:44:11.0627669Z Check: CKV_K8S_21: "The default namespace should not be used" 2024-04-25T11:44:11.0627980Z FAILED for resource: Service.default.fixmycar-frontend 2024-04-25T11:44:11.0628442Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/frontend-service.yaml:1-13 2024-04-25T11:44:11.0629183Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-20 2024-04-25T11:44:11.0629193Z 2024-04-25T11:44:11.0629320Z 1 | apiVersion: v1 2024-04-25T11:44:11.0629443Z 2 | kind: Service 2024-04-25T11:44:11.0629661Z 3 | metadata: 2024-04-25T11:44:11.0629834Z 4 | name: fixmycar-frontend 2024-04-25T11:44:11.0629952Z 5 | spec: 2024-04-25T11:44:11.0630130Z 6 | type: ClusterIP 2024-04-25T11:44:11.0630250Z 7 | selector: 2024-04-25T11:44:11.0630423Z 8 | app: fixmycar-frontend 2024-04-25T11:44:11.0630645Z 9 | ports: 2024-04-25T11:44:11.0630844Z 10 | - name: fixmycar-frontend-port 2024-04-25T11:44:11.0630973Z 11 | protocol: TCP 2024-04-25T11:44:11.0631225Z 12 | port: 80 2024-04-25T11:44:11.0631356Z 13 | targetPort: 8501 2024-04-25T11:44:11.0631362Z 2024-04-25T11:44:11.0631717Z Check: CKV_K8S_22: "Use read-only filesystem for containers where possible" 2024-04-25T11:44:11.0632107Z FAILED for resource: Deployment.default.fixmycar-frontend 2024-04-25T11:44:11.0632708Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/frontend-deployment.yaml:1-44 2024-04-25T11:44:11.0633456Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-21 2024-04-25T11:44:11.0633462Z 2024-04-25T11:44:11.0633593Z 1 | apiVersion: apps/v1 2024-04-25T11:44:11.0633721Z 2 | kind: Deployment 2024-04-25T11:44:11.0633952Z 3 | metadata: 2024-04-25T11:44:11.0634126Z 4 | name: fixmycar-frontend 2024-04-25T11:44:11.0634265Z 5 | labels: 2024-04-25T11:44:11.0634471Z 6 | app: fixmycar-frontend 2024-04-25T11:44:11.0634589Z 7 | spec: 2024-04-25T11:44:11.0634711Z 8 | replicas: 1 2024-04-25T11:44:11.0634936Z 9 | selector: 2024-04-25T11:44:11.0635063Z 10 | matchLabels: 2024-04-25T11:44:11.0635257Z 11 | app: fixmycar-frontend 2024-04-25T11:44:11.0635412Z 12 | template: 2024-04-25T11:44:11.0635532Z 13 | metadata: 2024-04-25T11:44:11.0635648Z 14 | labels: 2024-04-25T11:44:11.0635927Z 15 | app: fixmycar-frontend 2024-04-25T11:44:11.0636066Z 16 | spec: 2024-04-25T11:44:11.0636267Z 17 | containers: 2024-04-25T11:44:11.0636499Z 18 | - name: fixmycar-frontend 2024-04-25T11:44:11.0636978Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-vertex-ai-search:latest 2024-04-25T11:44:11.0637165Z 20 | imagePullPolicy: Always 2024-04-25T11:44:11.0637360Z 21 | env: 2024-04-25T11:44:11.0637690Z 22 | - name: BACKEND_URL 2024-04-25T11:44:11.0638105Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080" 2024-04-25T11:44:11.0638227Z 24 | ports: 2024-04-25T11:44:11.0638410Z 25 | - containerPort: 8501 2024-04-25T11:44:11.0638601Z 26 | livenessProbe: 2024-04-25T11:44:11.0638807Z 27 | httpGet: 2024-04-25T11:44:11.0638959Z 28 | path: /_stcore/health 2024-04-25T11:44:11.0639125Z 29 | port: 8501 2024-04-25T11:44:11.0639263Z 30 | scheme: HTTP 2024-04-25T11:44:11.0639401Z 31 | timeoutSeconds: 1 2024-04-25T11:44:11.0639588Z 32 | readinessProbe: 2024-04-25T11:44:11.0639775Z 33 | httpGet: 2024-04-25T11:44:11.0639924Z 34 | path: /_stcore/health 2024-04-25T11:44:11.0640088Z 35 | port: 8501 2024-04-25T11:44:11.0640219Z 36 | scheme: HTTP 2024-04-25T11:44:11.0640360Z 37 | timeoutSeconds: 1 2024-04-25T11:44:11.0640538Z 38 | resources: 2024-04-25T11:44:11.0640720Z 39 | limits: 2024-04-25T11:44:11.0640936Z 40 | cpu: 1 2024-04-25T11:44:11.0641101Z 41 | memory: 2Gi 2024-04-25T11:44:11.0641225Z 42 | requests: 2024-04-25T11:44:11.0641404Z 43 | cpu: 100m 2024-04-25T11:44:11.0641536Z 44 | memory: 745Mi 2024-04-25T11:44:11.0641542Z 2024-04-25T11:44:11.0641846Z Check: CKV_K8S_21: "The default namespace should not be used" 2024-04-25T11:44:11.0642195Z FAILED for resource: Deployment.default.fixmycar-frontend 2024-04-25T11:44:11.0642688Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/frontend-deployment.yaml:1-44 2024-04-25T11:44:11.0643398Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-20 2024-04-25T11:44:11.0643403Z 2024-04-25T11:44:11.0643594Z 1 | apiVersion: apps/v1 2024-04-25T11:44:11.0643727Z 2 | kind: Deployment 2024-04-25T11:44:11.0643914Z 3 | metadata: 2024-04-25T11:44:11.0644126Z 4 | name: fixmycar-frontend 2024-04-25T11:44:11.0644243Z 5 | labels: 2024-04-25T11:44:11.0644473Z 6 | app: fixmycar-frontend 2024-04-25T11:44:11.0644590Z 7 | spec: 2024-04-25T11:44:11.0644717Z 8 | replicas: 1 2024-04-25T11:44:11.0644936Z 9 | selector: 2024-04-25T11:44:11.0645067Z 10 | matchLabels: 2024-04-25T11:44:11.0645244Z 11 | app: fixmycar-frontend 2024-04-25T11:44:11.0645416Z 12 | template: 2024-04-25T11:44:11.0645660Z 13 | metadata: 2024-04-25T11:44:11.0645849Z 14 | labels: 2024-04-25T11:44:11.0646138Z 15 | app: fixmycar-frontend 2024-04-25T11:44:11.0646258Z 16 | spec: 2024-04-25T11:44:11.0646404Z 17 | containers: 2024-04-25T11:44:11.0646631Z 18 | - name: fixmycar-frontend 2024-04-25T11:44:11.0647122Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-vertex-ai-search:latest 2024-04-25T11:44:11.0647279Z 20 | imagePullPolicy: Always 2024-04-25T11:44:11.0647498Z 21 | env: 2024-04-25T11:44:11.0647694Z 22 | - name: BACKEND_URL 2024-04-25T11:44:11.0648071Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080" 2024-04-25T11:44:11.0648230Z 24 | ports: 2024-04-25T11:44:11.0648413Z 25 | - containerPort: 8501 2024-04-25T11:44:11.0648545Z 26 | livenessProbe: 2024-04-25T11:44:11.0648780Z 27 | httpGet: 2024-04-25T11:44:11.0648952Z 28 | path: /_stcore/health 2024-04-25T11:44:11.0649114Z 29 | port: 8501 2024-04-25T11:44:11.0649243Z 30 | scheme: HTTP 2024-04-25T11:44:11.0649379Z 31 | timeoutSeconds: 1 2024-04-25T11:44:11.0649607Z 32 | readinessProbe: 2024-04-25T11:44:11.0649745Z 33 | httpGet: 2024-04-25T11:44:11.0649894Z 34 | path: /_stcore/health 2024-04-25T11:44:11.0650179Z 35 | port: 8501 2024-04-25T11:44:11.0650306Z 36 | scheme: HTTP 2024-04-25T11:44:11.0650486Z 37 | timeoutSeconds: 1 2024-04-25T11:44:11.0650732Z 38 | resources: 2024-04-25T11:44:11.0650853Z 39 | limits: 2024-04-25T11:44:11.0650973Z 40 | cpu: 1 2024-04-25T11:44:11.0651133Z 41 | memory: 2Gi 2024-04-25T11:44:11.0651257Z 42 | requests: 2024-04-25T11:44:11.0651384Z 43 | cpu: 100m 2024-04-25T11:44:11.0651635Z 44 | memory: 745Mi 2024-04-25T11:44:11.0651642Z 2024-04-25T11:44:11.0651988Z Check: CKV_K8S_37: "Minimize the admission of containers with capabilities assigned" 2024-04-25T11:44:11.0652286Z FAILED for resource: Deployment.default.fixmycar-frontend 2024-04-25T11:44:11.0652796Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/frontend-deployment.yaml:1-44 2024-04-25T11:44:11.0653486Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-34 2024-04-25T11:44:11.0653496Z 2024-04-25T11:44:11.0653680Z 1 | apiVersion: apps/v1 2024-04-25T11:44:11.0653878Z 2 | kind: Deployment 2024-04-25T11:44:11.0653995Z 3 | metadata: 2024-04-25T11:44:11.0654208Z 4 | name: fixmycar-frontend 2024-04-25T11:44:11.0654324Z 5 | labels: 2024-04-25T11:44:11.0654496Z 6 | app: fixmycar-frontend 2024-04-25T11:44:11.0654664Z 7 | spec: 2024-04-25T11:44:11.0654855Z 8 | replicas: 1 2024-04-25T11:44:11.0654973Z 9 | selector: 2024-04-25T11:44:11.0655134Z 10 | matchLabels: 2024-04-25T11:44:11.0655307Z 11 | app: fixmycar-frontend 2024-04-25T11:44:11.0655468Z 12 | template: 2024-04-25T11:44:11.0655645Z 13 | metadata: 2024-04-25T11:44:11.0656777Z 14 | labels: 2024-04-25T11:44:11.0657021Z 15 | app: fixmycar-frontend 2024-04-25T11:44:11.0657176Z 16 | spec: 2024-04-25T11:44:11.0657303Z 17 | containers: 2024-04-25T11:44:11.0657518Z 18 | - name: fixmycar-frontend 2024-04-25T11:44:11.0658055Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-vertex-ai-search:latest 2024-04-25T11:44:11.0658291Z 20 | imagePullPolicy: Always 2024-04-25T11:44:11.0658447Z 21 | env: 2024-04-25T11:44:11.0658627Z 22 | - name: BACKEND_URL 2024-04-25T11:44:11.0659010Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080" 2024-04-25T11:44:11.0659184Z 24 | ports: 2024-04-25T11:44:11.0659540Z 25 | - containerPort: 8501 2024-04-25T11:44:11.0659751Z 26 | livenessProbe: 2024-04-25T11:44:11.0659912Z 27 | httpGet: 2024-04-25T11:44:11.0660084Z 28 | path: /_stcore/health 2024-04-25T11:44:11.0660214Z 29 | port: 8501 2024-04-25T11:44:11.0660385Z 30 | scheme: HTTP 2024-04-25T11:44:11.0660522Z 31 | timeoutSeconds: 1 2024-04-25T11:44:11.0660726Z 32 | readinessProbe: 2024-04-25T11:44:11.0660885Z 33 | httpGet: 2024-04-25T11:44:11.0661049Z 34 | path: /_stcore/health 2024-04-25T11:44:11.0661219Z 35 | port: 8501 2024-04-25T11:44:11.0661382Z 36 | scheme: HTTP 2024-04-25T11:44:11.0661522Z 37 | timeoutSeconds: 1 2024-04-25T11:44:11.0661742Z 38 | resources: 2024-04-25T11:44:11.0661879Z 39 | limits: 2024-04-25T11:44:11.0662001Z 40 | cpu: 1 2024-04-25T11:44:11.0662166Z 41 | memory: 2Gi 2024-04-25T11:44:11.0662294Z 42 | requests: 2024-04-25T11:44:11.0662418Z 43 | cpu: 100m 2024-04-25T11:44:11.0662646Z 44 | memory: 745Mi 2024-04-25T11:44:11.0662653Z 2024-04-25T11:44:11.0662997Z Check: CKV_K8S_40: "Containers should run as a high UID to avoid host conflict" 2024-04-25T11:44:11.0663300Z FAILED for resource: Deployment.default.fixmycar-frontend 2024-04-25T11:44:11.0663971Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/frontend-deployment.yaml:1-44 2024-04-25T11:44:11.0664673Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-37 2024-04-25T11:44:11.0664679Z 2024-04-25T11:44:11.0664939Z 1 | apiVersion: apps/v1 2024-04-25T11:44:11.0665067Z 2 | kind: Deployment 2024-04-25T11:44:11.0665186Z 3 | metadata: 2024-04-25T11:44:11.0665398Z 4 | name: fixmycar-frontend 2024-04-25T11:44:11.0665514Z 5 | labels: 2024-04-25T11:44:11.0665690Z 6 | app: fixmycar-frontend 2024-04-25T11:44:11.0665922Z 7 | spec: 2024-04-25T11:44:11.0666046Z 8 | replicas: 1 2024-04-25T11:44:11.0666209Z 9 | selector: 2024-04-25T11:44:11.0666370Z 10 | matchLabels: 2024-04-25T11:44:11.0666547Z 11 | app: fixmycar-frontend 2024-04-25T11:44:11.0666666Z 12 | template: 2024-04-25T11:44:11.0666897Z 13 | metadata: 2024-04-25T11:44:11.0667014Z 14 | labels: 2024-04-25T11:44:11.0667199Z 15 | app: fixmycar-frontend 2024-04-25T11:44:11.0667351Z 16 | spec: 2024-04-25T11:44:11.0667476Z 17 | containers: 2024-04-25T11:44:11.0667662Z 18 | - name: fixmycar-frontend 2024-04-25T11:44:11.0668261Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-vertex-ai-search:latest 