Skip to content
[BE][FE][SECURITY] Kics

Merge pull request #307 from catenax-ng/main #662

Sign in to view logs

Merge pull request #307 from catenax-ng/main

Merge pull request #307 from catenax-ng/main #662

Triggered via push October 10, 2023 13:53
@ds-mwesenerds-mwesener
pushed e5b2af6
main
Status Success
Total duration 2m 12s
Artifacts
This run and associated checks have been archived and are scheduled for deletion. Learn more about checks retention

kics.yml

on: push
Analyze frontend
1m 5s
Analyze frontend
Analyze backend
1m 58s
Analyze backend
Fit to window
Zoom out
Zoom in

Annotations

16 warnings
[MEDIUM] Healthcheck Not Set: frontend/cypress/docker-compose.yml#L24
Check containers periodically to see if they are running properly.
[MEDIUM] Host Namespace is Shared: frontend/docker-compose.yml#L45
The hosts process namespace should not be shared by containers
[MEDIUM] Host Namespace is Shared: frontend/cypress/docker-compose.yml#L24
The hosts process namespace should not be shared by containers
[MEDIUM] Last User Is 'root': frontend/cypress/Dockerfile#L32
Leaving the last user as root can cause security risks. Change to another user after running the commands the need privileges
[MEDIUM] Networks Not Set: frontend/cypress/docker-compose.yml#L24
Setting networks in services ensures you are not using dockers default bridge (docker0), which shares traffic bewteen all containers.
[MEDIUM] Shared Host Network Namespace: frontend/cypress/docker-compose.yml#L35
Container should not share the host network namespace
[MEDIUM] Container Traffic Not Bound To Host Interface: tx-backend/docker/docker-compose.yml#L25
Incoming container traffic should be bound to a specific host interface
[MEDIUM] Global Server Object Uses HTTP: tx-backend/openapi/traceability-foss-backend.json#L13
Global server object URL should use 'https' protocol instead of 'http'
[MEDIUM] Healthcheck Not Set: tx-backend/docker/docker-compose.yml#L20
Check containers periodically to see if they are running properly.
[MEDIUM] Host Namespace is Shared: tx-backend/docker/docker-compose.yml#L20
The hosts process namespace should not be shared by containers
[MEDIUM] Media Type Object Without Schema: tx-backend/openapi/traceability-foss-backend.json#L6366
The Media Type Object should have the attribute 'schema' defined
[MEDIUM] Media Type Object Without Schema: tx-backend/openapi/traceability-foss-backend.json#L445
The Media Type Object should have the attribute 'schema' defined
[MEDIUM] Media Type Object Without Schema: tx-backend/openapi/traceability-foss-backend.json#L6354
The Media Type Object should have the attribute 'schema' defined
[MEDIUM] Response on operations that should have a body has undefined schema (v3): tx-backend/openapi/traceability-foss-backend.json#L5635
If a response is not head or its code is not 204 or 304, it should have a schema defined
[MEDIUM] Response on operations that should have a body has undefined schema (v3): tx-backend/openapi/traceability-foss-backend.json#L1067
If a response is not head or its code is not 204 or 304, it should have a schema defined
[MEDIUM] Response on operations that should have a body has undefined schema (v3): tx-backend/openapi/traceability-foss-backend.json#L2173
If a response is not head or its code is not 204 or 304, it should have a schema defined