2024-04-25T11:44:11.0668414Z 20 | imagePullPolicy: Always 2024-04-25T11:44:11.0668533Z 21 | env: 2024-04-25T11:44:11.0668744Z 22 | - name: BACKEND_URL 2024-04-25T11:44:11.0669116Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080" 2024-04-25T11:44:11.0669254Z 24 | ports: 2024-04-25T11:44:11.0669537Z 25 | - containerPort: 8501 2024-04-25T11:44:11.0669669Z 26 | livenessProbe: 2024-04-25T11:44:11.0669829Z 27 | httpGet: 2024-04-25T11:44:11.0669979Z 28 | path: /_stcore/health 2024-04-25T11:44:11.0670111Z 29 | port: 8501 2024-04-25T11:44:11.0670292Z 30 | scheme: HTTP 2024-04-25T11:44:11.0670485Z 31 | timeoutSeconds: 1 2024-04-25T11:44:11.0670619Z 32 | readinessProbe: 2024-04-25T11:44:11.0670817Z 33 | httpGet: 2024-04-25T11:44:11.0670963Z 34 | path: /_stcore/health 2024-04-25T11:44:11.0671106Z 35 | port: 8501 2024-04-25T11:44:11.0671268Z 36 | scheme: HTTP 2024-04-25T11:44:11.0671459Z 37 | timeoutSeconds: 1 2024-04-25T11:44:11.0671582Z 38 | resources: 2024-04-25T11:44:11.0671862Z 39 | limits: 2024-04-25T11:44:11.0672004Z 40 | cpu: 1 2024-04-25T11:44:11.0672130Z 41 | memory: 2Gi 2024-04-25T11:44:11.0672289Z 42 | requests: 2024-04-25T11:44:11.0672483Z 43 | cpu: 100m 2024-04-25T11:44:11.0672618Z 44 | memory: 745Mi 2024-04-25T11:44:11.0672624Z 2024-04-25T11:44:11.0672963Z Check: CKV_K8S_29: "Apply security context to your pods and containers" 2024-04-25T11:44:11.0673264Z FAILED for resource: Deployment.default.fixmycar-frontend 2024-04-25T11:44:11.0673782Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/frontend-deployment.yaml:1-44 2024-04-25T11:44:11.0674796Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-securitycontext-is-applied-to-pods-and-containers 2024-04-25T11:44:11.0674802Z 2024-04-25T11:44:11.0675000Z 1 | apiVersion: apps/v1 2024-04-25T11:44:11.0675166Z 2 | kind: Deployment 2024-04-25T11:44:11.0675301Z 3 | metadata: 2024-04-25T11:44:11.0675473Z 4 | name: fixmycar-frontend 2024-04-25T11:44:11.0675625Z 5 | labels: 2024-04-25T11:44:11.0675795Z 6 | app: fixmycar-frontend 2024-04-25T11:44:11.0676020Z 7 | spec: 2024-04-25T11:44:11.0676193Z 8 | replicas: 1 2024-04-25T11:44:11.0676312Z 9 | selector: 2024-04-25T11:44:11.0676436Z 10 | matchLabels: 2024-04-25T11:44:11.0676778Z 11 | app: fixmycar-frontend 2024-04-25T11:44:11.0676900Z 12 | template: 2024-04-25T11:44:11.0677088Z 13 | metadata: 2024-04-25T11:44:11.0677260Z 14 | labels: 2024-04-25T11:44:11.0677437Z 15 | app: fixmycar-frontend 2024-04-25T11:44:11.0677589Z 16 | spec: 2024-04-25T11:44:11.0677720Z 17 | containers: 2024-04-25T11:44:11.0677908Z 18 | - name: fixmycar-frontend 2024-04-25T11:44:11.0678562Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-vertex-ai-search:latest 2024-04-25T11:44:11.0678723Z 20 | imagePullPolicy: Always 2024-04-25T11:44:11.0678842Z 21 | env: 2024-04-25T11:44:11.0679054Z 22 | - name: BACKEND_URL 2024-04-25T11:44:11.0679424Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080" 2024-04-25T11:44:11.0679549Z 24 | ports: 2024-04-25T11:44:11.0679875Z 25 | - containerPort: 8501 2024-04-25T11:44:11.0680011Z 26 | livenessProbe: 2024-04-25T11:44:11.0680133Z 27 | httpGet: 2024-04-25T11:44:11.0680317Z 28 | path: /_stcore/health 2024-04-25T11:44:11.0680443Z 29 | port: 8501 2024-04-25T11:44:11.0680624Z 30 | scheme: HTTP 2024-04-25T11:44:11.0680856Z 31 | timeoutSeconds: 1 2024-04-25T11:44:11.0680987Z 32 | readinessProbe: 2024-04-25T11:44:11.0681109Z 33 | httpGet: 2024-04-25T11:44:11.0681291Z 34 | path: /_stcore/health 2024-04-25T11:44:11.0681419Z 35 | port: 8501 2024-04-25T11:44:11.0681660Z 36 | scheme: HTTP 2024-04-25T11:44:11.0681795Z 37 | timeoutSeconds: 1 2024-04-25T11:44:11.0681917Z 38 | resources: 2024-04-25T11:44:11.0682074Z 39 | limits: 2024-04-25T11:44:11.0682192Z 40 | cpu: 1 2024-04-25T11:44:11.0682340Z 41 | memory: 2Gi 2024-04-25T11:44:11.0682560Z 42 | requests: 2024-04-25T11:44:11.0682690Z 43 | cpu: 100m 2024-04-25T11:44:11.0682822Z 44 | memory: 745Mi 2024-04-25T11:44:11.0682828Z 2024-04-25T11:44:11.0683111Z Check: CKV_K8S_30: "Apply security context to your containers" 2024-04-25T11:44:11.0683408Z FAILED for resource: Deployment.default.fixmycar-frontend 2024-04-25T11:44:11.0683903Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/frontend-deployment.yaml:1-44 2024-04-25T11:44:11.0684822Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-28 2024-04-25T11:44:11.0684831Z 2024-04-25T11:44:11.0684974Z 1 | apiVersion: apps/v1 2024-04-25T11:44:11.0685135Z 2 | kind: Deployment 2024-04-25T11:44:11.0685274Z 3 | metadata: 2024-04-25T11:44:11.0685491Z 4 | name: fixmycar-frontend 2024-04-25T11:44:11.0685639Z 5 | labels: 2024-04-25T11:44:11.0685884Z 6 | app: fixmycar-frontend 2024-04-25T11:44:11.0686002Z 7 | spec: 2024-04-25T11:44:11.0686164Z 8 | replicas: 1 2024-04-25T11:44:11.0686301Z 9 | selector: 2024-04-25T11:44:11.0686425Z 10 | matchLabels: 2024-04-25T11:44:11.0686636Z 11 | app: fixmycar-frontend 2024-04-25T11:44:11.0686817Z 12 | template: 2024-04-25T11:44:11.0686938Z 13 | metadata: 2024-04-25T11:44:11.0687108Z 14 | labels: 2024-04-25T11:44:11.0687289Z 15 | app: fixmycar-frontend 2024-04-25T11:44:11.0687408Z 16 | spec: 2024-04-25T11:44:11.0687566Z 17 | containers: 2024-04-25T11:44:11.0687812Z 18 | - name: fixmycar-frontend 2024-04-25T11:44:11.0688309Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-vertex-ai-search:latest 2024-04-25T11:44:11.0688509Z 20 | imagePullPolicy: Always 2024-04-25T11:44:11.0688628Z 21 | env: 2024-04-25T11:44:11.0688802Z 22 | - name: BACKEND_URL 2024-04-25T11:44:11.0689215Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080" 2024-04-25T11:44:11.0689542Z 24 | ports: 2024-04-25T11:44:11.0689788Z 25 | - containerPort: 8501 2024-04-25T11:44:11.0689921Z 26 | livenessProbe: 2024-04-25T11:44:11.0690086Z 27 | httpGet: 2024-04-25T11:44:11.0690269Z 28 | path: /_stcore/health 2024-04-25T11:44:11.0690397Z 29 | port: 8501 2024-04-25T11:44:11.0690589Z 30 | scheme: HTTP 2024-04-25T11:44:11.0690776Z 31 | timeoutSeconds: 1 2024-04-25T11:44:11.0690907Z 32 | readinessProbe: 2024-04-25T11:44:11.0691034Z 33 | httpGet: 2024-04-25T11:44:11.0691215Z 34 | path: /_stcore/health 2024-04-25T11:44:11.0691341Z 35 | port: 8501 2024-04-25T11:44:11.0691544Z 36 | scheme: HTTP 2024-04-25T11:44:11.0691715Z 37 | timeoutSeconds: 1 2024-04-25T11:44:11.0691840Z 38 | resources: 2024-04-25T11:44:11.0691962Z 39 | limits: 2024-04-25T11:44:11.0692118Z 40 | cpu: 1 2024-04-25T11:44:11.0692245Z 41 | memory: 2Gi 2024-04-25T11:44:11.0692448Z 42 | requests: 2024-04-25T11:44:11.0692608Z 43 | cpu: 100m 2024-04-25T11:44:11.0692736Z 44 | memory: 745Mi 2024-04-25T11:44:11.0692742Z 2024-04-25T11:44:11.0692948Z Check: CKV_K8S_43: "Image should use digest" 2024-04-25T11:44:11.0693244Z FAILED for resource: Deployment.default.fixmycar-frontend 2024-04-25T11:44:11.0693744Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/frontend-deployment.yaml:1-44 2024-04-25T11:44:11.0694545Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-39 2024-04-25T11:44:11.0694552Z 2024-04-25T11:44:11.0694685Z 1 | apiVersion: apps/v1 2024-04-25T11:44:11.0694851Z 2 | kind: Deployment 2024-04-25T11:44:11.0695003Z 3 | metadata: 2024-04-25T11:44:11.0695175Z 4 | name: fixmycar-frontend 2024-04-25T11:44:11.0695313Z 5 | labels: 2024-04-25T11:44:11.0695580Z 6 | app: fixmycar-frontend 2024-04-25T11:44:11.0695695Z 7 | spec: 2024-04-25T11:44:11.0695941Z 8 | replicas: 1 2024-04-25T11:44:11.0696097Z 9 | selector: 2024-04-25T11:44:11.0696238Z 10 | matchLabels: 2024-04-25T11:44:11.0696415Z 11 | app: fixmycar-frontend 2024-04-25T11:44:11.0696640Z 12 | template: 2024-04-25T11:44:11.0696762Z 13 | metadata: 2024-04-25T11:44:11.0696915Z 14 | labels: 2024-04-25T11:44:11.0697093Z 15 | app: fixmycar-frontend 2024-04-25T11:44:11.0697379Z 16 | spec: 2024-04-25T11:44:11.0697605Z 17 | containers: 2024-04-25T11:44:11.0697797Z 18 | - name: fixmycar-frontend 2024-04-25T11:44:11.0698282Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-vertex-ai-search:latest 2024-04-25T11:44:11.0698489Z 20 | imagePullPolicy: Always 2024-04-25T11:44:11.0698606Z 21 | env: 2024-04-25T11:44:11.0698785Z 22 | - name: BACKEND_URL 2024-04-25T11:44:11.0699255Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080" 2024-04-25T11:44:11.0699377Z 24 | ports: 2024-04-25T11:44:11.0699604Z 25 | - containerPort: 8501 2024-04-25T11:44:11.0699790Z 26 | livenessProbe: 2024-04-25T11:44:11.0699911Z 27 | httpGet: 2024-04-25T11:44:11.0700058Z 28 | path: /_stcore/health 2024-04-25T11:44:11.0700284Z 29 | port: 8501 2024-04-25T11:44:11.0700414Z 30 | scheme: HTTP 2024-04-25T11:44:11.0700553Z 31 | timeoutSeconds: 1 2024-04-25T11:44:11.0700740Z 32 | readinessProbe: 2024-04-25T11:44:11.0700860Z 33 | httpGet: 2024-04-25T11:44:11.0701040Z 34 | path: /_stcore/health 2024-04-25T11:44:11.0701231Z 35 | port: 8501 2024-04-25T11:44:11.0701362Z 36 | scheme: HTTP 2024-04-25T11:44:11.0701548Z 37 | timeoutSeconds: 1 2024-04-25T11:44:11.0701845Z 38 | resources: 2024-04-25T11:44:11.0701964Z 39 | limits: 2024-04-25T11:44:11.0702117Z 40 | cpu: 1 2024-04-25T11:44:11.0702312Z 41 | memory: 2Gi 2024-04-25T11:44:11.0702454Z 42 | requests: 2024-04-25T11:44:11.0702613Z 43 | cpu: 100m 2024-04-25T11:44:11.0702741Z 44 | memory: 745Mi 2024-04-25T11:44:11.0702747Z 2024-04-25T11:44:11.0703145Z Check: CKV_K8S_31: "Ensure that the seccomp profile is set to docker/default or runtime/default" 2024-04-25T11:44:11.0703480Z FAILED for resource: Deployment.default.fixmycar-frontend 2024-04-25T11:44:11.0704063Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/frontend-deployment.yaml:1-44 2024-04-25T11:44:11.0704809Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-29 2024-04-25T11:44:11.0704815Z 2024-04-25T11:44:11.0704946Z 1 | apiVersion: apps/v1 2024-04-25T11:44:11.0705078Z 2 | kind: Deployment 2024-04-25T11:44:11.0705228Z 3 | metadata: 2024-04-25T11:44:11.0705399Z 4 | name: fixmycar-frontend 2024-04-25T11:44:11.0705589Z 5 | labels: 2024-04-25T11:44:11.0705801Z 6 | app: fixmycar-frontend 2024-04-25T11:44:11.0705920Z 7 | spec: 2024-04-25T11:44:11.0706040Z 8 | replicas: 1 2024-04-25T11:44:11.0706191Z 9 | selector: 2024-04-25T11:44:11.0706312Z 10 | matchLabels: 2024-04-25T11:44:11.0706558Z 11 | app: fixmycar-frontend 2024-04-25T11:44:11.0706714Z 12 | template: 2024-04-25T11:44:11.0706835Z 13 | metadata: 2024-04-25T11:44:11.0706954Z 14 | labels: 2024-04-25T11:44:11.0707166Z 15 | app: fixmycar-frontend 2024-04-25T11:44:11.0707298Z 16 | spec: 2024-04-25T11:44:11.0707484Z 17 | containers: 2024-04-25T11:44:11.0707707Z 18 | - name: fixmycar-frontend 2024-04-25T11:44:11.0708189Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-vertex-ai-search:latest 2024-04-25T11:44:11.0708340Z 20 | imagePullPolicy: Always 2024-04-25T11:44:11.0708495Z 21 | env: 2024-04-25T11:44:11.0708687Z 22 | - name: BACKEND_URL 2024-04-25T11:44:11.0709196Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080" 2024-04-25T11:44:11.0709318Z 24 | ports: 2024-04-25T11:44:11.0709500Z 25 | - containerPort: 8501 2024-04-25T11:44:11.0709666Z 26 | livenessProbe: 2024-04-25T11:44:11.0709805Z 27 | httpGet: 2024-04-25T11:44:11.0710076Z 28 | path: /_stcore/health 2024-04-25T11:44:11.0710311Z 29 | port: 8501 2024-04-25T11:44:11.0710443Z 30 | scheme: HTTP 2024-04-25T11:44:11.0710579Z 31 | timeoutSeconds: 1 2024-04-25T11:44:11.0710765Z 32 | readinessProbe: 2024-04-25T11:44:11.0710885Z 33 | httpGet: 2024-04-25T11:44:11.0711033Z 34 | path: /_stcore/health 2024-04-25T11:44:11.0711261Z 35 | port: 8501 2024-04-25T11:44:11.0711388Z 36 | scheme: HTTP 2024-04-25T11:44:11.0711523Z 37 | timeoutSeconds: 1 2024-04-25T11:44:11.0711697Z 38 | resources: 2024-04-25T11:44:11.0711816Z 39 | limits: 2024-04-25T11:44:11.0711936Z 40 | cpu: 1 2024-04-25T11:44:11.0712162Z 41 | memory: 2Gi 2024-04-25T11:44:11.0712285Z 42 | requests: 2024-04-25T11:44:11.0712410Z 43 | cpu: 100m 2024-04-25T11:44:11.0712603Z 44 | memory: 745Mi 2024-04-25T11:44:11.0712609Z 2024-04-25T11:44:11.0712996Z Check: CKV_K8S_28: "Minimize the admission of containers with the NET_RAW capability" 2024-04-25T11:44:11.0713396Z FAILED for resource: Deployment.default.fixmycar-frontend 2024-04-25T11:44:11.0713878Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/frontend-deployment.yaml:1-44 2024-04-25T11:44:11.0714574Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-27 2024-04-25T11:44:11.0714720Z 2024-04-25T11:44:11.0714893Z 1 | apiVersion: apps/v1 2024-04-25T11:44:11.0715018Z 2 | kind: Deployment 2024-04-25T11:44:11.0715135Z 3 | metadata: 2024-04-25T11:44:11.0715416Z 4 | name: fixmycar-frontend 2024-04-25T11:44:11.0715533Z 5 | labels: 2024-04-25T11:44:11.0715723Z 6 | app: fixmycar-frontend 2024-04-25T11:44:11.0715874Z 7 | spec: 2024-04-25T11:44:11.0715996Z 8 | replicas: 1 2024-04-25T11:44:11.0716149Z 9 | selector: 2024-04-25T11:44:11.0716339Z 10 | matchLabels: 2024-04-25T11:44:11.0716533Z 11 | app: fixmycar-frontend 2024-04-25T11:44:11.0716687Z 12 | template: 2024-04-25T11:44:11.0716804Z 13 | metadata: 2024-04-25T11:44:11.0716919Z 14 | labels: 2024-04-25T11:44:11.0717130Z 15 | app: fixmycar-frontend 2024-04-25T11:44:11.0717307Z 16 | spec: 2024-04-25T11:44:11.0717448Z 17 | containers: 2024-04-25T11:44:11.0717671Z 18 | - name: fixmycar-frontend 2024-04-25T11:44:11.0718149Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-vertex-ai-search:latest 2024-04-25T11:44:11.0718336Z 20 | imagePullPolicy: Always 2024-04-25T11:44:11.0718493Z 21 | env: 2024-04-25T11:44:11.0718754Z 22 | - name: BACKEND_URL 2024-04-25T11:44:11.0719127Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080" 2024-04-25T11:44:11.0719284Z 24 | ports: 2024-04-25T11:44:11.0719469Z 25 | - containerPort: 8501 2024-04-25T11:44:11.0719599Z 26 | livenessProbe: 2024-04-25T11:44:11.0719757Z 27 | httpGet: 2024-04-25T11:44:11.0719983Z 28 | path: /_stcore/health 2024-04-25T11:44:11.0720110Z 29 | port: 8501 2024-04-25T11:44:11.0720274Z 30 | scheme: HTTP 2024-04-25T11:44:11.0720408Z 31 | timeoutSeconds: 1 2024-04-25T11:44:11.0720578Z 32 | readinessProbe: 2024-04-25T11:44:11.0720717Z 33 | httpGet: 2024-04-25T11:44:11.0720923Z 34 | path: /_stcore/health 2024-04-25T11:44:11.0721083Z 35 | port: 8501 2024-04-25T11:44:11.0721210Z 36 | scheme: HTTP 2024-04-25T11:44:11.0721343Z 37 | timeoutSeconds: 1 2024-04-25T11:44:11.0721500Z 38 | resources: 2024-04-25T11:44:11.0721637Z 39 | limits: 2024-04-25T11:44:11.0721821Z 40 | cpu: 1 2024-04-25T11:44:11.0721985Z 41 | memory: 2Gi 2024-04-25T11:44:11.0722276Z 42 | requests: 2024-04-25T11:44:11.0722404Z 43 | cpu: 100m 2024-04-25T11:44:11.0722586Z 44 | memory: 745Mi 2024-04-25T11:44:11.0722593Z 2024-04-25T11:44:11.0722924Z Check: CKV_K8S_14: "Image Tag should be fixed - not latest or blank" 2024-04-25T11:44:11.0723283Z FAILED for resource: Deployment.default.fixmycar-frontend 2024-04-25T11:44:11.0723796Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/frontend-deployment.yaml:1-44 2024-04-25T11:44:11.0724484Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-13 2024-04-25T11:44:11.0724490Z 2024-04-25T11:44:11.0724678Z 1 | apiVersion: apps/v1 2024-04-25T11:44:11.0724803Z 2 | kind: Deployment 2024-04-25T11:44:11.0724923Z 3 | metadata: 2024-04-25T11:44:11.0725189Z 4 | name: fixmycar-frontend 2024-04-25T11:44:11.0725309Z 5 | labels: 2024-04-25T11:44:11.0725484Z 6 | app: fixmycar-frontend 2024-04-25T11:44:11.0725651Z 7 | spec: 2024-04-25T11:44:11.0725773Z 8 | replicas: 1 2024-04-25T11:44:11.0725891Z 9 | selector: 2024-04-25T11:44:11.0726110Z 10 | matchLabels: 2024-04-25T11:44:11.0726283Z 11 | app: fixmycar-frontend 2024-04-25T11:44:11.0726400Z 12 | template: 2024-04-25T11:44:11.0726571Z 13 | metadata: 2024-04-25T11:44:11.0726687Z 14 | labels: 2024-04-25T11:44:11.0726991Z 15 | app: fixmycar-frontend 2024-04-25T11:44:11.0727215Z 16 | spec: 2024-04-25T11:44:11.0727404Z 17 | containers: 2024-04-25T11:44:11.0727590Z 18 | - name: fixmycar-frontend 2024-04-25T11:44:11.0728101Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-vertex-ai-search:latest 2024-04-25T11:44:11.0728247Z 20 | imagePullPolicy: Always 2024-04-25T11:44:11.0728461Z 21 | env: 2024-04-25T11:44:11.0728639Z 22 | - name: BACKEND_URL 2024-04-25T11:44:11.0729028Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080" 2024-04-25T11:44:11.0729185Z 24 | ports: 2024-04-25T11:44:11.0729364Z 25 | - containerPort: 8501 2024-04-25T11:44:11.0729495Z 26 | livenessProbe: 2024-04-25T11:44:11.0729714Z 27 | httpGet: 2024-04-25T11:44:11.0729878Z 28 | path: /_stcore/health 2024-04-25T11:44:11.0730004Z 29 | port: 8501 2024-04-25T11:44:11.0730170Z 30 | scheme: HTTP 2024-04-25T11:44:11.0730306Z 31 | timeoutSeconds: 1 2024-04-25T11:44:11.0730438Z 32 | readinessProbe: 2024-04-25T11:44:11.0730653Z 33 | httpGet: 2024-04-25T11:44:11.0730816Z 34 | path: /_stcore/health 2024-04-25T11:44:11.0730943Z 35 | port: 8501 2024-04-25T11:44:11.0731105Z 36 | scheme: HTTP 2024-04-25T11:44:11.0731239Z 37 | timeoutSeconds: 1 2024-04-25T11:44:11.0731363Z 38 | resources: 2024-04-25T11:44:11.0731602Z 39 | limits: 2024-04-25T11:44:11.0731765Z 40 | cpu: 1 2024-04-25T11:44:11.0731924Z 41 | memory: 2Gi 2024-04-25T11:44:11.0732048Z 42 | requests: 2024-04-25T11:44:11.0732172Z 43 | cpu: 100m 2024-04-25T11:44:11.0732333Z 44 | memory: 745Mi 2024-04-25T11:44:11.0732339Z 2024-04-25T11:44:11.0732732Z Check: CKV_K8S_20: "Containers should not run with allowPrivilegeEscalation" 2024-04-25T11:44:11.0733031Z FAILED for resource: Deployment.default.fixmycar-frontend 2024-04-25T11:44:11.0733547Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/frontend-deployment.yaml:1-44 2024-04-25T11:44:11.0734235Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-19 2024-04-25T11:44:11.0734240Z 2024-04-25T11:44:11.0734371Z 1 | apiVersion: apps/v1 2024-04-25T11:44:11.0734549Z 2 | kind: Deployment 2024-04-25T11:44:11.0734850Z 3 | metadata: 2024-04-25T11:44:11.0735063Z 4 | name: fixmycar-frontend 2024-04-25T11:44:11.0735181Z 5 | labels: 2024-04-25T11:44:11.0735351Z 6 | app: fixmycar-frontend 2024-04-25T11:44:11.0735518Z 7 | spec: 2024-04-25T11:44:11.0735648Z 8 | replicas: 1 2024-04-25T11:44:11.0736278Z 9 | selector: 2024-04-25T11:44:11.0736456Z 10 | matchLabels: 2024-04-25T11:44:11.0736645Z 11 | app: fixmycar-frontend 2024-04-25T11:44:11.0736771Z 12 | template: 2024-04-25T11:44:11.0736940Z 13 | metadata: 2024-04-25T11:44:11.0737055Z 14 | labels: 2024-04-25T11:44:11.0737351Z 15 | app: fixmycar-frontend 2024-04-25T11:44:11.0737506Z 16 | spec: 2024-04-25T11:44:11.0737632Z 17 | containers: 2024-04-25T11:44:11.0737819Z 18 | - name: fixmycar-frontend 2024-04-25T11:44:11.0738356Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-vertex-ai-search:latest 2024-04-25T11:44:11.0738505Z 20 | imagePullPolicy: Always 2024-04-25T11:44:11.0738693Z 21 | env: 2024-04-25T11:44:11.0738904Z 22 | - name: BACKEND_URL 2024-04-25T11:44:11.0739277Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080" 2024-04-25T11:44:11.0739419Z 24 | ports: 2024-04-25T11:44:11.0739637Z 25 | - containerPort: 8501 2024-04-25T11:44:11.0739767Z 26 | livenessProbe: 2024-04-25T11:44:11.0740131Z 27 | httpGet: 2024-04-25T11:44:11.0740318Z 28 | path: /_stcore/health 2024-04-25T11:44:11.0740468Z 29 | port: 8501 2024-04-25T11:44:11.0740636Z 30 | scheme: HTTP 2024-04-25T11:44:11.0740771Z 31 | timeoutSeconds: 1 2024-04-25T11:44:11.0740905Z 32 | readinessProbe: 2024-04-25T11:44:11.0741131Z 33 | httpGet: 2024-04-25T11:44:11.0741293Z 34 | path: /_stcore/health 2024-04-25T11:44:11.0741419Z 35 | port: 8501 2024-04-25T11:44:11.0741585Z 36 | scheme: HTTP 2024-04-25T11:44:11.0741759Z 37 | timeoutSeconds: 1 2024-04-25T11:44:11.0741881Z 38 | resources: 2024-04-25T11:44:11.0742100Z 39 | limits: 2024-04-25T11:44:11.0742237Z 40 | cpu: 1 2024-04-25T11:44:11.0742363Z 41 | memory: 2Gi 2024-04-25T11:44:11.0742524Z 42 | requests: 2024-04-25T11:44:11.0742649Z 43 | cpu: 100m 2024-04-25T11:44:11.0742782Z 44 | memory: 745Mi 2024-04-25T11:44:11.0742788Z 2024-04-25T11:44:11.0743145Z Check: CKV_K8S_23: "Minimize the admission of root containers" 2024-04-25T11:44:11.0743442Z FAILED for resource: Deployment.default.fixmycar-frontend 2024-04-25T11:44:11.0743962Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/frontend-deployment.yaml:1-44 2024-04-25T11:44:11.0744656Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-22 2024-04-25T11:44:11.0744666Z 2024-04-25T11:44:11.0744797Z 1 | apiVersion: apps/v1 2024-04-25T11:44:11.0745019Z 2 | kind: Deployment 2024-04-25T11:44:11.0745156Z 3 | metadata: 2024-04-25T11:44:11.0745331Z 4 | name: fixmycar-frontend 2024-04-25T11:44:11.0745481Z 5 | labels: 2024-04-25T11:44:11.0745653Z 6 | app: fixmycar-frontend 2024-04-25T11:44:11.0745768Z 7 | spec: 2024-04-25T11:44:11.0746007Z 8 | replicas: 1 2024-04-25T11:44:11.0746130Z 9 | selector: 2024-04-25T11:44:11.0746256Z 10 | matchLabels: 2024-04-25T11:44:11.0746464Z 11 | app: fixmycar-frontend 2024-04-25T11:44:11.0746581Z 12 | template: 2024-04-25T11:44:11.0746732Z 13 | metadata: 2024-04-25T11:44:11.0746965Z 14 | labels: 2024-04-25T11:44:11.0747150Z 15 | app: fixmycar-frontend 2024-04-25T11:44:11.0747267Z 16 | spec: 2024-04-25T11:44:11.0747428Z 17 | containers: 2024-04-25T11:44:11.0747615Z 18 | - name: fixmycar-frontend 2024-04-25T11:44:11.0748288Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-vertex-ai-search:latest 2024-04-25T11:44:11.0748512Z 20 | imagePullPolicy: Always 2024-04-25T11:44:11.0748632Z 21 | env: 2024-04-25T11:44:11.0748851Z 22 | - name: BACKEND_URL 2024-04-25T11:44:11.0749226Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080" 2024-04-25T11:44:11.0749347Z 24 | ports: 2024-04-25T11:44:11.0749585Z 25 | - containerPort: 8501 2024-04-25T11:44:11.0749782Z 26 | livenessProbe: 2024-04-25T11:44:11.0749906Z 27 | httpGet: 2024-04-25T11:44:11.0750093Z 28 | path: /_stcore/health 2024-04-25T11:44:11.0750217Z 29 | port: 8501 2024-04-25T11:44:11.0750366Z 30 | scheme: HTTP 2024-04-25T11:44:11.0750537Z 31 | timeoutSeconds: 1 2024-04-25T11:44:11.0750744Z 32 | readinessProbe: 2024-04-25T11:44:11.0750867Z 33 | httpGet: 2024-04-25T11:44:11.0751052Z 34 | path: /_stcore/health 2024-04-25T11:44:11.0751216Z 35 | port: 8501 2024-04-25T11:44:11.0751359Z 36 | scheme: HTTP 2024-04-25T11:44:11.0751528Z 37 | timeoutSeconds: 1 2024-04-25T11:44:11.0751705Z 38 | resources: 2024-04-25T11:44:11.0751859Z 39 | limits: 2024-04-25T11:44:11.0751981Z 40 | cpu: 1 2024-04-25T11:44:11.0752248Z 41 | memory: 2Gi 2024-04-25T11:44:11.0752409Z 42 | requests: 2024-04-25T11:44:11.0752536Z 43 | cpu: 100m 2024-04-25T11:44:11.0752730Z 44 | memory: 745Mi 2024-04-25T11:44:11.0752737Z 2024-04-25T11:44:11.0753131Z Check: CKV_K8S_38: "Ensure that Service Account Tokens are only mounted where necessary" 2024-04-25T11:44:11.0753447Z FAILED for resource: Deployment.default.fixmycar-frontend 2024-04-25T11:44:11.0753926Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/frontend-deployment.yaml:1-44 2024-04-25T11:44:11.0754662Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-35 2024-04-25T11:44:11.0754669Z 2024-04-25T11:44:11.0754800Z 1 | apiVersion: apps/v1 2024-04-25T11:44:11.0755036Z 2 | kind: Deployment 2024-04-25T11:44:11.0755172Z 3 | metadata: 2024-04-25T11:44:11.0755342Z 4 | name: fixmycar-frontend 2024-04-25T11:44:11.0755496Z 5 | labels: 2024-04-25T11:44:11.0755668Z 6 | app: fixmycar-frontend 2024-04-25T11:44:11.0755877Z 7 | spec: 2024-04-25T11:44:11.0756116Z 8 | replicas: 1 2024-04-25T11:44:11.0756272Z 9 | selector: 2024-04-25T11:44:11.0756395Z 10 | matchLabels: 2024-04-25T11:44:11.0756608Z 11 | app: fixmycar-frontend 2024-04-25T11:44:11.0756729Z 12 | template: 2024-04-25T11:44:11.0756850Z 13 | metadata: 2024-04-25T11:44:11.0757073Z 14 | labels: 2024-04-25T11:44:11.0757253Z 15 | app: fixmycar-frontend 2024-04-25T11:44:11.0757369Z 16 | spec: 2024-04-25T11:44:11.0757530Z 17 | containers: 2024-04-25T11:44:11.0757712Z 18 | - name: fixmycar-frontend 2024-04-25T11:44:11.0758195Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-vertex-ai-search:latest 2024-04-25T11:44:11.1000919Z 20 | imagePullPolicy: Always 2024-04-25T11:44:11.1001051Z 21 | env: 2024-04-25T11:44:11.1001525Z 22 | - name: BACKEND_URL 2024-04-25T11:44:11.1002078Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080" 2024-04-25T11:44:11.1002236Z 24 | ports: 2024-04-25T11:44:11.1002488Z 25 | - containerPort: 8501 2024-04-25T11:44:11.1002634Z 26 | livenessProbe: 2024-04-25T11:44:11.1002768Z 27 | httpGet: 2024-04-25T11:44:11.1002950Z 28 | path: /_stcore/health 2024-04-25T11:44:11.1003107Z 29 | port: 8501 2024-04-25T11:44:11.1003253Z 30 | scheme: HTTP 2024-04-25T11:44:11.1004022Z 31 | timeoutSeconds: 1 2024-04-25T11:44:11.1004200Z 32 | readinessProbe: 2024-04-25T11:44:11.1004342Z 33 | httpGet: 2024-04-25T11:44:11.1004537Z 34 | path: /_stcore/health 2024-04-25T11:44:11.1004687Z 35 | port: 8501 2024-04-25T11:44:11.1004839Z 36 | scheme: HTTP 2024-04-25T11:44:11.1005011Z 37 | timeoutSeconds: 1 2024-04-25T11:44:11.1005177Z 38 | resources: 2024-04-25T11:44:11.1005320Z 39 | limits: 2024-04-25T11:44:11.1005471Z 40 | cpu: 1 2024-04-25T11:44:11.1005623Z 41 | memory: 2Gi 2024-04-25T11:44:11.1005769Z 42 | requests: 2024-04-25T11:44:11.1005914Z 43 | cpu: 100m 2024-04-25T11:44:11.1006063Z 44 | memory: 745Mi 2024-04-25T11:44:11.1006073Z 2024-04-25T11:44:11.1006590Z Check: CKV2_K8S_6: "Minimize the admission of pods which lack an associated NetworkPolicy" 2024-04-25T11:44:11.1007173Z FAILED for resource: Pod.default.fixmycar-backend.app-fixmycar-backend 2024-04-25T11:44:11.1007786Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/backend-deployment.yaml:1-59 2024-04-25T11:44:11.1007794Z 2024-04-25T11:44:11.1008301Z Code lines for this resource are too many. Please use IDE of your choice to review the file. 2024-04-25T11:44:11.1008878Z Check: CKV2_K8S_6: "Minimize the admission of pods which lack an associated NetworkPolicy" 2024-04-25T11:44:11.1009894Z FAILED for resource: Pod.default.fixmycar-frontend.app-fixmycar-frontend 2024-04-25T11:44:11.1010534Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/frontend-deployment.yaml:1-44 2024-04-25T11:44:11.1010545Z 2024-04-25T11:44:11.1010710Z 1 | apiVersion: apps/v1 2024-04-25T11:44:11.1010876Z 2 | kind: Deployment 2024-04-25T11:44:11.1011019Z 3 | metadata: 2024-04-25T11:44:11.1011309Z 4 | name: fixmycar-frontend 2024-04-25T11:44:11.1011477Z 5 | labels: 2024-04-25T11:44:11.1011716Z 6 | app: fixmycar-frontend 2024-04-25T11:44:11.1011844Z 7 | spec: 2024-04-25T11:44:11.1011992Z 8 | replicas: 1 2024-04-25T11:44:11.1012120Z 9 | selector: 2024-04-25T11:44:11.1012273Z 10 | matchLabels: 2024-04-25T11:44:11.1012550Z 11 | app: fixmycar-frontend 2024-04-25T11:44:11.1012719Z 12 | template: 2024-04-25T11:44:11.1012859Z 13 | metadata: 2024-04-25T11:44:11.1012996Z 14 | labels: 2024-04-25T11:44:11.1013237Z 15 | app: fixmycar-frontend 2024-04-25T11:44:11.1013373Z 16 | spec: 2024-04-25T11:44:11.1013533Z 17 | containers: 2024-04-25T11:44:11.1013769Z 18 | - name: fixmycar-frontend 2024-04-25T11:44:11.1014362Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-cloud-sql:latest 2024-04-25T11:44:11.1014557Z 20 | imagePullPolicy: Always 2024-04-25T11:44:11.1014709Z 21 | env: 2024-04-25T11:44:11.1014970Z 22 | - name: BACKEND_URL 2024-04-25T11:44:11.1015503Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080" 2024-04-25T11:44:11.1015664Z 24 | ports: 2024-04-25T11:44:11.1016183Z 25 | - containerPort: 8501 2024-04-25T11:44:11.1016352Z 26 | livenessProbe: 2024-04-25T11:44:11.1016496Z 27 | httpGet: 2024-04-25T11:44:11.1016709Z 28 | path: /_stcore/health 2024-04-25T11:44:11.1016876Z 29 | port: 8501 2024-04-25T11:44:11.1017057Z 30 | scheme: HTTP 2024-04-25T11:44:11.1017239Z 31 | timeoutSeconds: 1 2024-04-25T11:44:11.1017420Z 32 | readinessProbe: 2024-04-25T11:44:11.1017583Z 33 | httpGet: 2024-04-25T11:44:11.1017791Z 34 | path: /_stcore/health 2024-04-25T11:44:11.1017956Z 35 | port: 8501 2024-04-25T11:44:11.1018129Z 36 | scheme: HTTP 2024-04-25T11:44:11.1018326Z 37 | timeoutSeconds: 1 2024-04-25T11:44:11.1018493Z 38 | resources: 2024-04-25T11:44:11.1018934Z 39 | limits: 2024-04-25T11:44:11.1019142Z 40 | cpu: 1 2024-04-25T11:44:11.1019310Z 41 | memory: 2Gi 2024-04-25T11:44:11.1019476Z 42 | requests: 2024-04-25T11:44:11.1019634Z 43 | cpu: 100m 2024-04-25T11:44:11.1019816Z 44 | memory: 745Mi 2024-04-25T11:44:11.1019826Z 2024-04-25T11:44:11.1020416Z Check: CKV2_K8S_6: "Minimize the admission of pods which lack an associated NetworkPolicy" 2024-04-25T11:44:11.1021060Z FAILED for resource: Pod.default.fixmycar-backend.app-fixmycar-backend 2024-04-25T11:44:11.1021849Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/backend-deployment.yaml:1-34 2024-04-25T11:44:11.1021861Z 2024-04-25T11:44:11.1022055Z 1 | apiVersion: apps/v1 2024-04-25T11:44:11.1022216Z 2 | kind: Deployment 2024-04-25T11:44:11.1022360Z 3 | metadata: 2024-04-25T11:44:11.1022648Z 4 | name: fixmycar-backend 2024-04-25T11:44:11.1022797Z 5 | labels: 2024-04-25T11:44:11.1023033Z 6 | app: fixmycar-backend 2024-04-25T11:44:11.1023199Z 7 | spec: 2024-04-25T11:44:11.1023357Z 8 | replicas: 1 2024-04-25T11:44:11.1023509Z 9 | selector: 2024-04-25T11:44:11.1023684Z 10 | matchLabels: 2024-04-25T11:44:11.1023942Z 11 | app: fixmycar-backend 2024-04-25T11:44:11.1024113Z 12 | template: 2024-04-25T11:44:11.1024263Z 13 | metadata: 2024-04-25T11:44:11.1024420Z 14 | labels: 2024-04-25T11:44:11.1024968Z 15 | app: fixmycar-backend 2024-04-25T11:44:11.1025111Z 16 | spec: 2024-04-25T11:44:11.1025265Z 17 | containers: 2024-04-25T11:44:11.1025531Z 18 | - name: fixmycar-backend 2024-04-25T11:44:11.1026251Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/backend-vertex-ai-search:latest 2024-04-25T11:44:11.1026455Z 20 | imagePullPolicy: Always 2024-04-25T11:44:11.1026624Z 21 | ports: 2024-04-25T11:44:11.1026889Z 22 | - containerPort: 3100 2024-04-25T11:44:11.1027055Z 23 | resources: 2024-04-25T11:44:11.1027231Z 24 | limits: 2024-04-25T11:44:11.1027386Z 25 | cpu: "1" 2024-04-25T11:44:11.1027548Z 26 | memory: "2Gi" 2024-04-25T11:44:11.1027706Z 27 | env: 2024-04-25T11:44:11.1027941Z 28 | - name: LOG_LEVEL 2024-04-25T11:44:11.1028111Z 29 | value: "debug" 2024-04-25T11:44:11.1028397Z 30 | - name: GCP_PROJECT_ID 2024-04-25T11:44:11.1028657Z 31 | value: "PROJECT-ID" 2024-04-25T11:44:11.1028966Z 32 | - name: VERTEX_AI_DATASTORE_ID 2024-04-25T11:44:11.1029283Z 33 | value: "YOUR-DATASTORE-ID" 2024-04-25T11:44:11.1029503Z 34 | serviceAccountName: fixmycar 2024-04-25T11:44:11.1029512Z 2024-04-25T11:44:11.1030067Z Check: CKV2_K8S_6: "Minimize the admission of pods which lack an associated NetworkPolicy" 2024-04-25T11:44:11.1030605Z FAILED for resource: Pod.default.fixmycar-frontend.app-fixmycar-frontend 2024-04-25T11:44:11.1031366Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/frontend-deployment.yaml:1-44 2024-04-25T11:44:11.1031376Z 2024-04-25T11:44:11.1031564Z 1 | apiVersion: apps/v1 2024-04-25T11:44:11.1031730Z 2 | kind: Deployment 2024-04-25T11:44:11.1031885Z 3 | metadata: 2024-04-25T11:44:11.1032154Z 4 | name: fixmycar-frontend 2024-04-25T11:44:11.1032308Z 5 | labels: 2024-04-25T11:44:11.1032551Z 6 | app: fixmycar-frontend 2024-04-25T11:44:11.1032701Z 7 | spec: 2024-04-25T11:44:11.1032852Z 8 | replicas: 1 2024-04-25T11:44:11.1032995Z 9 | selector: 2024-04-25T11:44:11.1033161Z 10 | matchLabels: 2024-04-25T11:44:11.1033398Z 11 | app: fixmycar-frontend 2024-04-25T11:44:11.1033547Z 12 | template: 2024-04-25T11:44:11.1033686Z 13 | metadata: 2024-04-25T11:44:11.1033823Z 14 | labels: 2024-04-25T11:44:11.1034077Z 15 | app: fixmycar-frontend 2024-04-25T11:44:11.1034220Z 16 | spec: 2024-04-25T11:44:11.1034571Z 17 | containers: 2024-04-25T11:44:11.1034883Z 18 | - name: fixmycar-frontend 2024-04-25T11:44:11.1035650Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-vertex-ai-search:latest 2024-04-25T11:44:11.1035856Z 20 | imagePullPolicy: Always 2024-04-25T11:44:11.1036020Z 21 | env: 2024-04-25T11:44:11.1036258Z 22 | - name: BACKEND_URL 2024-04-25T11:44:11.1036831Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080" 2024-04-25T11:44:11.1037004Z 24 | ports: 2024-04-25T11:44:11.1037254Z 25 | - containerPort: 8501 2024-04-25T11:44:11.1037431Z 26 | livenessProbe: 2024-04-25T11:44:11.1037608Z 27 | httpGet: 2024-04-25T11:44:11.1037803Z 28 | path: /_stcore/health 2024-04-25T11:44:11.1037967Z 29 | port: 8501 2024-04-25T11:44:11.1038149Z 30 | scheme: HTTP 2024-04-25T11:44:11.1038336Z 31 | timeoutSeconds: 1 2024-04-25T11:44:11.1038528Z 32 | readinessProbe: 2024-04-25T11:44:11.1038683Z 33 | httpGet: 2024-04-25T11:44:11.1038879Z 34 | path: /_stcore/health 2024-04-25T11:44:11.1039058Z 35 | port: 8501 2024-04-25T11:44:11.1039226Z 36 | scheme: HTTP 2024-04-25T11:44:11.1039397Z 37 | timeoutSeconds: 1 2024-04-25T11:44:11.1039563Z 38 | resources: 2024-04-25T11:44:11.1039920Z 39 | limits: 2024-04-25T11:44:11.1040069Z 40 | cpu: 1 2024-04-25T11:44:11.1040249Z 41 | memory: 2Gi 2024-04-25T11:44:11.1040407Z 42 | requests: 2024-04-25T11:44:11.1040576Z 43 | cpu: 100m 2024-04-25T11:44:11.1040762Z 44 | memory: 745Mi 2024-04-25T11:44:11.1040772Z 2024-04-25T11:44:11.1040941Z dockerfile scan results: 2024-04-25T11:44:11.1040948Z 2024-04-25T11:44:11.1041280Z Passed checks: 528, Failed checks: 20, Skipped checks: 0 2024-04-25T11:44:11.1041312Z 2024-04-25T11:44:11.1041923Z Check: CKV_DOCKER_2: "Ensure that HEALTHCHECK instructions have been added to container images" 2024-04-25T11:44:11.1042465Z FAILED for resource: /language/sample-apps/chat-streamlit/Dockerfile. 2024-04-25T11:44:11.1042888Z File: /language/sample-apps/chat-streamlit/Dockerfile:1-10 2024-04-25T11:44:11.1044635Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images 2024-04-25T11:44:11.1044657Z 2024-04-25T11:44:11.1044817Z 1 | FROM python:3.8 2024-04-25T11:44:11.1044971Z 2 | 2024-04-25T11:44:11.1045128Z 3 | EXPOSE 8080 2024-04-25T11:44:11.1045289Z 4 | WORKDIR /app 2024-04-25T11:44:11.1045446Z 5 | 2024-04-25T11:44:11.1045590Z 6 | COPY . ./ 2024-04-25T11:44:11.1045726Z 7 | 2024-04-25T11:44:11.1046131Z 8 | RUN pip install --no-cache-dir -r requirements.txt 2024-04-25T11:44:11.1046273Z 9 | 2024-04-25T11:44:11.1046927Z 10 | ENTRYPOINT ["streamlit", "run", "app.py", "--server.port=8080", "--server.address=0.0.0.0"] 2024-04-25T11:44:11.1046940Z 2024-04-25T11:44:11.1047352Z Check: CKV_DOCKER_3: "Ensure that a user for the container has been created" 2024-04-25T11:44:11.1047840Z FAILED for resource: /language/sample-apps/chat-streamlit/Dockerfile. 2024-04-25T11:44:11.1048217Z File: /language/sample-apps/chat-streamlit/Dockerfile:1-10 2024-04-25T11:44:11.1049251Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created 2024-04-25T11:44:11.1049258Z 2024-04-25T11:44:11.1049359Z 1 | FROM python:3.8 2024-04-25T11:44:11.1049450Z 2 | 2024-04-25T11:44:11.1049537Z 3 | EXPOSE 8080 2024-04-25T11:44:11.1049628Z 4 | WORKDIR /app 2024-04-25T11:44:11.1049722Z 5 | 2024-04-25T11:44:11.1049816Z 6 | COPY . ./ 2024-04-25T11:44:11.1049900Z 7 | 2024-04-25T11:44:11.1050390Z 8 | RUN pip install --no-cache-dir -r requirements.txt 2024-04-25T11:44:11.1050480Z 9 | 2024-04-25T11:44:11.1050888Z 10 | ENTRYPOINT ["streamlit", "run", "app.py", "--server.port=8080", "--server.address=0.0.0.0"] 2024-04-25T11:44:11.1050894Z 2024-04-25T11:44:11.1051229Z Check: CKV_DOCKER_2: "Ensure that HEALTHCHECK instructions have been added to container images" 2024-04-25T11:44:11.1051614Z FAILED for resource: /gemini/sample-apps/fixmycar/vertex-ai-search/frontend/Dockerfile. 2024-04-25T11:44:11.1051954Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/frontend/Dockerfile:1-27 2024-04-25T11:44:11.1052903Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images 2024-04-25T11:44:11.1052908Z 2024-04-25T11:44:11.1053050Z 1 | FROM python:3.8-slim 2024-04-25T11:44:11.1053131Z 2 | 2024-04-25T11:44:11.1053323Z 3 | RUN groupadd --gid 1000 appuser \ 2024-04-25T11:44:11.1053571Z 4 | && useradd --uid 1000 --gid 1000 -ms /bin/bash appuser 2024-04-25T11:44:11.1053654Z 5 | 2024-04-25T11:44:11.1053848Z 6 | RUN pip3 install --no-cache-dir --upgrade \ 2024-04-25T11:44:11.1053949Z 7 | pip \ 2024-04-25T11:44:11.1054040Z 8 | virtualenv 2024-04-25T11:44:11.1054122Z 9 | 2024-04-25T11:44:11.1054322Z 10 | RUN apt-get update && apt-get install -y \ 2024-04-25T11:44:11.1054459Z 11 | build-essential \ 2024-04-25T11:44:11.1054757Z 12 | software-properties-common \ 2024-04-25T11:44:11.1054860Z 13 | git 2024-04-25T11:44:11.1054943Z 14 | 2024-04-25T11:44:11.1055036Z 15 | USER appuser 2024-04-25T11:44:11.1055153Z 16 | WORKDIR /home/appuser 2024-04-25T11:44:11.1055235Z 17 | 2024-04-25T11:44:11.1055322Z 18 | COPY . . 2024-04-25T11:44:11.1055419Z 19 | 2024-04-25T11:44:11.1055541Z 20 | ENV VIRTUAL_ENV=/home/appuser/venv 2024-04-25T11:44:11.1055667Z 21 | RUN virtualenv ${VIRTUAL_ENV} 2024-04-25T11:44:11.1056278Z 22 | RUN . ${VIRTUAL_ENV}/bin/activate && pip install -r ./requirements.txt 2024-04-25T11:44:11.1056364Z 23 | 2024-04-25T11:44:11.1056453Z 24 | EXPOSE 8501 2024-04-25T11:44:11.1056548Z 25 | 2024-04-25T11:44:11.1056655Z 26 | COPY run.sh /home/appuser 2024-04-25T11:44:11.1056759Z 27 | ENTRYPOINT ["./run.sh"] 2024-04-25T11:44:11.1057122Z Check: CKV_DOCKER_2: "Ensure that HEALTHCHECK instructions have been added to container images" 2024-04-25T11:44:11.1057475Z FAILED for resource: /language/tuning/distilling_step_by_step/prediction_container/Dockerfile. 2024-04-25T11:44:11.1057862Z File: /language/tuning/distilling_step_by_step/prediction_container/Dockerfile:1-34 2024-04-25T11:44:11.1058818Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images 2024-04-25T11:44:11.1058824Z 2024-04-25T11:44:11.1058936Z 1 | # Copyright 2024 Google LLC 2024-04-25T11:44:11.1059029Z 2 | # 2024-04-25T11:44:11.1059274Z 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 2024-04-25T11:44:11.1059506Z 4 | # you may not use this file except in compliance with the License. 2024-04-25T11:44:11.1059672Z 5 | # You may obtain a copy of the License at 2024-04-25T11:44:11.1059760Z 6 | # 2024-04-25T11:44:11.1059991Z 7 | # http://www.apache.org/licenses/LICENSE-2.0 2024-04-25T11:44:11.1060074Z 8 | # 2024-04-25T11:44:11.1060326Z 9 | # Unless required by applicable law or agreed to in writing, software 2024-04-25T11:44:11.1060598Z 10 | # distributed under the License is distributed on an "AS IS" BASIS, 2024-04-25T11:44:11.1060873Z 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 2024-04-25T11:44:11.1061126Z 12 | # See the License for the specific language governing permissions and 2024-04-25T11:44:11.1061261Z 13 | # limitations under the License. 2024-04-25T11:44:11.1061351Z 14 | 2024-04-25T11:44:11.1061575Z 15 | FROM tiangolo/uvicorn-gunicorn-fastapi:python3.9 2024-04-25T11:44:11.1061866Z 16 | 2024-04-25T11:44:11.1062038Z 17 | LABEL com.nvidia.volumes.needed=nvidia_driver 2024-04-25T11:44:11.1062122Z 18 | 2024-04-25T11:44:11.1062458Z 19 | # ENV PATH=/opt/conda/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 2024-04-25T11:44:11.1062578Z 20 | ENV NVIDIA_VISIBLE_DEVICES=all 2024-04-25T11:44:11.1062753Z 21 | ENV NVIDIA_DRIVER_CAPABILITIES=compute,utility 2024-04-25T11:44:11.1062988Z 22 | ENV LD_LIBRARY_PATH=/usr/local/nvidia/lib:/usr/local/nvidia/lib64 2024-04-25T11:44:11.1063071Z 23 | 2024-04-25T11:44:11.1063192Z 24 | # hadolint ignore=DL3013 2024-04-25T11:44:11.1063445Z 25 | RUN python3 -m pip install --upgrade --no-cache-dir pip 2024-04-25T11:44:11.1063583Z 26 | 2024-04-25T11:44:11.1063708Z 27 | COPY ./app /app 2024-04-25T11:44:11.1064055Z 28 | RUN pip3 --timeout=300 --no-cache-dir install -r /app/requirements-torch.txt \ 2024-04-25T11:44:11.1064346Z 29 | && pip3 --timeout=300 --no-cache-dir install -r /app/requirements.txt 2024-04-25T11:44:11.1064439Z 30 | 2024-04-25T11:44:11.1064533Z 31 | EXPOSE 7080 2024-04-25T11:44:11.1064617Z 32 | 2024-04-25T11:44:11.1064734Z 33 | # Start the app 2024-04-25T11:44:11.1065216Z 34 | CMD ["gunicorn", "-b", "0.0.0.0:7080", "main:app","--workers","1","--timeout","180","-k","uvicorn.workers.UvicornWorker"] 2024-04-25T11:44:11.1065221Z 2024-04-25T11:44:11.1065480Z Check: CKV_DOCKER_3: "Ensure that a user for the container has been created" 2024-04-25T11:44:11.1065994Z FAILED for resource: /language/tuning/distilling_step_by_step/prediction_container/Dockerfile. 2024-04-25T11:44:11.1066351Z File: /language/tuning/distilling_step_by_step/prediction_container/Dockerfile:1-34 2024-04-25T11:44:11.1067284Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created 2024-04-25T11:44:11.1067290Z 2024-04-25T11:44:11.1067403Z 1 | # Copyright 2024 Google LLC 2024-04-25T11:44:11.1067487Z 2 | # 2024-04-25T11:44:11.1067736Z 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 2024-04-25T11:44:11.1067974Z 4 | # you may not use this file except in compliance with the License. 2024-04-25T11:44:11.1068121Z 5 | # You may obtain a copy of the License at 2024-04-25T11:44:11.1068213Z 6 | # 2024-04-25T11:44:11.1068426Z 7 | # http://www.apache.org/licenses/LICENSE-2.0 2024-04-25T11:44:11.1068529Z 8 | # 2024-04-25T11:44:11.1068778Z 9 | # Unless required by applicable law or agreed to in writing, software 2024-04-25T11:44:11.1069018Z 10 | # distributed under the License is distributed on an "AS IS" BASIS, 2024-04-25T11:44:11.1069300Z 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 2024-04-25T11:44:11.1069547Z 12 | # See the License for the specific language governing permissions and 2024-04-25T11:44:11.1069669Z 13 | # limitations under the License. 2024-04-25T11:44:11.1069763Z 14 | 2024-04-25T11:44:11.1069985Z 15 | FROM tiangolo/uvicorn-gunicorn-fastapi:python3.9 2024-04-25T11:44:11.1070067Z 16 | 2024-04-25T11:44:11.1070245Z 17 | LABEL com.nvidia.volumes.needed=nvidia_driver 2024-04-25T11:44:11.1070324Z 18 | 2024-04-25T11:44:11.1070639Z 19 | # ENV PATH=/opt/conda/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 2024-04-25T11:44:11.1070785Z 20 | ENV NVIDIA_VISIBLE_DEVICES=all 2024-04-25T11:44:11.1070946Z 21 | ENV NVIDIA_DRIVER_CAPABILITIES=compute,utility 2024-04-25T11:44:11.1071173Z 22 | ENV LD_LIBRARY_PATH=/usr/local/nvidia/lib:/usr/local/nvidia/lib64 2024-04-25T11:44:11.1071273Z 23 | 2024-04-25T11:44:11.1071385Z 24 | # hadolint ignore=DL3013 2024-04-25T11:44:11.1071645Z 25 | RUN python3 -m pip install --upgrade --no-cache-dir pip 2024-04-25T11:44:11.1071728Z 26 | 2024-04-25T11:44:11.1071823Z 27 | COPY ./app /app 2024-04-25T11:44:11.1072184Z 28 | RUN pip3 --timeout=300 --no-cache-dir install -r /app/requirements-torch.txt \ 2024-04-25T11:44:11.1072651Z 29 | && pip3 --timeout=300 --no-cache-dir install -r /app/requirements.txt 2024-04-25T11:44:11.1072742Z 30 | 2024-04-25T11:44:11.1072849Z 31 | EXPOSE 7080 2024-04-25T11:44:11.1072932Z 32 | 2024-04-25T11:44:11.1073026Z 33 | # Start the app 2024-04-25T11:44:11.1073524Z 34 | CMD ["gunicorn", "-b", "0.0.0.0:7080", "main:app","--workers","1","--timeout","180","-k","uvicorn.workers.UvicornWorker"] 2024-04-25T11:44:11.1073529Z 2024-04-25T11:44:11.1073874Z Check: CKV_DOCKER_2: "Ensure that HEALTHCHECK instructions have been added to container images" 2024-04-25T11:44:11.1074071Z FAILED for resource: /search/web-app/Dockerfile. 2024-04-25T11:44:11.1074244Z File: /search/web-app/Dockerfile:1-22 2024-04-25T11:44:11.1075191Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images 2024-04-25T11:44:11.1075197Z 2024-04-25T11:44:11.1075370Z 1 | # Use the official lightweight Python image. 2024-04-25T11:44:11.1075508Z 2 | # https://hub.docker.com/_/python 2024-04-25T11:44:11.1075641Z 3 | FROM python:3.11-slim 2024-04-25T11:44:11.1075733Z 4 | 2024-04-25T11:44:11.1076012Z 5 | # Allow statements and log messages to immediately appear in the Knative logs 2024-04-25T11:44:11.1076125Z 6 | ENV PYTHONUNBUFFERED True 2024-04-25T11:44:11.1076219Z 7 | 2024-04-25T11:44:11.1076366Z 8 | # Copy local code to the container image. 2024-04-25T11:44:11.1076592Z 9 | ENV APP_HOME /app 2024-04-25T11:44:11.1076701Z 10 | WORKDIR $APP_HOME 2024-04-25T11:44:11.1076792Z 11 | COPY . ./ 2024-04-25T11:44:11.1076874Z 12 | 2024-04-25T11:44:11.1077021Z 13 | # Install production dependencies. 2024-04-25T11:44:11.1077249Z 14 | RUN pip install --no-cache-dir -r requirements.txt 2024-04-25T11:44:11.1077369Z 15 | 2024-04-25T11:44:11.1077618Z 16 | # Run the web service on container startup. Here we use the gunicorn 2024-04-25T11:44:11.1077795Z 17 | # webserver, with one worker process and 8 threads. 2024-04-25T11:44:11.1078081Z 18 | # For environments with multiple CPU cores, increase the number of workers 2024-04-25T11:44:11.1078214Z 19 | # to be equal to the cores available. 2024-04-25T11:44:11.1078609Z 20 | # Timeout is set to 0 to disable the timeouts of the workers to allow Cloud Run to handle instance scaling. 2024-04-25T11:44:11.1078728Z 21 | # hadolint ignore=DL3025 2024-04-25T11:44:11.1079060Z 22 | CMD exec gunicorn --bind :$PORT --workers 1 --threads 8 --timeout 0 main:app 2024-04-25T11:44:11.1079069Z 2024-04-25T11:44:11.1079328Z Check: CKV_DOCKER_3: "Ensure that a user for the container has been created" 2024-04-25T11:44:11.1079546Z FAILED for resource: /search/web-app/Dockerfile. 2024-04-25T11:44:11.1079704Z File: /search/web-app/Dockerfile:1-22 2024-04-25T11:44:11.1080547Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created 2024-04-25T11:44:11.1080553Z 2024-04-25T11:44:11.1080717Z 1 | # Use the official lightweight Python image. 2024-04-25T11:44:11.1080893Z 2 | # https://hub.docker.com/_/python 2024-04-25T11:44:11.1081041Z 3 | FROM python:3.11-slim 2024-04-25T11:44:11.1081122Z 4 | 2024-04-25T11:44:11.1081413Z 5 | # Allow statements and log messages to immediately appear in the Knative logs 2024-04-25T11:44:11.1081543Z 6 | ENV PYTHONUNBUFFERED True 2024-04-25T11:44:11.1081627Z 7 | 2024-04-25T11:44:11.1081772Z 8 | # Copy local code to the container image. 2024-04-25T11:44:11.1081887Z 9 | ENV APP_HOME /app 2024-04-25T11:44:11.1081984Z 10 | WORKDIR $APP_HOME 2024-04-25T11:44:11.1082075Z 11 | COPY . ./ 2024-04-25T11:44:11.1082167Z 12 | 2024-04-25T11:44:11.1082293Z 13 | # Install production dependencies. 2024-04-25T11:44:11.1082527Z 14 | RUN pip install --no-cache-dir -r requirements.txt 2024-04-25T11:44:11.1082611Z 15 | 2024-04-25T11:44:11.1082856Z 16 | # Run the web service on container startup. Here we use the gunicorn 2024-04-25T11:44:11.1083175Z 17 | # webserver, with one worker process and 8 threads. 2024-04-25T11:44:11.1083450Z 18 | # For environments with multiple CPU cores, increase the number of workers 2024-04-25T11:44:11.1083583Z 19 | # to be equal to the cores available. 2024-04-25T11:44:11.1083998Z 20 | # Timeout is set to 0 to disable the timeouts of the workers to allow Cloud Run to handle instance scaling. 2024-04-25T11:44:11.1084109Z 21 | # hadolint ignore=DL3025 2024-04-25T11:44:11.1084440Z 22 | CMD exec gunicorn --bind :$PORT --workers 1 --threads 8 --timeout 0 main:app 2024-04-25T11:44:11.1084446Z 2024-04-25T11:44:11.1084803Z Check: CKV_DOCKER_2: "Ensure that HEALTHCHECK instructions have been added to container images" 2024-04-25T11:44:11.1085137Z FAILED for resource: /gemini/sample-apps/gemini-streamlit-cloudrun/Dockerfile. 2024-04-25T11:44:11.1085435Z File: /gemini/sample-apps/gemini-streamlit-cloudrun/Dockerfile:1-10 2024-04-25T11:44:11.1086378Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images 2024-04-25T11:44:11.1086384Z 2024-04-25T11:44:11.1086480Z 1 | FROM python:3.8 2024-04-25T11:44:11.1086580Z 2 | 2024-04-25T11:44:11.1086673Z 3 | EXPOSE 8080 2024-04-25T11:44:11.1086764Z 4 | WORKDIR /app 2024-04-25T11:44:11.1086858Z 5 | 2024-04-25T11:44:11.1086945Z 6 | COPY . ./ 2024-04-25T11:44:11.1087148Z 7 | 2024-04-25T11:44:11.1087334Z 8 | RUN pip install -r requirements.txt 2024-04-25T11:44:11.1087416Z 9 | 2024-04-25T11:44:11.1087805Z 10 | ENTRYPOINT ["streamlit", "run", "app.py", "--server.port=8080", "--server.address=0.0.0.0"] 2024-04-25T11:44:11.1088078Z Check: CKV_DOCKER_3: "Ensure that a user for the container has been created" 2024-04-25T11:44:11.1088415Z FAILED for resource: /gemini/sample-apps/gemini-streamlit-cloudrun/Dockerfile. 2024-04-25T11:44:11.1088717Z File: /gemini/sample-apps/gemini-streamlit-cloudrun/Dockerfile:1-10 2024-04-25T11:44:11.1089533Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created 2024-04-25T11:44:11.1089538Z 2024-04-25T11:44:11.1089637Z 1 | FROM python:3.8 2024-04-25T11:44:11.1089732Z 2 | 2024-04-25T11:44:11.1089833Z 3 | EXPOSE 8080 2024-04-25T11:44:11.1089923Z 4 | WORKDIR /app 2024-04-25T11:44:11.1090026Z 5 | 2024-04-25T11:44:11.1090118Z 6 | COPY . ./ 2024-04-25T11:44:11.1090197Z 7 | 2024-04-25T11:44:11.1090372Z 8 | RUN pip install -r requirements.txt 2024-04-25T11:44:11.1090454Z 9 | 2024-04-25T11:44:11.1090834Z 10 | ENTRYPOINT ["streamlit", "run", "app.py", "--server.port=8080", "--server.address=0.0.0.0"] 2024-04-25T11:44:11.1091179Z Check: CKV_DOCKER_2: "Ensure that HEALTHCHECK instructions have been added to container images" 2024-04-25T11:44:11.1091512Z FAILED for resource: /gemini/sample-apps/fixmycar/cloud-sql/backend/Dockerfile. 2024-04-25T11:44:11.1091808Z File: /gemini/sample-apps/fixmycar/cloud-sql/backend/Dockerfile:1-32 2024-04-25T11:44:11.1092737Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images 2024-04-25T11:44:11.1092742Z 2024-04-25T11:44:11.1093015Z 1 | # Base image with Java 17 (using a lightweight Alpine variant for efficiency) 2024-04-25T11:44:11.1093240Z 2 | FROM eclipse-temurin:17-jdk-alpine as builder 2024-04-25T11:44:11.1093321Z 3 | 2024-04-25T11:44:11.1093433Z 4 | # Set working directory 2024-04-25T11:44:11.1093559Z 5 | WORKDIR /workspace/app 2024-04-25T11:44:11.1093639Z 6 | 2024-04-25T11:44:11.1093893Z 7 | # Copy Maven dependencies (for efficient caching and layer separation) 2024-04-25T11:44:11.1094002Z 8 | COPY mvnw . 2024-04-25T11:44:11.1094101Z 9 | COPY .mvn .mvn 2024-04-25T11:44:11.1094219Z 10 | COPY pom.xml . 2024-04-25T11:44:11.1094389Z 11 | RUN ./mvnw dependency:go-offline -B 2024-04-25T11:44:11.1094631Z 12 | 2024-04-25T11:44:11.1094761Z 13 | # Copy project source code 2024-04-25T11:44:11.1094854Z 14 | COPY src src 2024-04-25T11:44:11.1094937Z 15 | 2024-04-25T11:44:11.1095083Z 16 | # Build the application with Maven 2024-04-25T11:44:11.1095240Z 17 | RUN ./mvnw package -DskipTests 2024-04-25T11:44:11.1095323Z 18 | 2024-04-25T11:44:11.1095475Z 19 | # Create a lightweight runtime image 2024-04-25T11:44:11.1095638Z 20 | FROM eclipse-temurin:17-jdk-alpine 2024-04-25T11:44:11.1095718Z 21 | 2024-04-25T11:44:11.1096073Z 22 | # Set working directory 2024-04-25T11:44:11.1096225Z 23 | WORKDIR /app 2024-04-25T11:44:11.1096308Z 24 | 2024-04-25T11:44:11.1096493Z 25 | # Copy the built JAR file from the builder stage 2024-04-25T11:44:11.1096765Z 26 | COPY --from=builder /workspace/app/target/*.jar /app/app.jar 2024-04-25T11:44:11.1096846Z 27 | 2024-04-25T11:44:11.1097134Z 28 | # Expose the application port (replace with your actual port if different) 2024-04-25T11:44:11.1097236Z 29 | EXPOSE 8080 2024-04-25T11:44:11.1097317Z 30 | 2024-04-25T11:44:11.1097572Z 31 | # Run the application using Spring Boot's executable JAR 2024-04-25T11:44:11.1097768Z 32 | ENTRYPOINT ["java", "-jar", "/app/app.jar"] 2024-04-25T11:44:11.1098048Z Check: CKV_DOCKER_3: "Ensure that a user for the container has been created" 2024-04-25T11:44:11.1098390Z FAILED for resource: /gemini/sample-apps/fixmycar/cloud-sql/backend/Dockerfile. 2024-04-25T11:44:11.1098842Z File: /gemini/sample-apps/fixmycar/cloud-sql/backend/Dockerfile:1-32 2024-04-25T11:44:11.1099666Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created 2024-04-25T11:44:11.1099672Z 2024-04-25T11:44:11.1099949Z 1 | # Base image with Java 17 (using a lightweight Alpine variant for efficiency) 2024-04-25T11:44:11.1100151Z 2 | FROM eclipse-temurin:17-jdk-alpine as builder 2024-04-25T11:44:11.1100249Z 3 | 2024-04-25T11:44:11.1100361Z 4 | # Set working directory 2024-04-25T11:44:11.1100474Z 5 | WORKDIR /workspace/app 2024-04-25T11:44:11.1100575Z 6 | 2024-04-25T11:44:11.1100830Z 7 | # Copy Maven dependencies (for efficient caching and layer separation) 2024-04-25T11:44:11.1100943Z 8 | COPY mvnw . 2024-04-25T11:44:11.1101038Z 9 | COPY .mvn .mvn 2024-04-25T11:44:11.1101131Z 10 | COPY pom.xml . 2024-04-25T11:44:11.1101311Z 11 | RUN ./mvnw dependency:go-offline -B 2024-04-25T11:44:11.1101392Z 12 | 2024-04-25T11:44:11.1101502Z 13 | # Copy project source code 2024-04-25T11:44:11.1101608Z 14 | COPY src src 2024-04-25T11:44:11.1101689Z 15 | 2024-04-25T11:44:11.1101813Z 16 | # Build the application with Maven 2024-04-25T11:44:11.1101977Z 17 | RUN ./mvnw package -DskipTests 2024-04-25T11:44:11.1102064Z 18 | 2024-04-25T11:44:11.1102199Z 19 | # Create a lightweight runtime image 2024-04-25T11:44:11.1102366Z 20 | FROM eclipse-temurin:17-jdk-alpine 2024-04-25T11:44:11.1102450Z 21 | 2024-04-25T11:44:11.1102555Z 22 | # Set working directory 2024-04-25T11:44:11.1102669Z 23 | WORKDIR /app 2024-04-25T11:44:11.1102760Z 24 | 2024-04-25T11:44:11.1102929Z 25 | # Copy the built JAR file from the builder stage 2024-04-25T11:44:11.1103205Z 26 | COPY --from=builder /workspace/app/target/*.jar /app/app.jar 2024-04-25T11:44:11.1103288Z 27 | 2024-04-25T11:44:11.1103557Z 28 | # Expose the application port (replace with your actual port if different) 2024-04-25T11:44:11.1103674Z 29 | EXPOSE 8080 2024-04-25T11:44:11.1103759Z 30 | 2024-04-25T11:44:11.1104002Z 31 | # Run the application using Spring Boot's executable JAR 2024-04-25T11:44:11.1104200Z 32 | ENTRYPOINT ["java", "-jar", "/app/app.jar"] 2024-04-25T11:44:11.1104536Z Check: CKV_DOCKER_2: "Ensure that HEALTHCHECK instructions have been added to container images" 2024-04-25T11:44:11.1104804Z FAILED for resource: /gemini/sample-apps/genwealth/Dockerfile. 2024-04-25T11:44:11.1105161Z File: /gemini/sample-apps/genwealth/Dockerfile:1-39 2024-04-25T11:44:11.1106111Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images 2024-04-25T11:44:11.1106118Z 2024-04-25T11:44:11.1106218Z 1 | ## 2024-04-25T11:44:11.1106329Z 2 | ## Stage 1: Build the API 2024-04-25T11:44:11.1106420Z 3 | ## 2024-04-25T11:44:11.1106597Z 4 | FROM node:lts-alpine AS api-build 2024-04-25T11:44:11.1106681Z 5 | 2024-04-25T11:44:11.1106772Z 6 | WORKDIR /src 2024-04-25T11:44:11.1106881Z 7 | COPY ./api . 2024-04-25T11:44:11.1106960Z 8 | 2024-04-25T11:44:11.1107053Z 9 | RUN npm install 2024-04-25T11:44:11.1107208Z 10 | RUN npx tsc --outDir /dist 2024-04-25T11:44:11.1107296Z 11 | 2024-04-25T11:44:11.1107379Z 12 | ## 2024-04-25T11:44:11.1107503Z 13 | ## Stage 2: Build the UI 2024-04-25T11:44:11.1107584Z 14 | ## 2024-04-25T11:44:11.1107749Z 15 | FROM node:lts-alpine AS ui-build 2024-04-25T11:44:11.1107837Z 16 | 2024-04-25T11:44:11.1107928Z 17 | WORKDIR /app 2024-04-25T11:44:11.1108031Z 18 | COPY ./ui . 2024-04-25T11:44:11.1108117Z 19 | 2024-04-25T11:44:11.1108209Z 20 | RUN npm install 2024-04-25T11:44:11.1108391Z 21 | RUN npx ng build --output-path /dist 2024-04-25T11:44:11.1108477Z 22 | 2024-04-25T11:44:11.1108560Z 23 | ## 2024-04-25T11:44:11.1108673Z 24 | ## Stage 3: Build Runtime 2024-04-25T11:44:11.1108875Z 25 | ## 2024-04-25T11:44:11.1109026Z 26 | FROM node:lts-alpine AS runtime 2024-04-25T11:44:11.1109125Z 27 | 2024-04-25T11:44:11.1109220Z 28 | WORKDIR /app 2024-04-25T11:44:11.1109310Z 29 | 2024-04-25T11:44:11.1109536Z 30 | # Copy build artifacts from the api-build stage 2024-04-25T11:44:11.1109685Z 31 | COPY --from=api-build /dist . 2024-04-25T11:44:11.1109917Z 32 | COPY --from=api-build /src/node_modules ./node_modules 2024-04-25T11:44:11.1110017Z 33 | 2024-04-25T11:44:11.1110222Z 34 | # Copy build artifacts from the ui-build stage 2024-04-25T11:44:11.1110471Z 35 | COPY --from=ui-build /dist ./ui/dist/genwealth-advisor-ui 2024-04-25T11:44:11.1110574Z 36 | 2024-04-25T11:44:11.1110664Z 37 | EXPOSE 8080 2024-04-25T11:44:11.1110747Z 38 | 2024-04-25T11:44:11.1110868Z 39 | CMD ["node", "index.js"] 2024-04-25T11:44:11.1110873Z 2024-04-25T11:44:11.1111131Z Check: CKV_DOCKER_3: "Ensure that a user for the container has been created" 2024-04-25T11:44:11.1111411Z FAILED for resource: /gemini/sample-apps/genwealth/Dockerfile. 2024-04-25T11:44:11.1111619Z File: /gemini/sample-apps/genwealth/Dockerfile:1-39 2024-04-25T11:44:11.1112433Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created 2024-04-25T11:44:11.1112438Z 2024-04-25T11:44:11.1112542Z 1 | ## 2024-04-25T11:44:11.1112649Z 2 | ## Stage 1: Build the API 2024-04-25T11:44:11.1112731Z 3 | ## 2024-04-25T11:44:11.1112906Z 4 | FROM node:lts-alpine AS api-build 2024-04-25T11:44:11.1112995Z 5 | 2024-04-25T11:44:11.1113087Z 6 | WORKDIR /src 2024-04-25T11:44:11.1113205Z 7 | COPY ./api . 2024-04-25T11:44:11.1113295Z 8 | 2024-04-25T11:44:11.1113390Z 9 | RUN npm install 2024-04-25T11:44:11.1113552Z 10 | RUN npx tsc --outDir /dist 2024-04-25T11:44:11.1113634Z 11 | 2024-04-25T11:44:11.1113714Z 12 | ## 2024-04-25T11:44:11.1113843Z 13 | ## Stage 2: Build the UI 2024-04-25T11:44:11.1113935Z 14 | ## 2024-04-25T11:44:11.1114087Z 15 | FROM node:lts-alpine AS ui-build 2024-04-25T11:44:11.1114187Z 16 | 2024-04-25T11:44:11.1114275Z 17 | WORKDIR /app 2024-04-25T11:44:11.1114363Z 18 | COPY ./ui . 2024-04-25T11:44:11.1114457Z 19 | 2024-04-25T11:44:11.1114551Z 20 | RUN npm install 2024-04-25T11:44:11.1114734Z 21 | RUN npx ng build --output-path /dist 2024-04-25T11:44:11.1114826Z 22 | 2024-04-25T11:44:11.1114905Z 23 | ## 2024-04-25T11:44:11.1115017Z 24 | ## Stage 3: Build Runtime 2024-04-25T11:44:11.1115101Z 25 | ## 2024-04-25T11:44:11.1115375Z 26 | FROM node:lts-alpine AS runtime 2024-04-25T11:44:11.1115476Z 27 | 2024-04-25T11:44:11.1115572Z 28 | WORKDIR /app 2024-04-25T11:44:11.1115650Z 29 | 2024-04-25T11:44:11.1115875Z 30 | # Copy build artifacts from the api-build stage 2024-04-25T11:44:11.1116018Z 31 | COPY --from=api-build /dist . 2024-04-25T11:44:11.1116245Z 32 | COPY --from=api-build /src/node_modules ./node_modules 2024-04-25T11:44:11.1116333Z 33 | 2024-04-25T11:44:11.1116535Z 34 | # Copy build artifacts from the ui-build stage 2024-04-25T11:44:11.1116782Z 35 | COPY --from=ui-build /dist ./ui/dist/genwealth-advisor-ui 2024-04-25T11:44:11.1116877Z 36 | 2024-04-25T11:44:11.1116970Z 37 | EXPOSE 8080 2024-04-25T11:44:11.1117049Z 38 | 2024-04-25T11:44:11.1117166Z 39 | CMD ["node", "index.js"] 2024-04-25T11:44:11.1117171Z 2024-04-25T11:44:11.1117514Z Check: CKV_DOCKER_2: "Ensure that HEALTHCHECK instructions have been added to container images" 2024-04-25T11:44:11.1117891Z FAILED for resource: /gemini/sample-apps/fixmycar/vertex-ai-search/backend/Dockerfile. 2024-04-25T11:44:11.1118220Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/backend/Dockerfile:1-32 2024-04-25T11:44:11.1119158Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images 2024-04-25T11:44:11.1119163Z 2024-04-25T11:44:11.1119453Z 1 | # Base image with Java 17 (using a lightweight Alpine variant for efficiency) 2024-04-25T11:44:11.1119778Z 2 | FROM eclipse-temurin:17-jdk-alpine as builder 2024-04-25T11:44:11.1119862Z 3 | 2024-04-25T11:44:11.1119978Z 4 | # Set working directory 2024-04-25T11:44:11.1120084Z 5 | WORKDIR /workspace/app 2024-04-25T11:44:11.1120165Z 6 | 2024-04-25T11:44:11.1120434Z 7 | # Copy Maven dependencies (for efficient caching and layer separation) 2024-04-25T11:44:11.1120521Z 8 | COPY mvnw . 2024-04-25T11:44:11.1120615Z 9 | COPY .mvn .mvn 2024-04-25T11:44:11.1120722Z 10 | COPY pom.xml . 2024-04-25T11:44:11.1120895Z 11 | RUN ./mvnw dependency:go-offline -B 2024-04-25T11:44:11.1120988Z 12 | 2024-04-25T11:44:11.1121100Z 13 | # Copy project source code 2024-04-25T11:44:11.1121194Z 14 | COPY src src 2024-04-25T11:44:11.1121297Z 15 | 2024-04-25T11:44:11.1121428Z 16 | # Build the application with Maven 2024-04-25T11:44:11.1121578Z 17 | RUN ./mvnw package -DskipTests 2024-04-25T11:44:11.1121676Z 18 | 2024-04-25T11:44:11.1121807Z 19 | # Create a lightweight runtime image 2024-04-25T11:44:11.1121967Z 20 | FROM eclipse-temurin:17-jdk-alpine 2024-04-25T11:44:11.1122066Z 21 | 2024-04-25T11:44:11.1122175Z 22 | # Set working directory 2024-04-25T11:44:11.1122267Z 23 | WORKDIR /app 2024-04-25T11:44:11.1122367Z 24 | 2024-04-25T11:44:11.1122536Z 25 | # Copy the built JAR file from the builder stage 2024-04-25T11:44:11.1122793Z 26 | COPY --from=builder /workspace/app/target/*.jar /app/app.jar 2024-04-25T11:44:11.1122891Z 27 | 2024-04-25T11:44:11.1123164Z 28 | # Expose the application port (replace with your actual port if different) 2024-04-25T11:44:11.1123256Z 29 | EXPOSE 8080 2024-04-25T11:44:11.1123350Z 30 | 2024-04-25T11:44:11.1123592Z 31 | # Run the application using Spring Boot's executable JAR 2024-04-25T11:44:11.1123783Z 32 | ENTRYPOINT ["java", "-jar", "/app/app.jar"] 2024-04-25T11:44:11.1124054Z Check: CKV_DOCKER_3: "Ensure that a user for the container has been created" 2024-04-25T11:44:11.1124426Z FAILED for resource: /gemini/sample-apps/fixmycar/vertex-ai-search/backend/Dockerfile. 2024-04-25T11:44:11.1124767Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/backend/Dockerfile:1-32 2024-04-25T11:44:11.1125574Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created 2024-04-25T11:44:11.1125579Z 2024-04-25T11:44:11.1125846Z 1 | # Base image with Java 17 (using a lightweight Alpine variant for efficiency) 2024-04-25T11:44:11.1126184Z 2 | FROM eclipse-temurin:17-jdk-alpine as builder 2024-04-25T11:44:11.1126267Z 3 | 2024-04-25T11:44:11.1126370Z 4 | # Set working directory 2024-04-25T11:44:11.1126491Z 5 | WORKDIR /workspace/app 2024-04-25T11:44:11.1126575Z 6 | 2024-04-25T11:44:11.1127012Z 7 | # Copy Maven dependencies (for efficient caching and layer separation) 2024-04-25T11:44:11.1127191Z 8 | COPY mvnw . 2024-04-25T11:44:11.1127312Z 9 | COPY .mvn .mvn 2024-04-25T11:44:11.1127423Z 10 | COPY pom.xml . 2024-04-25T11:44:11.1127613Z 11 | RUN ./mvnw dependency:go-offline -B 2024-04-25T11:44:11.1127693Z 12 | 2024-04-25T11:44:11.1127814Z 13 | # Copy project source code 2024-04-25T11:44:11.1127908Z 14 | COPY src src 2024-04-25T11:44:11.1127987Z 15 | 2024-04-25T11:44:11.1128129Z 16 | # Build the application with Maven 2024-04-25T11:44:11.1128280Z 17 | RUN ./mvnw package -DskipTests 2024-04-25T11:44:11.1128362Z 18 | 2024-04-25T11:44:11.1128506Z 19 | # Create a lightweight runtime image 2024-04-25T11:44:11.1128669Z 20 | FROM eclipse-temurin:17-jdk-alpine 2024-04-25T11:44:11.1128753Z 21 | 2024-04-25T11:44:11.1128866Z 22 | # Set working directory 2024-04-25T11:44:11.1128957Z 23 | WORKDIR /app 2024-04-25T11:44:11.1129040Z 24 | 2024-04-25T11:44:11.1129223Z 25 | # Copy the built JAR file from the builder stage 2024-04-25T11:44:11.1129488Z 26 | COPY --from=builder /workspace/app/target/*.jar /app/app.jar 2024-04-25T11:44:11.1129751Z 27 | 2024-04-25T11:44:11.1130034Z 28 | # Expose the application port (replace with your actual port if different) 2024-04-25T11:44:11.1130127Z 29 | EXPOSE 8080 2024-04-25T11:44:11.1130206Z 30 | 2024-04-25T11:44:11.1130467Z 31 | # Run the application using Spring Boot's executable JAR 2024-04-25T11:44:11.1130656Z 32 | ENTRYPOINT ["java", "-jar", "/app/app.jar"] 2024-04-25T11:44:11.1131009Z Check: CKV_DOCKER_2: "Ensure that HEALTHCHECK instructions have been added to container images" 2024-04-25T11:44:11.1131330Z FAILED for resource: /language/sample-apps/chat-flask-cloudrun/Dockerfile. 2024-04-25T11:44:11.1131600Z File: /language/sample-apps/chat-flask-cloudrun/Dockerfile:1-10 2024-04-25T11:44:11.1132552Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images 2024-04-25T11:44:11.1132559Z 2024-04-25T11:44:11.1132654Z 1 | FROM python:3.8 2024-04-25T11:44:11.1132744Z 2 | 2024-04-25T11:44:11.1132848Z 3 | EXPOSE 8080 2024-04-25T11:44:11.1132939Z 4 | WORKDIR /app 2024-04-25T11:44:11.1133019Z 5 | 2024-04-25T11:44:11.1133117Z 6 | COPY . ./ 2024-04-25T11:44:11.1133196Z 7 | 2024-04-25T11:44:11.1133366Z 8 | RUN pip install -r requirements.txt 2024-04-25T11:44:11.1133460Z 9 | 2024-04-25T11:44:11.1133571Z 10 | CMD ["python", "app.py"] 2024-04-25T11:44:11.1133826Z Check: CKV_DOCKER_3: "Ensure that a user for the container has been created" 2024-04-25T11:44:11.1134152Z FAILED for resource: /language/sample-apps/chat-flask-cloudrun/Dockerfile. 2024-04-25T11:44:11.1134413Z File: /language/sample-apps/chat-flask-cloudrun/Dockerfile:1-10 2024-04-25T11:44:11.1135223Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created 2024-04-25T11:44:11.1135228Z 2024-04-25T11:44:11.1135320Z 1 | FROM python:3.8 2024-04-25T11:44:11.1135401Z 2 | 2024-04-25T11:44:11.1135505Z 3 | EXPOSE 8080 2024-04-25T11:44:11.1135595Z 4 | WORKDIR /app 2024-04-25T11:44:11.1135673Z 5 | 2024-04-25T11:44:11.1135969Z 6 | COPY . ./ 2024-04-25T11:44:11.1136097Z 7 | 2024-04-25T11:44:11.1136322Z 8 | RUN pip install -r requirements.txt 2024-04-25T11:44:11.1136420Z 9 | 2024-04-25T11:44:11.1136526Z 10 | CMD ["python", "app.py"] 2024-04-25T11:44:11.1136864Z Check: CKV_DOCKER_2: "Ensure that HEALTHCHECK instructions have been added to container images" 2024-04-25T11:44:11.1137314Z FAILED for resource: /language/sample-apps/chat-gradio/Dockerfile. 2024-04-25T11:44:11.1137544Z File: /language/sample-apps/chat-gradio/Dockerfile:1-10 2024-04-25T11:44:11.1138489Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images 2024-04-25T11:44:11.1138495Z 2024-04-25T11:44:11.1138589Z 1 | FROM python:3.11 2024-04-25T11:44:11.1138676Z 2 | 2024-04-25T11:44:11.1138779Z 3 | EXPOSE 8080 2024-04-25T11:44:11.1138867Z 4 | WORKDIR /app 2024-04-25T11:44:11.1138946Z 5 | 2024-04-25T11:44:11.1139046Z 6 | COPY . ./ 2024-04-25T11:44:11.1139130Z 7 | 2024-04-25T11:44:11.1139296Z 8 | RUN pip install -r requirements.txt 2024-04-25T11:44:11.1139391Z 9 | 2024-04-25T11:44:11.1139492Z 10 | CMD ["python", "app.py"] 2024-04-25T11:44:11.1139746Z Check: CKV_DOCKER_3: "Ensure that a user for the container has been created" 2024-04-25T11:44:11.1140034Z FAILED for resource: /language/sample-apps/chat-gradio/Dockerfile. 2024-04-25T11:44:11.1140251Z File: /language/sample-apps/chat-gradio/Dockerfile:1-10 2024-04-25T11:44:11.1141063Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created 2024-04-25T11:44:11.1141069Z 2024-04-25T11:44:11.1141169Z 1 | FROM python:3.11 2024-04-25T11:44:11.1141251Z 2 | 2024-04-25T11:44:11.1141503Z 3 | EXPOSE 8080 2024-04-25T11:44:11.1141594Z 4 | WORKDIR /app 2024-04-25T11:44:11.1141671Z 5 | 2024-04-25T11:44:11.1141773Z 6 | COPY . ./ 2024-04-25T11:44:11.1141859Z 7 | 2024-04-25T11:44:11.1142026Z 8 | RUN pip install -r requirements.txt 2024-04-25T11:44:11.1142115Z 9 | 2024-04-25T11:44:11.1142223Z 10 | CMD ["python", "app.py"] 2024-04-25T11:44:11.1142556Z Check: CKV_DOCKER_2: "Ensure that HEALTHCHECK instructions have been added to container images" 2024-04-25T11:44:11.1142909Z FAILED for resource: /gemini/sample-apps/fixmycar/cloud-sql/frontend/Dockerfile. 2024-04-25T11:44:11.1143207Z File: /gemini/sample-apps/fixmycar/cloud-sql/frontend/Dockerfile:1-27 2024-04-25T11:44:11.1144152Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images 2024-04-25T11:44:11.1144157Z 2024-04-25T11:44:11.1144289Z 1 | FROM python:3.8-slim 2024-04-25T11:44:11.1144374Z 2 | 2024-04-25T11:44:11.1144545Z 3 | RUN groupadd --gid 1000 appuser \ 2024-04-25T11:44:11.1144778Z 4 | && useradd --uid 1000 --gid 1000 -ms /bin/bash appuser 2024-04-25T11:44:11.1144858Z 5 | 2024-04-25T11:44:11.1145061Z 6 | RUN pip3 install --no-cache-dir --upgrade \ 2024-04-25T11:44:11.1145147Z 7 | pip \ 2024-04-25T11:44:11.1145240Z 8 | virtualenv 2024-04-25T11:44:11.1145342Z 9 | 2024-04-25T11:44:11.1145528Z 10 | RUN apt-get update && apt-get install -y \ 2024-04-25T11:44:11.1145662Z 11 | build-essential \ 2024-04-25T11:44:11.1145846Z 12 | software-properties-common \ 2024-04-25T11:44:11.1145937Z 13 | git 2024-04-25T11:44:11.1146018Z 14 | 2024-04-25T11:44:11.1146119Z 15 | USER appuser 2024-04-25T11:44:11.1146219Z 16 | WORKDIR /home/appuser 2024-04-25T11:44:11.1146301Z 17 | 2024-04-25T11:44:11.1146404Z 18 | COPY . . 2024-04-25T11:44:11.1146490Z 19 | 2024-04-25T11:44:11.1146614Z 20 | ENV VIRTUAL_ENV=/home/appuser/venv 2024-04-25T11:44:11.1146743Z 21 | RUN virtualenv ${VIRTUAL_ENV} 2024-04-25T11:44:11.1147041Z 22 | RUN . ${VIRTUAL_ENV}/bin/activate && pip install -r ./requirements.txt 2024-04-25T11:44:11.1147137Z 23 | 2024-04-25T11:44:11.1147228Z 24 | EXPOSE 8501 2024-04-25T11:44:11.1147309Z 25 | 2024-04-25T11:44:11.1147434Z 26 | COPY run.sh /home/appuser 2024-04-25T11:44:11.1147538Z 27 | ENTRYPOINT ["./run.sh"] 2024-04-25T11:44:11.1147659Z github_actions scan results: 2024-04-25T11:44:11.1147666Z 2024-04-25T11:44:11.1147954Z Passed checks: 15, Failed checks: 1, Skipped checks: 0 2024-04-25T11:44:11.1148145Z 2024-04-25T11:44:11.1148552Z Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all" 2024-04-25T11:44:11.1148752Z FAILED for resource: on(Lint Code Base) 2024-04-25T11:44:11.1149013Z File: /.github/workflows/linter.yaml:0-1 2024-04-25T11:44:11.1149169Z openapi scan results: 2024-04-25T11:44:11.1149176Z 2024-04-25T11:44:11.1149456Z Passed checks: 2, Failed checks: 3, Skipped checks: 0 2024-04-25T11:44:11.1149495Z 2024-04-25T11:44:11.1149811Z Check: CKV_OPENAPI_21: "Ensure that arrays have a maximum number of items" 2024-04-25T11:44:11.1149922Z FAILED for resource: paths 2024-04-25T11:44:11.1150184Z File: /gemini/sample-apps/genwealth/api/swagger.json:23-28 2024-04-25T11:44:11.1150748Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/api-policies/openapi-policies/bc-openapi-21 2024-04-25T11:44:11.1150753Z 2024-04-25T11:44:11.1150863Z 23 | "schema": { 2024-04-25T11:44:11.1150990Z 24 | "type": "array", 2024-04-25T11:44:11.1151090Z 25 | "items": { 2024-04-25T11:44:11.1151193Z 26 | "type": "string" 2024-04-25T11:44:11.1151299Z 27 | } 2024-04-25T11:44:11.1151385Z 28 | } 2024-04-25T11:44:11.1151391Z 2024-04-25T11:44:11.1151637Z Check: CKV_OPENAPI_5: "Ensure that security operations is not empty." 2024-04-25T11:44:11.1151745Z FAILED for resource: security 2024-04-25T11:44:11.1152130Z File: /gemini/sample-apps/genwealth/api/swagger.json:1-227 2024-04-25T11:44:11.1152862Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/api-policies/openapi-policies/ensure-that-security-operations-is-not-empty 2024-04-25T11:44:11.1152868Z 2024-04-25T11:44:11.1153208Z Code lines for this resource are too many. Please use IDE of your choice to review the file. 2024-04-25T11:44:11.1153477Z Check: CKV_OPENAPI_4: "Ensure that the global security field has rules defined" 2024-04-25T11:44:11.1153608Z FAILED for resource: security 2024-04-25T11:44:11.1153850Z File: /gemini/sample-apps/genwealth/api/swagger.json:1-227 2024-04-25T11:44:11.1154651Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/api-policies/openapi-policies/ensure-that-the-global-security-field-has-rules-defined 2024-04-25T11:44:11.1154656Z 2024-04-25T11:44:11.1154994Z Code lines for this resource are too many. Please use IDE of your choice to review the file. 2024-04-25T11:44:11.1155097Z ------ 2024-04-25T11:44:11.1155404Z 2024-04-25 11:44:10 [ERROR] Stderr contents for CHECKOV: 2024-04-25T11:44:11.1155500Z ------ 2024-04-25T11:44:11.1156524Z 2024-04-25 11:44:03,555 [MainThread ] [WARNI] Failed to download module terraform-google-modules/project-factory/google//modules/project_services:14.4 (for external modules, the --download-external-modules flag is required) 2024-04-25T11:44:11.1156637Z ------ 2024-04-25T11:44:11.8698404Z 2024-04-25 11:44:11 [ERROR] Super-linter detected linting errors 2024-04-25T11:44:12.0651189Z Post job cleanup. 2024-04-25T11:44:12.1432752Z [command]/usr/bin/git version 2024-04-25T11:44:12.1476059Z git version 2.43.2 2024-04-25T11:44:12.1519924Z Temporarily overriding HOME='/home/runner/work/_temp/bbeef4f4-e9d7-49ea-941e-76d421d77062' before making global git config changes 2024-04-25T11:44:12.1521731Z Adding repository directory to the temporary git global config as a safe directory 2024-04-25T11:44:12.1525121Z [command]/usr/bin/git config --global --add safe.directory /home/runner/work/generative-ai/generative-ai 2024-04-25T11:44:12.1561876Z [command]/usr/bin/git config --local --name-only --get-regexp core\.sshCommand 2024-04-25T11:44:12.1603520Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'core\.sshCommand' && git config --local --unset-all 'core.sshCommand' || :" 2024-04-25T11:44:12.1861226Z [command]/usr/bin/git config --local --name-only --get-regexp http\.https\:\/\/github\.com\/\.extraheader 2024-04-25T11:44:12.1883717Z http.https://github.com/.extraheader 2024-04-25T11:44:12.1896379Z [command]/usr/bin/git config --local --unset-all http.https://github.com/.extraheader 2024-04-25T11:44:12.1926593Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'http\.https\:\/\/github\.com\/\.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :" 2024-04-25T11:44:12.2419748Z Cleaning up orphan processes
The text was updated successfully, but these errors were encountered:
No branches or pull requests
0_Lint Code Base.txt
Code of Conduct
The text was updated successfully, but these errors were encountered: