generative-ai
generative-ai copied to clipboard
GoogleCloudPlatform
[Bug]: Fix Terraform Lint Errors surfaced in superlinter v6
2024-04-25T11:44:10.9563422Z 2024-04-25 11:44:10 [ERROR] Errors found in CHECKOV
2024-04-25T11:44:10.9885531Z 2024-04-25 11:44:10 [ERROR] Command output for CHECKOV:
2024-04-25T11:44:10.9886493Z ------
2024-04-25T11:44:10.9887001Z terraform scan results:
2024-04-25T11:44:10.9887494Z
2024-04-25T11:44:10.9887857Z Passed checks: 99, Failed checks: 10, Skipped checks: 0
2024-04-25T11:44:10.9888475Z
2024-04-25T11:44:10.9889293Z Check: CKV_GCP_81: "Ensure Big Query Datasets are encrypted with Customer Supplied Encryption Keys (CSEK)"
2024-04-25T11:44:10.9890632Z FAILED for resource: google_bigquery_dataset.demo_dataset
2024-04-25T11:44:10.9892432Z File: /gemini/use-cases/applying-llms-to-data/using-gemini-with-bigquery-remote-functions/bigquery.tf:18-23
2024-04-25T11:44:10.9896039Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/ensure-gcp-big-query-tables-are-encrypted-with-customer-supplied-encryption-keys-csek-1
2024-04-25T11:44:10.9898087Z
2024-04-25T11:44:10.9898508Z 18 | resource "google_bigquery_dataset" "demo_dataset" {
2024-04-25T11:44:10.9899709Z 19 | project = module.project-services.project_id
2024-04-25T11:44:10.9900948Z 20 | dataset_id = "gemini_demo"
2024-04-25T11:44:10.9901664Z 21 | location = var.region
2024-04-25T11:44:10.9902496Z 22 | depends_on = [time_sleep.wait_after_apis]
2024-04-25T11:44:10.9903243Z 23 | }
2024-04-25T11:44:10.9903493Z
2024-04-25T11:44:10.9904264Z Check: CKV_GCP_80: "Ensure Big Query Tables are encrypted with Customer Supplied Encryption Keys (CSEK)"
2024-04-25T11:44:10.9905635Z FAILED for resource: google_bigquery_table.object_table
2024-04-25T11:44:10.9907241Z File: /gemini/use-cases/applying-llms-to-data/using-gemini-with-bigquery-remote-functions/bigquery.tf:56-70
2024-04-25T11:44:10.9910465Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/ensure-gcp-big-query-tables-are-encrypted-with-customer-supplied-encryption-keys-csek
2024-04-25T11:44:10.9912636Z
2024-04-25T11:44:10.9913023Z 56 | resource "google_bigquery_table" "object_table" {
2024-04-25T11:44:10.9914062Z 57 | project = module.project-services.project_id
2024-04-25T11:44:10.9915173Z 58 | dataset_id = google_bigquery_dataset.demo_dataset.dataset_id
2024-04-25T11:44:10.9916287Z 59 | table_id = "image_object_table"
2024-04-25T11:44:10.9917095Z 60 | deletion_protection = var.deletion_protection
2024-04-25T11:44:10.9917870Z 61 |
2024-04-25T11:44:10.9918487Z 62 | external_data_configuration {
2024-04-25T11:44:10.9919428Z 63 | autodetect = false
2024-04-25T11:44:10.9920340Z 64 | connection_id = google_bigquery_connection.function_connection.id
2024-04-25T11:44:10.9921588Z 65 | source_uris = ["${google_storage_bucket.demo_images.url}/*"]
2024-04-25T11:44:10.9922465Z 66 | object_metadata = "Simple"
2024-04-25T11:44:10.9923120Z 67 | }
2024-04-25T11:44:10.9923695Z 68 |
2024-04-25T11:44:10.9924618Z 69 | depends_on = [google_project_iam_member.functions_invoke_roles, google_storage_bucket.demo_images]
2024-04-25T11:44:10.9925741Z 70 | }
2024-04-25T11:44:10.9926102Z
2024-04-25T11:44:10.9926657Z Check: CKV_GCP_121: "Ensure BigQuery tables have deletion protection enabled"
2024-04-25T11:44:10.9927800Z FAILED for resource: google_bigquery_table.object_table
2024-04-25T11:44:10.9929349Z File: /gemini/use-cases/applying-llms-to-data/using-gemini-with-bigquery-remote-functions/bigquery.tf:56-70
2024-04-25T11:44:10.9931900Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/bc-google-cloud-121
2024-04-25T11:44:10.9933269Z
2024-04-25T11:44:10.9933660Z 56 | resource "google_bigquery_table" "object_table" {
2024-04-25T11:44:10.9934732Z 57 | project = module.project-services.project_id
2024-04-25T11:44:10.9937127Z 58 | dataset_id = google_bigquery_dataset.demo_dataset.dataset_id
2024-04-25T11:44:10.9938183Z 59 | table_id = "image_object_table"
2024-04-25T11:44:10.9939015Z 60 | deletion_protection = var.deletion_protection
2024-04-25T11:44:10.9940003Z 61 |
2024-04-25T11:44:10.9940548Z 62 | external_data_configuration {
2024-04-25T11:44:10.9941207Z 63 | autodetect = false
2024-04-25T11:44:10.9942292Z 64 | connection_id = google_bigquery_connection.function_connection.id
2024-04-25T11:44:10.9943437Z 65 | source_uris = ["${google_storage_bucket.demo_images.url}/*"]
2024-04-25T11:44:10.9944475Z 66 | object_metadata = "Simple"
2024-04-25T11:44:10.9945115Z 67 | }
2024-04-25T11:44:10.9945589Z 68 |
2024-04-25T11:44:10.9946683Z 69 | depends_on = [google_project_iam_member.functions_invoke_roles, google_storage_bucket.demo_images]
2024-04-25T11:44:10.9947774Z 70 | }
2024-04-25T11:44:10.9948080Z
2024-04-25T11:44:10.9948517Z Check: CKV_TF_1: "Ensure Terraform module sources use a commit hash"
2024-04-25T11:44:10.9949721Z FAILED for resource: project-services
2024-04-25T11:44:10.9951135Z File: /gemini/use-cases/applying-llms-to-data/using-gemini-with-bigquery-remote-functions/main.tf:17-60
2024-04-25T11:44:10.9954214Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/supply-chain-policies/terraform-policies/ensure-terraform-module-sources-use-git-url-with-commit-hash-revision
2024-04-25T11:44:10.9955976Z
2024-04-25T11:44:10.9956457Z 17 | module "project-services" {
2024-04-25T11:44:10.9957690Z 18 | source = "terraform-google-modules/project-factory/google//modules/project_services"
2024-04-25T11:44:10.9958881Z 19 | version = "14.4"
2024-04-25T11:44:10.9959749Z 20 | disable_services_on_destroy = false
2024-04-25T11:44:10.9960469Z 21 |
2024-04-25T11:44:10.9960968Z 22 | project_id = var.project_id
2024-04-25T11:44:10.9961818Z 23 | enable_apis = var.enable_apis
2024-04-25T11:44:10.9962495Z 24 |
2024-04-25T11:44:10.9962966Z 25 | activate_apis = [
2024-04-25T11:44:10.9963702Z 26 | "aiplatform.googleapis.com",
2024-04-25T11:44:10.9964471Z 27 | "bigquery.googleapis.com",
2024-04-25T11:44:10.9965202Z 28 | "bigqueryconnection.googleapis.com",
2024-04-25T11:44:10.9966138Z 29 | "bigquerystorage.googleapis.com",
2024-04-25T11:44:10.9966946Z 30 | "cloudapis.googleapis.com",
2024-04-25T11:44:10.9967656Z 31 | "cloudfunctions.googleapis.com",
2024-04-25T11:44:10.9968514Z 32 | "config.googleapis.com",
2024-04-25T11:44:10.9969247Z 33 | "dataflow.googleapis.com",
2024-04-25T11:44:10.9970124Z 34 | "dataform.googleapis.com",
2024-04-25T11:44:10.9970948Z 35 | "logging.googleapis.com",
2024-04-25T11:44:10.9971700Z 36 | "notebooks.googleapis.com",
2024-04-25T11:44:10.9972363Z 37 | "run.googleapis.com",
2024-04-25T11:44:10.9973183Z 38 | "serviceusage.googleapis.com",
2024-04-25T11:44:10.9973931Z 39 | "storage.googleapis.com",
2024-04-25T11:44:10.9974702Z 40 | "storage-api.googleapis.com",
2024-04-25T11:44:10.9975575Z 41 | "workflows.googleapis.com",
2024-04-25T11:44:10.9976478Z 42 | ]
2024-04-25T11:44:10.9976905Z 43 |
2024-04-25T11:44:10.9977576Z 44 | activate_api_identities = [
2024-04-25T11:44:10.9978294Z 45 | {
2024-04-25T11:44:10.9978826Z 46 | api = "workflows.googleapis.com"
2024-04-25T11:44:10.9979672Z 47 | roles = [
2024-04-25T11:44:10.9980270Z 48 | "roles/workflows.viewer"
2024-04-25T11:44:10.9980890Z 49 | ]
2024-04-25T11:44:10.9981625Z 50 | api = "cloudfunctions.googleapis.com"
2024-04-25T11:44:10.9982390Z 51 | roles = [
2024-04-25T11:44:10.9982963Z 52 | "roles/cloudfunctions.invoker"
2024-04-25T11:44:10.9983794Z 53 | ]
2024-04-25T11:44:10.9984357Z 54 | api = "run.googleapis.com"
2024-04-25T11:44:10.9985010Z 55 | roles = [
2024-04-25T11:44:10.9985686Z 56 | "roles/run.invoker"
2024-04-25T11:44:10.9986195Z 57 | ]
2024-04-25T11:44:10.9986491Z 58 | }
2024-04-25T11:44:10.9986875Z 59 | ]
2024-04-25T11:44:10.9987132Z 60 | }
2024-04-25T11:44:10.9987338Z
2024-04-25T11:44:10.9987513Z Check: CKV_GCP_62: "Bucket should log access"
2024-04-25T11:44:10.9988136Z FAILED for resource: google_storage_bucket.function_source
2024-04-25T11:44:10.9989104Z File: /gemini/use-cases/applying-llms-to-data/using-gemini-with-bigquery-remote-functions/storage.tf:19-26
2024-04-25T11:44:10.9990469Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-storage-gcs-policies/bc-gcp-logging-2
2024-04-25T11:44:10.9991314Z
2024-04-25T11:44:10.9991606Z 19 | resource "google_storage_bucket" "function_source" {
2024-04-25T11:44:10.9992302Z 20 | name = "gemini-bq-demo-${random_id.id.hex}"
2024-04-25T11:44:10.9992958Z 21 | project = module.project-services.project_id
2024-04-25T11:44:10.9993597Z 22 | location = var.region
2024-04-25T11:44:10.9994102Z 23 | uniform_bucket_level_access = true
2024-04-25T11:44:10.9994571Z 24 | force_destroy = var.force_destroy
2024-04-25T11:44:10.9995370Z 25 | depends_on = [time_sleep.wait_after_apis]
2024-04-25T11:44:10.9995908Z 26 | }
2024-04-25T11:44:10.9996065Z
2024-04-25T11:44:10.9996466Z Check: CKV_GCP_114: "Ensure public access prevention is enforced on Cloud Storage bucket"
2024-04-25T11:44:10.9997250Z FAILED for resource: google_storage_bucket.function_source
2024-04-25T11:44:10.9998231Z File: /gemini/use-cases/applying-llms-to-data/using-gemini-with-bigquery-remote-functions/storage.tf:19-26
2024-04-25T11:44:10.9999656Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/bc-google-cloud-114
2024-04-25T11:44:11.0000457Z
2024-04-25T11:44:11.0000760Z 19 | resource "google_storage_bucket" "function_source" {
2024-04-25T11:44:11.0001422Z 20 | name = "gemini-bq-demo-${random_id.id.hex}"
2024-04-25T11:44:11.0002106Z 21 | project = module.project-services.project_id
2024-04-25T11:44:11.0002771Z 22 | location = var.region
2024-04-25T11:44:11.0003219Z 23 | uniform_bucket_level_access = true
2024-04-25T11:44:11.0003719Z 24 | force_destroy = var.force_destroy
2024-04-25T11:44:11.0004371Z 25 | depends_on = [time_sleep.wait_after_apis]
2024-04-25T11:44:11.0004834Z 26 | }
2024-04-25T11:44:11.0005028Z
2024-04-25T11:44:11.0005274Z Check: CKV_GCP_78: "Ensure Cloud storage has versioning enabled"
2024-04-25T11:44:11.0006157Z FAILED for resource: google_storage_bucket.function_source
2024-04-25T11:44:11.0007075Z File: /gemini/use-cases/applying-llms-to-data/using-gemini-with-bigquery-remote-functions/storage.tf:19-26
2024-04-25T11:44:11.0008676Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/ensure-gcp-cloud-storage-has-versioning-enabled
2024-04-25T11:44:11.0009857Z
2024-04-25T11:44:11.0010079Z 19 | resource "google_storage_bucket" "function_source" {
2024-04-25T11:44:11.0010736Z 20 | name = "gemini-bq-demo-${random_id.id.hex}"
2024-04-25T11:44:11.0011457Z 21 | project = module.project-services.project_id
2024-04-25T11:44:11.0012099Z 22 | location = var.region
2024-04-25T11:44:11.0012608Z 23 | uniform_bucket_level_access = true
2024-04-25T11:44:11.0013125Z 24 | force_destroy = var.force_destroy
2024-04-25T11:44:11.0013762Z 25 | depends_on = [time_sleep.wait_after_apis]
2024-04-25T11:44:11.0014422Z 26 | }
2024-04-25T11:44:11.0014617Z
2024-04-25T11:44:11.0014790Z Check: CKV_GCP_62: "Bucket should log access"
2024-04-25T11:44:11.0015420Z FAILED for resource: google_storage_bucket.demo_images
2024-04-25T11:44:11.0016899Z File: /gemini/use-cases/applying-llms-to-data/using-gemini-with-bigquery-remote-functions/storage.tf:44-51
2024-04-25T11:44:11.0018483Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-storage-gcs-policies/bc-gcp-logging-2
2024-04-25T11:44:11.0019439Z
2024-04-25T11:44:11.0019785Z 44 | resource "google_storage_bucket" "demo_images" {
2024-04-25T11:44:11.0020466Z 45 | name = "gemini-bq-demo-images-${random_id.id.hex}"
2024-04-25T11:44:11.0021194Z 46 | project = module.project-services.project_id
2024-04-25T11:44:11.0021874Z 47 | location = var.region
2024-04-25T11:44:11.0022376Z 48 | uniform_bucket_level_access = true
2024-04-25T11:44:11.0022862Z 49 | force_destroy = var.force_destroy
2024-04-25T11:44:11.0023527Z 50 | depends_on = [time_sleep.wait_after_apis]
2024-04-25T11:44:11.0024039Z 51 | }
2024-04-25T11:44:11.0024195Z
2024-04-25T11:44:11.0024559Z Check: CKV_GCP_114: "Ensure public access prevention is enforced on Cloud Storage bucket"
2024-04-25T11:44:11.0025397Z FAILED for resource: google_storage_bucket.demo_images
2024-04-25T11:44:11.0026615Z File: /gemini/use-cases/applying-llms-to-data/using-gemini-with-bigquery-remote-functions/storage.tf:44-51
2024-04-25T11:44:11.0028080Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/bc-google-cloud-114
2024-04-25T11:44:11.0029044Z
2024-04-25T11:44:11.0029246Z 44 | resource "google_storage_bucket" "demo_images" {
2024-04-25T11:44:11.0029925Z 45 | name = "gemini-bq-demo-images-${random_id.id.hex}"
2024-04-25T11:44:11.0030739Z 46 | project = module.project-services.project_id
2024-04-25T11:44:11.0031322Z 47 | location = var.region
2024-04-25T11:44:11.0031830Z 48 | uniform_bucket_level_access = true
2024-04-25T11:44:11.0032449Z 49 | force_destroy = var.force_destroy
2024-04-25T11:44:11.0033023Z 50 | depends_on = [time_sleep.wait_after_apis]
2024-04-25T11:44:11.0033554Z 51 | }
2024-04-25T11:44:11.0033734Z
2024-04-25T11:44:11.0034107Z Check: CKV_GCP_78: "Ensure Cloud storage has versioning enabled"
2024-04-25T11:44:11.0034736Z FAILED for resource: google_storage_bucket.demo_images
2024-04-25T11:44:11.0035749Z File: /gemini/use-cases/applying-llms-to-data/using-gemini-with-bigquery-remote-functions/storage.tf:44-51
2024-04-25T11:44:11.0037593Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/google-cloud-policies/google-cloud-general-policies/ensure-gcp-cloud-storage-has-versioning-enabled
2024-04-25T11:44:11.0038846Z
2024-04-25T11:44:11.0039096Z 44 | resource "google_storage_bucket" "demo_images" {
2024-04-25T11:44:11.0039789Z 45 | name = "gemini-bq-demo-images-${random_id.id.hex}"
2024-04-25T11:44:11.0040615Z 46 | project = module.project-services.project_id
2024-04-25T11:44:11.0041223Z 47 | location = var.region
2024-04-25T11:44:11.0041719Z 48 | uniform_bucket_level_access = true
2024-04-25T11:44:11.0042326Z 49 | force_destroy = var.force_destroy
2024-04-25T11:44:11.0042955Z 50 | depends_on = [time_sleep.wait_after_apis]
2024-04-25T11:44:11.0043450Z 51 | }
2024-04-25T11:44:11.0043650Z
2024-04-25T11:44:11.0043854Z kubernetes scan results:
2024-04-25T11:44:11.0044080Z
2024-04-25T11:44:11.0044362Z Passed checks: 289, Failed checks: 65, Skipped checks: 0
2024-04-25T11:44:11.0044734Z
2024-04-25T11:44:11.0044991Z Check: CKV_K8S_21: "The default namespace should not be used"
2024-04-25T11:44:11.0045782Z FAILED for resource: Service.default.fixmycar-backend
2024-04-25T11:44:11.0046642Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/backend-service.yaml:1-12
2024-04-25T11:44:11.0047935Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-20
2024-04-25T11:44:11.0048716Z
2024-04-25T11:44:11.0048917Z 1 | apiVersion: v1
2024-04-25T11:44:11.0049316Z 2 | kind: Service
2024-04-25T11:44:11.0049678Z 3 | metadata:
2024-04-25T11:44:11.0050118Z 4 | name: fixmycar-backend
2024-04-25T11:44:11.0050546Z 5 | spec:
2024-04-25T11:44:11.0050874Z 6 | selector:
2024-04-25T11:44:11.0051307Z 7 | app: fixmycar-backend
2024-04-25T11:44:11.0051739Z 8 | ports:
2024-04-25T11:44:11.0052114Z 9 | - name: http
2024-04-25T11:44:11.0052536Z 10 | port: 8080
2024-04-25T11:44:11.0052918Z 11 | targetPort: 8080
2024-04-25T11:44:11.0053332Z 12 | type: ClusterIP
2024-04-25T11:44:11.0053560Z
2024-04-25T11:44:11.0054017Z Check: CKV_K8S_22: "Use read-only filesystem for containers where possible"
2024-04-25T11:44:11.0054810Z FAILED for resource: Deployment.default.fixmycar-backend
2024-04-25T11:44:11.0055684Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/backend-deployment.yaml:1-59
2024-04-25T11:44:11.0057345Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-21
2024-04-25T11:44:11.0058188Z
2024-04-25T11:44:11.0058765Z Code lines for this resource are too many. Please use IDE of your choice to review the file.
2024-04-25T11:44:11.0059661Z Check: CKV_K8S_21: "The default namespace should not be used"
2024-04-25T11:44:11.0060480Z FAILED for resource: Deployment.default.fixmycar-backend
2024-04-25T11:44:11.0061336Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/backend-deployment.yaml:1-59
2024-04-25T11:44:11.0062655Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-20
2024-04-25T11:44:11.0063460Z
2024-04-25T11:44:11.0063986Z Code lines for this resource are too many. Please use IDE of your choice to review the file.
2024-04-25T11:44:11.0064900Z Check: CKV_K8S_37: "Minimize the admission of containers with capabilities assigned"
2024-04-25T11:44:11.0065761Z FAILED for resource: Deployment.default.fixmycar-backend
2024-04-25T11:44:11.0066709Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/backend-deployment.yaml:1-59
2024-04-25T11:44:11.0068041Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-34
2024-04-25T11:44:11.0068828Z
2024-04-25T11:44:11.0069240Z Code lines for this resource are too many. Please use IDE of your choice to review the file.
2024-04-25T11:44:11.0070231Z Check: CKV_K8S_40: "Containers should run as a high UID to avoid host conflict"
2024-04-25T11:44:11.0071217Z FAILED for resource: Deployment.default.fixmycar-backend
2024-04-25T11:44:11.0072061Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/backend-deployment.yaml:1-59
2024-04-25T11:44:11.0073441Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-37
2024-04-25T11:44:11.0074276Z
2024-04-25T11:44:11.0074683Z Code lines for this resource are too many. Please use IDE of your choice to review the file.
2024-04-25T11:44:11.0075568Z Check: CKV_K8S_29: "Apply security context to your pods and containers"
2024-04-25T11:44:11.0076377Z FAILED for resource: Deployment.default.fixmycar-backend
2024-04-25T11:44:11.0077268Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/backend-deployment.yaml:1-59
2024-04-25T11:44:11.0078936Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-securitycontext-is-applied-to-pods-and-containers
2024-04-25T11:44:11.0080083Z
2024-04-25T11:44:11.0080513Z Code lines for this resource are too many. Please use IDE of your choice to review the file.
2024-04-25T11:44:11.0081356Z Check: CKV_K8S_30: "Apply security context to your containers"
2024-04-25T11:44:11.0082061Z FAILED for resource: Deployment.default.fixmycar-backend
2024-04-25T11:44:11.0082969Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/backend-deployment.yaml:1-59
2024-04-25T11:44:11.0084153Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-28
2024-04-25T11:44:11.0084925Z
2024-04-25T11:44:11.0085311Z Code lines for this resource are too many. Please use IDE of your choice to review the file.
2024-04-25T11:44:11.0086118Z Check: CKV_K8S_43: "Image should use digest"
2024-04-25T11:44:11.0086698Z FAILED for resource: Deployment.default.fixmycar-backend
2024-04-25T11:44:11.0087528Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/backend-deployment.yaml:1-59
2024-04-25T11:44:11.0088837Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-39
2024-04-25T11:44:11.0089575Z
2024-04-25T11:44:11.0090004Z Code lines for this resource are too many. Please use IDE of your choice to review the file.
2024-04-25T11:44:11.0090930Z Check: CKV_K8S_31: "Ensure that the seccomp profile is set to docker/default or runtime/default"
2024-04-25T11:44:11.0091846Z FAILED for resource: Deployment.default.fixmycar-backend
2024-04-25T11:44:11.0092799Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/backend-deployment.yaml:1-59
2024-04-25T11:44:11.0094016Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-29
2024-04-25T11:44:11.0094856Z
2024-04-25T11:44:11.0095244Z Code lines for this resource are too many. Please use IDE of your choice to review the file.
2024-04-25T11:44:11.0096641Z Check: CKV_K8S_28: "Minimize the admission of containers with the NET_RAW capability"
2024-04-25T11:44:11.0097576Z FAILED for resource: Deployment.default.fixmycar-backend
2024-04-25T11:44:11.0098390Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/backend-deployment.yaml:1-59
2024-04-25T11:44:11.0099637Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-27
2024-04-25T11:44:11.0100363Z
2024-04-25T11:44:11.0100869Z Code lines for this resource are too many. Please use IDE of your choice to review the file.
2024-04-25T11:44:11.0101718Z Check: CKV_K8S_14: "Image Tag should be fixed - not latest or blank"
2024-04-25T11:44:11.0102456Z FAILED for resource: Deployment.default.fixmycar-backend
2024-04-25T11:44:11.0103345Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/backend-deployment.yaml:1-59
2024-04-25T11:44:11.0104565Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-13
2024-04-25T11:44:11.0105492Z
2024-04-25T11:44:11.0105915Z Code lines for this resource are too many. Please use IDE of your choice to review the file.
2024-04-25T11:44:11.0106757Z Check: CKV_K8S_8: "Liveness Probe Should be Configured"
2024-04-25T11:44:11.0107456Z FAILED for resource: Deployment.default.fixmycar-backend
2024-04-25T11:44:11.0108245Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/backend-deployment.yaml:1-59
2024-04-25T11:44:11.0109522Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-7
2024-04-25T11:44:11.0110319Z
2024-04-25T11:44:11.0110711Z Code lines for this resource are too many. Please use IDE of your choice to review the file.
2024-04-25T11:44:11.0111585Z Check: CKV_K8S_20: "Containers should not run with allowPrivilegeEscalation"
2024-04-25T11:44:11.0112382Z FAILED for resource: Deployment.default.fixmycar-backend
2024-04-25T11:44:11.0113239Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/backend-deployment.yaml:1-59
2024-04-25T11:44:11.0114474Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-19
2024-04-25T11:44:11.0115284Z
2024-04-25T11:44:11.0115748Z Code lines for this resource are too many. Please use IDE of your choice to review the file.
2024-04-25T11:44:11.0116578Z Check: CKV_K8S_23: "Minimize the admission of root containers"
2024-04-25T11:44:11.0117274Z FAILED for resource: Deployment.default.fixmycar-backend
2024-04-25T11:44:11.0118206Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/backend-deployment.yaml:1-59
2024-04-25T11:44:11.0119415Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-22
2024-04-25T11:44:11.0120178Z
2024-04-25T11:44:11.0120561Z Code lines for this resource are too many. Please use IDE of your choice to review the file.
2024-04-25T11:44:11.0121561Z Check: CKV_K8S_38: "Ensure that Service Account Tokens are only mounted where necessary"
2024-04-25T11:44:11.0122341Z FAILED for resource: Deployment.default.fixmycar-backend
2024-04-25T11:44:11.0123176Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/backend-deployment.yaml:1-59
2024-04-25T11:44:11.0124492Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-35
2024-04-25T11:44:11.0125228Z
2024-04-25T11:44:11.0125655Z Code lines for this resource are too many. Please use IDE of your choice to review the file.
2024-04-25T11:44:11.0126695Z Check: CKV_K8S_35: "Prefer using secrets as files over secrets as environment variables"
2024-04-25T11:44:11.0127600Z FAILED for resource: Deployment.default.fixmycar-backend
2024-04-25T11:44:11.0128433Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/backend-deployment.yaml:1-59
2024-04-25T11:44:11.0129640Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-33
2024-04-25T11:44:11.0130486Z
2024-04-25T11:44:11.0130876Z Code lines for this resource are too many. Please use IDE of your choice to review the file.
2024-04-25T11:44:11.0131647Z Check: CKV_K8S_9: "Readiness Probe Should be Configured"
2024-04-25T11:44:11.0132326Z FAILED for resource: Deployment.default.fixmycar-backend
2024-04-25T11:44:11.0133180Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/backend-deployment.yaml:1-59
2024-04-25T11:44:11.0134415Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-8
2024-04-25T11:44:11.0135139Z
2024-04-25T11:44:11.0135561Z Code lines for this resource are too many. Please use IDE of your choice to review the file.
2024-04-25T11:44:11.0136633Z Check: CKV_K8S_21: "The default namespace should not be used"
2024-04-25T11:44:11.0137351Z FAILED for resource: Service.default.fixmycar-frontend
2024-04-25T11:44:11.0138163Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/frontend-service.yaml:1-13
2024-04-25T11:44:11.0139655Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-20
2024-04-25T11:44:11.0140394Z
2024-04-25T11:44:11.0140526Z 1 | apiVersion: v1
2024-04-25T11:44:11.0140885Z 2 | kind: Service
2024-04-25T11:44:11.0141313Z 3 | metadata:
2024-04-25T11:44:11.0141666Z 4 | name: fixmycar-frontend
2024-04-25T11:44:11.0142067Z 5 | spec:
2024-04-25T11:44:11.0142476Z 6 | type: ClusterIP
2024-04-25T11:44:11.0142801Z 7 | selector:
2024-04-25T11:44:11.0143198Z 8 | app: fixmycar-frontend
2024-04-25T11:44:11.0143685Z 9 | ports:
2024-04-25T11:44:11.0144060Z 10 | - name: fixmycar-frontend-port
2024-04-25T11:44:11.0144515Z 11 | protocol: TCP
2024-04-25T11:44:11.0144968Z 12 | port: 80
2024-04-25T11:44:11.0145291Z 13 | targetPort: 8501
2024-04-25T11:44:11.0145556Z
2024-04-25T11:44:11.0145921Z Check: CKV_K8S_22: "Use read-only filesystem for containers where possible"
2024-04-25T11:44:11.0146768Z FAILED for resource: Deployment.default.fixmycar-frontend
2024-04-25T11:44:11.0147584Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/frontend-deployment.yaml:1-44
2024-04-25T11:44:11.0148834Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-21
2024-04-25T11:44:11.0149636Z
2024-04-25T11:44:11.0149812Z 1 | apiVersion: apps/v1
2024-04-25T11:44:11.0150154Z 2 | kind: Deployment
2024-04-25T11:44:11.0150530Z 3 | metadata:
2024-04-25T11:44:11.0150981Z 4 | name: fixmycar-frontend
2024-04-25T11:44:11.0151345Z 5 | labels:
2024-04-25T11:44:11.0151747Z 6 | app: fixmycar-frontend
2024-04-25T11:44:11.0152223Z 7 | spec:
2024-04-25T11:44:11.0152508Z 8 | replicas: 1
2024-04-25T11:44:11.0152875Z 9 | selector:
2024-04-25T11:44:11.0153278Z 10 | matchLabels:
2024-04-25T11:44:11.0153657Z 11 | app: fixmycar-frontend
2024-04-25T11:44:11.0154094Z 12 | template:
2024-04-25T11:44:11.0154496Z 13 | metadata:
2024-04-25T11:44:11.0154801Z 14 | labels:
2024-04-25T11:44:11.0155217Z 15 | app: fixmycar-frontend
2024-04-25T11:44:11.0155705Z 16 | spec:
2024-04-25T11:44:11.0156019Z 17 | containers:
2024-04-25T11:44:11.0156448Z 18 | - name: fixmycar-frontend
2024-04-25T11:44:11.0157291Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-cloud-sql:latest
2024-04-25T11:44:11.0157967Z 20 | imagePullPolicy: Always
2024-04-25T11:44:11.0158396Z 21 | env:
2024-04-25T11:44:11.0159032Z 22 | - name: BACKEND_URL
2024-04-25T11:44:11.0159730Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080"
2024-04-25T11:44:11.0160351Z 24 | ports:
2024-04-25T11:44:11.0160865Z 25 | - containerPort: 8501
2024-04-25T11:44:11.0161270Z 26 | livenessProbe:
2024-04-25T11:44:11.0161675Z 27 | httpGet:
2024-04-25T11:44:11.0162168Z 28 | path: /_stcore/health
2024-04-25T11:44:11.0162572Z 29 | port: 8501
2024-04-25T11:44:11.0162965Z 30 | scheme: HTTP
2024-04-25T11:44:11.0163458Z 31 | timeoutSeconds: 1
2024-04-25T11:44:11.0163852Z 32 | readinessProbe:
2024-04-25T11:44:11.0164255Z 33 | httpGet:
2024-04-25T11:44:11.0164734Z 34 | path: /_stcore/health
2024-04-25T11:44:11.0165137Z 35 | port: 8501
2024-04-25T11:44:11.0165538Z 36 | scheme: HTTP
2024-04-25T11:44:11.0166034Z 37 | timeoutSeconds: 1
2024-04-25T11:44:11.0166415Z 38 | resources:
2024-04-25T11:44:11.0166800Z 39 | limits:
2024-04-25T11:44:11.0167244Z 40 | cpu: 1
2024-04-25T11:44:11.0167589Z 41 | memory: 2Gi
2024-04-25T11:44:11.0167999Z 42 | requests:
2024-04-25T11:44:11.0168440Z 43 | cpu: 100m
2024-04-25T11:44:11.0168930Z 44 | memory: 745Mi
2024-04-25T11:44:11.0169239Z
2024-04-25T11:44:11.0169478Z Check: CKV_K8S_21: "The default namespace should not be used"
2024-04-25T11:44:11.0170270Z FAILED for resource: Deployment.default.fixmycar-frontend
2024-04-25T11:44:11.0171136Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/frontend-deployment.yaml:1-44
2024-04-25T11:44:11.0172350Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-20
2024-04-25T11:44:11.0173190Z
2024-04-25T11:44:11.0173324Z 1 | apiVersion: apps/v1
2024-04-25T11:44:11.0173723Z 2 | kind: Deployment
2024-04-25T11:44:11.0174043Z 3 | metadata:
2024-04-25T11:44:11.0174495Z 4 | name: fixmycar-frontend
2024-04-25T11:44:11.0174902Z 5 | labels:
2024-04-25T11:44:11.0175243Z 6 | app: fixmycar-frontend
2024-04-25T11:44:11.0175713Z 7 | spec:
2024-04-25T11:44:11.0176796Z 8 | replicas: 1
2024-04-25T11:44:11.0177121Z 9 | selector:
2024-04-25T11:44:11.0177549Z 10 | matchLabels:
2024-04-25T11:44:11.0178044Z 11 | app: fixmycar-frontend
2024-04-25T11:44:11.0178426Z 12 | template:
2024-04-25T11:44:11.0178841Z 13 | metadata:
2024-04-25T11:44:11.0179179Z 14 | labels:
2024-04-25T11:44:11.0179544Z 15 | app: fixmycar-frontend
2024-04-25T11:44:11.0180035Z 16 | spec:
2024-04-25T11:44:11.0180369Z 17 | containers:
2024-04-25T11:44:11.0180760Z 18 | - name: fixmycar-frontend
2024-04-25T11:44:11.0181612Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-cloud-sql:latest
2024-04-25T11:44:11.0182307Z 20 | imagePullPolicy: Always
2024-04-25T11:44:11.0182699Z 21 | env:
2024-04-25T11:44:11.0183184Z 22 | - name: BACKEND_URL
2024-04-25T11:44:11.0183866Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080"
2024-04-25T11:44:11.0184430Z 24 | ports:
2024-04-25T11:44:11.0184935Z 25 | - containerPort: 8501
2024-04-25T11:44:11.0185401Z 26 | livenessProbe:
2024-04-25T11:44:11.0185757Z 27 | httpGet:
2024-04-25T11:44:11.0186237Z 28 | path: /_stcore/health
2024-04-25T11:44:11.0186678Z 29 | port: 8501
2024-04-25T11:44:11.0187057Z 30 | scheme: HTTP
2024-04-25T11:44:11.0187529Z 31 | timeoutSeconds: 1
2024-04-25T11:44:11.0187955Z 32 | readinessProbe:
2024-04-25T11:44:11.0188333Z 33 | httpGet:
2024-04-25T11:44:11.0188793Z 34 | path: /_stcore/health
2024-04-25T11:44:11.0189419Z 35 | port: 8501
2024-04-25T11:44:11.0189793Z 36 | scheme: HTTP
2024-04-25T11:44:11.0190278Z 37 | timeoutSeconds: 1
2024-04-25T11:44:11.0190712Z 38 | resources:
2024-04-25T11:44:11.0191048Z 39 | limits:
2024-04-25T11:44:11.0191476Z 40 | cpu: 1
2024-04-25T11:44:11.0191868Z 41 | memory: 2Gi
2024-04-25T11:44:11.0192229Z 42 | requests:
2024-04-25T11:44:11.0192683Z 43 | cpu: 100m
2024-04-25T11:44:11.0193094Z 44 | memory: 745Mi
2024-04-25T11:44:11.0193342Z
2024-04-25T11:44:11.0193683Z Check: CKV_K8S_37: "Minimize the admission of containers with capabilities assigned"
2024-04-25T11:44:11.0194657Z FAILED for resource: Deployment.default.fixmycar-frontend
2024-04-25T11:44:11.0195506Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/frontend-deployment.yaml:1-44
2024-04-25T11:44:11.0196761Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-34
2024-04-25T11:44:11.0197541Z
2024-04-25T11:44:11.0197693Z 1 | apiVersion: apps/v1
2024-04-25T11:44:11.0198073Z 2 | kind: Deployment
2024-04-25T11:44:11.0198494Z 3 | metadata:
2024-04-25T11:44:11.0198866Z 4 | name: fixmycar-frontend
2024-04-25T11:44:11.0199259Z 5 | labels:
2024-04-25T11:44:11.0199707Z 6 | app: fixmycar-frontend
2024-04-25T11:44:11.0200259Z 7 | spec:
2024-04-25T11:44:11.0200583Z 8 | replicas: 1
2024-04-25T11:44:11.0200981Z 9 | selector:
2024-04-25T11:44:11.0201324Z 10 | matchLabels:
2024-04-25T11:44:11.0201752Z 11 | app: fixmycar-frontend
2024-04-25T11:44:11.0202205Z 12 | template:
2024-04-25T11:44:11.0202547Z 13 | metadata:
2024-04-25T11:44:11.0202884Z 14 | labels:
2024-04-25T11:44:11.0203322Z 15 | app: fixmycar-frontend
2024-04-25T11:44:11.0203738Z 16 | spec:
2024-04-25T11:44:11.0204069Z 17 | containers:
2024-04-25T11:44:11.0204541Z 18 | - name: fixmycar-frontend
2024-04-25T11:44:11.0205303Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-cloud-sql:latest
2024-04-25T11:44:11.0206014Z 20 | imagePullPolicy: Always
2024-04-25T11:44:11.0206469Z 21 | env:
2024-04-25T11:44:11.0206876Z 22 | - name: BACKEND_URL
2024-04-25T11:44:11.0207565Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080"
2024-04-25T11:44:11.0208198Z 24 | ports:
2024-04-25T11:44:11.0208623Z 25 | - containerPort: 8501
2024-04-25T11:44:11.0209077Z 26 | livenessProbe:
2024-04-25T11:44:11.0209503Z 27 | httpGet:
2024-04-25T11:44:11.0209907Z 28 | path: /_stcore/health
2024-04-25T11:44:11.0210364Z 29 | port: 8501
2024-04-25T11:44:11.0210787Z 30 | scheme: HTTP
2024-04-25T11:44:11.0211202Z 31 | timeoutSeconds: 1
2024-04-25T11:44:11.0211657Z 32 | readinessProbe:
2024-04-25T11:44:11.0212123Z 33 | httpGet:
2024-04-25T11:44:11.0212536Z 34 | path: /_stcore/health
2024-04-25T11:44:11.0212977Z 35 | port: 8501
2024-04-25T11:44:11.0213395Z 36 | scheme: HTTP
2024-04-25T11:44:11.0213829Z 37 | timeoutSeconds: 1
2024-04-25T11:44:11.0214243Z 38 | resources:
2024-04-25T11:44:11.0214659Z 39 | limits:
2024-04-25T11:44:11.0215048Z 40 | cpu: 1
2024-04-25T11:44:11.0215422Z 41 | memory: 2Gi
2024-04-25T11:44:11.0216112Z 42 | requests:
2024-04-25T11:44:11.0216546Z 43 | cpu: 100m
2024-04-25T11:44:11.0216939Z 44 | memory: 745Mi
2024-04-25T11:44:11.0217188Z
2024-04-25T11:44:11.0217634Z Check: CKV_K8S_40: "Containers should run as a high UID to avoid host conflict"
2024-04-25T11:44:11.0218405Z FAILED for resource: Deployment.default.fixmycar-frontend
2024-04-25T11:44:11.0219411Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/frontend-deployment.yaml:1-44
2024-04-25T11:44:11.0220773Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-37
2024-04-25T11:44:11.0221526Z
2024-04-25T11:44:11.0221669Z 1 | apiVersion: apps/v1
2024-04-25T11:44:11.0222053Z 2 | kind: Deployment
2024-04-25T11:44:11.0222496Z 3 | metadata:
2024-04-25T11:44:11.0222854Z 4 | name: fixmycar-frontend
2024-04-25T11:44:11.0223249Z 5 | labels:
2024-04-25T11:44:11.0223720Z 6 | app: fixmycar-frontend
2024-04-25T11:44:11.0224088Z 7 | spec:
2024-04-25T11:44:11.0224429Z 8 | replicas: 1
2024-04-25T11:44:11.0224837Z 9 | selector:
2024-04-25T11:44:11.0225140Z 10 | matchLabels:
2024-04-25T11:44:11.0225573Z 11 | app: fixmycar-frontend
2024-04-25T11:44:11.0226055Z 12 | template:
2024-04-25T11:44:11.0226354Z 13 | metadata:
2024-04-25T11:44:11.0226710Z 14 | labels:
2024-04-25T11:44:11.0227182Z 15 | app: fixmycar-frontend
2024-04-25T11:44:11.0227568Z 16 | spec:
2024-04-25T11:44:11.0227919Z 17 | containers:
2024-04-25T11:44:11.0228413Z 18 | - name: fixmycar-frontend
2024-04-25T11:44:11.0229139Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-cloud-sql:latest
2024-04-25T11:44:11.0229851Z 20 | imagePullPolicy: Always
2024-04-25T11:44:11.0230512Z 21 | env:
2024-04-25T11:44:11.0230907Z 22 | - name: BACKEND_URL
2024-04-25T11:44:11.0231579Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080"
2024-04-25T11:44:11.0232250Z 24 | ports:
2024-04-25T11:44:11.0232651Z 25 | - containerPort: 8501
2024-04-25T11:44:11.0233091Z 26 | livenessProbe:
2024-04-25T11:44:11.0233564Z 27 | httpGet:
2024-04-25T11:44:11.0233944Z 28 | path: /_stcore/health
2024-04-25T11:44:11.0234385Z 29 | port: 8501
2024-04-25T11:44:11.0234872Z 30 | scheme: HTTP
2024-04-25T11:44:11.0235251Z 31 | timeoutSeconds: 1
2024-04-25T11:44:11.0235679Z 32 | readinessProbe:
2024-04-25T11:44:11.0236153Z 33 | httpGet:
2024-04-25T11:44:11.0236515Z 34 | path: /_stcore/health
2024-04-25T11:44:11.0236954Z 35 | port: 8501
2024-04-25T11:44:11.0237429Z 36 | scheme: HTTP
2024-04-25T11:44:11.0237809Z 37 | timeoutSeconds: 1
2024-04-25T11:44:11.0238223Z 38 | resources:
2024-04-25T11:44:11.0238676Z 39 | limits:
2024-04-25T11:44:11.0239009Z 40 | cpu: 1
2024-04-25T11:44:11.0239383Z 41 | memory: 2Gi
2024-04-25T11:44:11.0239852Z 42 | requests:
2024-04-25T11:44:11.0240194Z 43 | cpu: 100m
2024-04-25T11:44:11.0240581Z 44 | memory: 745Mi
2024-04-25T11:44:11.0240845Z
2024-04-25T11:44:11.0241225Z Check: CKV_K8S_29: "Apply security context to your pods and containers"
2024-04-25T11:44:11.0241940Z FAILED for resource: Deployment.default.fixmycar-frontend
2024-04-25T11:44:11.0242809Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/frontend-deployment.yaml:1-44
2024-04-25T11:44:11.0244429Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-securitycontext-is-applied-to-pods-and-containers
2024-04-25T11:44:11.0245448Z
2024-04-25T11:44:11.0245617Z 1 | apiVersion: apps/v1
2024-04-25T11:44:11.0245977Z 2 | kind: Deployment
2024-04-25T11:44:11.0246399Z 3 | metadata:
2024-04-25T11:44:11.0246783Z 4 | name: fixmycar-frontend
2024-04-25T11:44:11.0247163Z 5 | labels:
2024-04-25T11:44:11.0247610Z 6 | app: fixmycar-frontend
2024-04-25T11:44:11.0248008Z 7 | spec:
2024-04-25T11:44:11.0248311Z 8 | replicas: 1
2024-04-25T11:44:11.0248724Z 9 | selector:
2024-04-25T11:44:11.0249087Z 10 | matchLabels:
2024-04-25T11:44:11.0249590Z 11 | app: fixmycar-frontend
2024-04-25T11:44:11.0250084Z 12 | template:
2024-04-25T11:44:11.0250405Z 13 | metadata:
2024-04-25T11:44:11.0250748Z 14 | labels:
2024-04-25T11:44:11.0251214Z 15 | app: fixmycar-frontend
2024-04-25T11:44:11.0251614Z 16 | spec:
2024-04-25T11:44:11.0251962Z 17 | containers:
2024-04-25T11:44:11.0252459Z 18 | - name: fixmycar-frontend
2024-04-25T11:44:11.0253205Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-cloud-sql:latest
2024-04-25T11:44:11.0253902Z 20 | imagePullPolicy: Always
2024-04-25T11:44:11.0254416Z 21 | env:
2024-04-25T11:44:11.0254822Z 22 | - name: BACKEND_URL
2024-04-25T11:44:11.0255455Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080"
2024-04-25T11:44:11.0256424Z 24 | ports:
2024-04-25T11:44:11.0256866Z 25 | - containerPort: 8501
2024-04-25T11:44:11.0257267Z 26 | livenessProbe:
2024-04-25T11:44:11.0257765Z 27 | httpGet:
2024-04-25T11:44:11.0258163Z 28 | path: /_stcore/health
2024-04-25T11:44:11.0258568Z 29 | port: 8501
2024-04-25T11:44:11.0259057Z 30 | scheme: HTTP
2024-04-25T11:44:11.0259471Z 31 | timeoutSeconds: 1
2024-04-25T11:44:11.0259861Z 32 | readinessProbe:
2024-04-25T11:44:11.0260339Z 33 | httpGet:
2024-04-25T11:44:11.0261435Z 34 | path: /_stcore/health
2024-04-25T11:44:11.0262046Z 35 | port: 8501
2024-04-25T11:44:11.0262563Z 36 | scheme: HTTP
2024-04-25T11:44:11.0262977Z 37 | timeoutSeconds: 1
2024-04-25T11:44:11.0263381Z 38 | resources:
2024-04-25T11:44:11.0263853Z 39 | limits:
2024-04-25T11:44:11.0264270Z 40 | cpu: 1
2024-04-25T11:44:11.0264810Z 41 | memory: 2Gi
2024-04-25T11:44:11.0265429Z 42 | requests:
2024-04-25T11:44:11.0265979Z 43 | cpu: 100m
2024-04-25T11:44:11.0266425Z 44 | memory: 745Mi
2024-04-25T11:44:11.0266832Z
2024-04-25T11:44:11.0267141Z Check: CKV_K8S_30: "Apply security context to your containers"
2024-04-25T11:44:11.0268008Z FAILED for resource: Deployment.default.fixmycar-frontend
2024-04-25T11:44:11.0268954Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/frontend-deployment.yaml:1-44
2024-04-25T11:44:11.0270321Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-28
2024-04-25T11:44:11.0271059Z
2024-04-25T11:44:11.0271253Z 1 | apiVersion: apps/v1
2024-04-25T11:44:11.0271605Z 2 | kind: Deployment
2024-04-25T11:44:11.0272035Z 3 | metadata:
2024-04-25T11:44:11.0272452Z 4 | name: fixmycar-frontend
2024-04-25T11:44:11.0272812Z 5 | labels:
2024-04-25T11:44:11.0273268Z 6 | app: fixmycar-frontend
2024-04-25T11:44:11.0273685Z 7 | spec:
2024-04-25T11:44:11.0273976Z 8 | replicas: 1
2024-04-25T11:44:11.0274394Z 9 | selector:
2024-04-25T11:44:11.0274751Z 10 | matchLabels:
2024-04-25T11:44:11.0275126Z 11 | app: fixmycar-frontend
2024-04-25T11:44:11.0275620Z 12 | template:
2024-04-25T11:44:11.0275950Z 13 | metadata:
2024-04-25T11:44:11.0276252Z 14 | labels:
2024-04-25T11:44:11.0276731Z 15 | app: fixmycar-frontend
2024-04-25T11:44:11.0277148Z 16 | spec:
2024-04-25T11:44:11.0277450Z 17 | containers:
2024-04-25T11:44:11.0277969Z 18 | - name: fixmycar-frontend
2024-04-25T11:44:11.0278779Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-cloud-sql:latest
2024-04-25T11:44:11.0279435Z 20 | imagePullPolicy: Always
2024-04-25T11:44:11.0279960Z 21 | env:
2024-04-25T11:44:11.0280366Z 22 | - name: BACKEND_URL
2024-04-25T11:44:11.0281005Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080"
2024-04-25T11:44:11.0281692Z 24 | ports:
2024-04-25T11:44:11.0282306Z 25 | - containerPort: 8501
2024-04-25T11:44:11.0282744Z 26 | livenessProbe:
2024-04-25T11:44:11.0283216Z 27 | httpGet:
2024-04-25T11:44:11.0283620Z 28 | path: /_stcore/health
2024-04-25T11:44:11.0284047Z 29 | port: 8501
2024-04-25T11:44:11.0284512Z 30 | scheme: HTTP
2024-04-25T11:44:11.0284932Z 31 | timeoutSeconds: 1
2024-04-25T11:44:11.0285344Z 32 | readinessProbe:
2024-04-25T11:44:11.0285808Z 33 | httpGet:
2024-04-25T11:44:11.0286226Z 34 | path: /_stcore/health
2024-04-25T11:44:11.0286627Z 35 | port: 8501
2024-04-25T11:44:11.0287094Z 36 | scheme: HTTP
2024-04-25T11:44:11.0287526Z 37 | timeoutSeconds: 1
2024-04-25T11:44:11.0287903Z 38 | resources:
2024-04-25T11:44:11.0288345Z 39 | limits:
2024-04-25T11:44:11.0288729Z 40 | cpu: 1
2024-04-25T11:44:11.0289071Z 41 | memory: 2Gi
2024-04-25T11:44:11.0289528Z 42 | requests:
2024-04-25T11:44:11.0289923Z 43 | cpu: 100m
2024-04-25T11:44:11.0290279Z 44 | memory: 745Mi
2024-04-25T11:44:11.0290631Z
2024-04-25T11:44:11.0290800Z Check: CKV_K8S_43: "Image should use digest"
2024-04-25T11:44:11.0291464Z FAILED for resource: Deployment.default.fixmycar-frontend
2024-04-25T11:44:11.0292468Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/frontend-deployment.yaml:1-44
2024-04-25T11:44:11.0293890Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-39
2024-04-25T11:44:11.0294707Z
2024-04-25T11:44:11.0294847Z 1 | apiVersion: apps/v1
2024-04-25T11:44:11.0295245Z 2 | kind: Deployment
2024-04-25T11:44:11.0295664Z 3 | metadata:
2024-04-25T11:44:11.0296370Z 4 | name: fixmycar-frontend
2024-04-25T11:44:11.0296788Z 5 | labels:
2024-04-25T11:44:11.0297261Z 6 | app: fixmycar-frontend
2024-04-25T11:44:11.0297679Z 7 | spec:
2024-04-25T11:44:11.0298032Z 8 | replicas: 1
2024-04-25T11:44:11.0298432Z 9 | selector:
2024-04-25T11:44:11.0298785Z 10 | matchLabels:
2024-04-25T11:44:11.0299182Z 11 | app: fixmycar-frontend
2024-04-25T11:44:11.0299692Z 12 | template:
2024-04-25T11:44:11.0300041Z 13 | metadata:
2024-04-25T11:44:11.0300373Z 14 | labels:
2024-04-25T11:44:11.0300862Z 15 | app: fixmycar-frontend
2024-04-25T11:44:11.0301305Z 16 | spec:
2024-04-25T11:44:11.0301635Z 17 | containers:
2024-04-25T11:44:11.0302155Z 18 | - name: fixmycar-frontend
2024-04-25T11:44:11.0302947Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-cloud-sql:latest
2024-04-25T11:44:11.0303655Z 20 | imagePullPolicy: Always
2024-04-25T11:44:11.0304170Z 21 | env:
2024-04-25T11:44:11.0304588Z 22 | - name: BACKEND_URL
2024-04-25T11:44:11.0305313Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080"
2024-04-25T11:44:11.0305994Z 24 | ports:
2024-04-25T11:44:11.0306455Z 25 | - containerPort: 8501
2024-04-25T11:44:11.0306917Z 26 | livenessProbe:
2024-04-25T11:44:11.0307371Z 27 | httpGet:
2024-04-25T11:44:11.0307802Z 28 | path: /_stcore/health
2024-04-25T11:44:11.0308264Z 29 | port: 8501
2024-04-25T11:44:11.0308729Z 30 | scheme: HTTP
2024-04-25T11:44:11.0309180Z 31 | timeoutSeconds: 1
2024-04-25T11:44:11.0309624Z 32 | readinessProbe:
2024-04-25T11:44:11.0310072Z 33 | httpGet:
2024-04-25T11:44:11.0310500Z 34 | path: /_stcore/health
2024-04-25T11:44:11.0310958Z 35 | port: 8501
2024-04-25T11:44:11.0311401Z 36 | scheme: HTTP
2024-04-25T11:44:11.0311847Z 37 | timeoutSeconds: 1
2024-04-25T11:44:11.0312281Z 38 | resources:
2024-04-25T11:44:11.0312896Z 39 | limits:
2024-04-25T11:44:11.0313284Z 40 | cpu: 1
2024-04-25T11:44:11.0313673Z 41 | memory: 2Gi
2024-04-25T11:44:11.0314142Z 42 | requests:
2024-04-25T11:44:11.0314540Z 43 | cpu: 100m
2024-04-25T11:44:11.0314945Z 44 | memory: 745Mi
2024-04-25T11:44:11.0315319Z
2024-04-25T11:44:11.0315738Z Check: CKV_K8S_31: "Ensure that the seccomp profile is set to docker/default or runtime/default"
2024-04-25T11:44:11.0316654Z FAILED for resource: Deployment.default.fixmycar-frontend
2024-04-25T11:44:11.0317562Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/frontend-deployment.yaml:1-44
2024-04-25T11:44:11.0318921Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-29
2024-04-25T11:44:11.0319742Z
2024-04-25T11:44:11.0319885Z 1 | apiVersion: apps/v1
2024-04-25T11:44:11.0320304Z 2 | kind: Deployment
2024-04-25T11:44:11.0320719Z 3 | metadata:
2024-04-25T11:44:11.0321124Z 4 | name: fixmycar-frontend
2024-04-25T11:44:11.0321555Z 5 | labels:
2024-04-25T11:44:11.0321985Z 6 | app: fixmycar-frontend
2024-04-25T11:44:11.0322396Z 7 | spec:
2024-04-25T11:44:11.0322734Z 8 | replicas: 1
2024-04-25T11:44:11.0323129Z 9 | selector:
2024-04-25T11:44:11.0323472Z 10 | matchLabels:
2024-04-25T11:44:11.0323905Z 11 | app: fixmycar-frontend
2024-04-25T11:44:11.0324505Z 12 | template:
2024-04-25T11:44:11.0324858Z 13 | metadata:
2024-04-25T11:44:11.0325197Z 14 | labels:
2024-04-25T11:44:11.0325621Z 15 | app: fixmycar-frontend
2024-04-25T11:44:11.0326055Z 16 | spec:
2024-04-25T11:44:11.0326392Z 17 | containers:
2024-04-25T11:44:11.0326853Z 18 | - name: fixmycar-frontend
2024-04-25T11:44:11.0327627Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-cloud-sql:latest
2024-04-25T11:44:11.0328315Z 20 | imagePullPolicy: Always
2024-04-25T11:44:11.0328783Z 21 | env:
2024-04-25T11:44:11.0329201Z 22 | - name: BACKEND_URL
2024-04-25T11:44:11.0329866Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080"
2024-04-25T11:44:11.0330493Z 24 | ports:
2024-04-25T11:44:11.0330927Z 25 | - containerPort: 8501
2024-04-25T11:44:11.0331369Z 26 | livenessProbe:
2024-04-25T11:44:11.0331815Z 27 | httpGet:
2024-04-25T11:44:11.0332216Z 28 | path: /_stcore/health
2024-04-25T11:44:11.0332657Z 29 | port: 8501
2024-04-25T11:44:11.0333102Z 30 | scheme: HTTP
2024-04-25T11:44:11.0333582Z 31 | timeoutSeconds: 1
2024-04-25T11:44:11.0334007Z 32 | readinessProbe:
2024-04-25T11:44:11.0334459Z 33 | httpGet:
2024-04-25T11:44:11.0334856Z 34 | path: /_stcore/health
2024-04-25T11:44:11.0335292Z 35 | port: 8501
2024-04-25T11:44:11.0335733Z 36 | scheme: HTTP
2024-04-25T11:44:11.0336458Z 37 | timeoutSeconds: 1
2024-04-25T11:44:11.0336898Z 38 | resources:
2024-04-25T11:44:11.0337301Z 39 | limits:
2024-04-25T11:44:11.0337666Z 40 | cpu: 1
2024-04-25T11:44:11.0338059Z 41 | memory: 2Gi
2024-04-25T11:44:11.0338474Z 42 | requests:
2024-04-25T11:44:11.0338936Z 43 | cpu: 100m
2024-04-25T11:44:11.0339347Z 44 | memory: 745Mi
2024-04-25T11:44:11.0339657Z
2024-04-25T11:44:11.0340002Z Check: CKV_K8S_28: "Minimize the admission of containers with the NET_RAW capability"
2024-04-25T11:44:11.0340818Z FAILED for resource: Deployment.default.fixmycar-frontend
2024-04-25T11:44:11.0341678Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/frontend-deployment.yaml:1-44
2024-04-25T11:44:11.0342988Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-27
2024-04-25T11:44:11.0343895Z
2024-04-25T11:44:11.0344057Z 1 | apiVersion: apps/v1
2024-04-25T11:44:11.0344442Z 2 | kind: Deployment
2024-04-25T11:44:11.0344869Z 3 | metadata:
2024-04-25T11:44:11.0345241Z 4 | name: fixmycar-frontend
2024-04-25T11:44:11.0345634Z 5 | labels:
2024-04-25T11:44:11.0346168Z 6 | app: fixmycar-frontend
2024-04-25T11:44:11.0346547Z 7 | spec:
2024-04-25T11:44:11.0346866Z 8 | replicas: 1
2024-04-25T11:44:11.0347284Z 9 | selector:
2024-04-25T11:44:11.0347600Z 10 | matchLabels:
2024-04-25T11:44:11.0348013Z 11 | app: fixmycar-frontend
2024-04-25T11:44:11.0348503Z 12 | template:
2024-04-25T11:44:11.0348799Z 13 | metadata:
2024-04-25T11:44:11.0349139Z 14 | labels:
2024-04-25T11:44:11.0349613Z 15 | app: fixmycar-frontend
2024-04-25T11:44:11.0349997Z 16 | spec:
2024-04-25T11:44:11.0350327Z 17 | containers:
2024-04-25T11:44:11.0350881Z 18 | - name: fixmycar-frontend
2024-04-25T11:44:11.0351638Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-cloud-sql:latest
2024-04-25T11:44:11.0352330Z 20 | imagePullPolicy: Always
2024-04-25T11:44:11.0352837Z 21 | env:
2024-04-25T11:44:11.0353207Z 22 | - name: BACKEND_URL
2024-04-25T11:44:11.0353880Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080"
2024-04-25T11:44:11.0354740Z 24 | ports:
2024-04-25T11:44:11.0355135Z 25 | - containerPort: 8501
2024-04-25T11:44:11.0355596Z 26 | livenessProbe:
2024-04-25T11:44:11.0356059Z 27 | httpGet:
2024-04-25T11:44:11.0356420Z 28 | path: /_stcore/health
2024-04-25T11:44:11.0356959Z 29 | port: 8501
2024-04-25T11:44:11.0357424Z 30 | scheme: HTTP
2024-04-25T11:44:11.0357804Z 31 | timeoutSeconds: 1
2024-04-25T11:44:11.0358248Z 32 | readinessProbe:
2024-04-25T11:44:11.0358712Z 33 | httpGet:
2024-04-25T11:44:11.0359075Z 34 | path: /_stcore/health
2024-04-25T11:44:11.0359531Z 35 | port: 8501
2024-04-25T11:44:11.0359993Z 36 | scheme: HTTP
2024-04-25T11:44:11.0360368Z 37 | timeoutSeconds: 1
2024-04-25T11:44:11.0360809Z 38 | resources:
2024-04-25T11:44:11.0361252Z 39 | limits:
2024-04-25T11:44:11.0361594Z 40 | cpu: 1
2024-04-25T11:44:11.0362056Z 41 | memory: 2Gi
2024-04-25T11:44:11.0362511Z 42 | requests:
2024-04-25T11:44:11.0362865Z 43 | cpu: 100m
2024-04-25T11:44:11.0363256Z 44 | memory: 745Mi
2024-04-25T11:44:11.0363566Z
2024-04-25T11:44:11.0363932Z Check: CKV_K8S_14: "Image Tag should be fixed - not latest or blank"
2024-04-25T11:44:11.0364640Z FAILED for resource: Deployment.default.fixmycar-frontend
2024-04-25T11:44:11.0365483Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/frontend-deployment.yaml:1-44
2024-04-25T11:44:11.0366807Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-13
2024-04-25T11:44:11.0367565Z
2024-04-25T11:44:11.0367698Z 1 | apiVersion: apps/v1
2024-04-25T11:44:11.0368078Z 2 | kind: Deployment
2024-04-25T11:44:11.0368530Z 3 | metadata:
2024-04-25T11:44:11.0368880Z 4 | name: fixmycar-frontend
2024-04-25T11:44:11.0369364Z 5 | labels:
2024-04-25T11:44:11.0369845Z 6 | app: fixmycar-frontend
2024-04-25T11:44:11.0370208Z 7 | spec:
2024-04-25T11:44:11.0370529Z 8 | replicas: 1
2024-04-25T11:44:11.0370969Z 9 | selector:
2024-04-25T11:44:11.0371274Z 10 | matchLabels:
2024-04-25T11:44:11.0371687Z 11 | app: fixmycar-frontend
2024-04-25T11:44:11.0372182Z 12 | template:
2024-04-25T11:44:11.0372481Z 13 | metadata:
2024-04-25T11:44:11.0372820Z 14 | labels:
2024-04-25T11:44:11.0373299Z 15 | app: fixmycar-frontend
2024-04-25T11:44:11.0373679Z 16 | spec:
2024-04-25T11:44:11.0374229Z 17 | containers:
2024-04-25T11:44:11.0374747Z 18 | - name: fixmycar-frontend
2024-04-25T11:44:11.0375462Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-cloud-sql:latest
2024-04-25T11:44:11.0376433Z 20 | imagePullPolicy: Always
2024-04-25T11:44:11.0376959Z 21 | env:
2024-04-25T11:44:11.0377339Z 22 | - name: BACKEND_URL
2024-04-25T11:44:11.0378039Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080"
2024-04-25T11:44:11.0378737Z 24 | ports:
2024-04-25T11:44:11.0379130Z 25 | - containerPort: 8501
2024-04-25T11:44:11.0379592Z 26 | livenessProbe:
2024-04-25T11:44:11.0380054Z 27 | httpGet:
2024-04-25T11:44:11.0380497Z 28 | path: /_stcore/health
2024-04-25T11:44:11.0380962Z 29 | port: 8501
2024-04-25T11:44:11.0381424Z 30 | scheme: HTTP
2024-04-25T11:44:11.0381824Z 31 | timeoutSeconds: 1
2024-04-25T11:44:11.0382255Z 32 | readinessProbe:
2024-04-25T11:44:11.0382720Z 33 | httpGet:
2024-04-25T11:44:11.0383096Z 34 | path: /_stcore/health
2024-04-25T11:44:11.0383536Z 35 | port: 8501
2024-04-25T11:44:11.0383994Z 36 | scheme: HTTP
2024-04-25T11:44:11.0384390Z 37 | timeoutSeconds: 1
2024-04-25T11:44:11.0384987Z 38 | resources:
2024-04-25T11:44:11.0385448Z 39 | limits:
2024-04-25T11:44:11.0385859Z 40 | cpu: 1
2024-04-25T11:44:11.0386234Z 41 | memory: 2Gi
2024-04-25T11:44:11.0386733Z 42 | requests:
2024-04-25T11:44:11.0387076Z 43 | cpu: 100m
2024-04-25T11:44:11.0387469Z 44 | memory: 745Mi
2024-04-25T11:44:11.0387788Z
2024-04-25T11:44:11.0388154Z Check: CKV_K8S_20: "Containers should not run with allowPrivilegeEscalation"
2024-04-25T11:44:11.0388904Z FAILED for resource: Deployment.default.fixmycar-frontend
2024-04-25T11:44:11.0389753Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/frontend-deployment.yaml:1-44
2024-04-25T11:44:11.0391074Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-19
2024-04-25T11:44:11.0391811Z
2024-04-25T11:44:11.0391980Z 1 | apiVersion: apps/v1
2024-04-25T11:44:11.0392329Z 2 | kind: Deployment
2024-04-25T11:44:11.0392852Z 3 | metadata:
2024-04-25T11:44:11.0393235Z 4 | name: fixmycar-frontend
2024-04-25T11:44:11.0393615Z 5 | labels:
2024-04-25T11:44:11.0394057Z 6 | app: fixmycar-frontend
2024-04-25T11:44:11.0394458Z 7 | spec:
2024-04-25T11:44:11.0394758Z 8 | replicas: 1
2024-04-25T11:44:11.0395166Z 9 | selector:
2024-04-25T11:44:11.0395504Z 10 | matchLabels:
2024-04-25T11:44:11.0395896Z 11 | app: fixmycar-frontend
2024-04-25T11:44:11.0396371Z 12 | template:
2024-04-25T11:44:11.0396707Z 13 | metadata:
2024-04-25T11:44:11.0397033Z 14 | labels:
2024-04-25T11:44:11.0397565Z 15 | app: fixmycar-frontend
2024-04-25T11:44:11.0398002Z 16 | spec:
2024-04-25T11:44:11.0398299Z 17 | containers:
2024-04-25T11:44:11.0398788Z 18 | - name: fixmycar-frontend
2024-04-25T11:44:11.0399559Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-cloud-sql:latest
2024-04-25T11:44:11.0400215Z 20 | imagePullPolicy: Always
2024-04-25T11:44:11.0400722Z 21 | env:
2024-04-25T11:44:11.0401144Z 22 | - name: BACKEND_URL
2024-04-25T11:44:11.0401779Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080"
2024-04-25T11:44:11.0402449Z 24 | ports:
2024-04-25T11:44:11.0402888Z 25 | - containerPort: 8501
2024-04-25T11:44:11.0403291Z 26 | livenessProbe:
2024-04-25T11:44:11.0403837Z 27 | httpGet:
2024-04-25T11:44:11.0404254Z 28 | path: /_stcore/health
2024-04-25T11:44:11.0404808Z 29 | port: 8501
2024-04-25T11:44:11.0405296Z 30 | scheme: HTTP
2024-04-25T11:44:11.0405709Z 31 | timeoutSeconds: 1
2024-04-25T11:44:11.0406147Z 32 | readinessProbe:
2024-04-25T11:44:11.0406625Z 33 | httpGet:
2024-04-25T11:44:11.0407020Z 34 | path: /_stcore/health
2024-04-25T11:44:11.0407426Z 35 | port: 8501
2024-04-25T11:44:11.0407906Z 36 | scheme: HTTP
2024-04-25T11:44:11.0408314Z 37 | timeoutSeconds: 1
2024-04-25T11:44:11.0408781Z 38 | resources:
2024-04-25T11:44:11.0409242Z 39 | limits:
2024-04-25T11:44:11.0409607Z 40 | cpu: 1
2024-04-25T11:44:11.0409958Z 41 | memory: 2Gi
2024-04-25T11:44:11.0410416Z 42 | requests:
2024-04-25T11:44:11.0410793Z 43 | cpu: 100m
2024-04-25T11:44:11.0411164Z 44 | memory: 745Mi
2024-04-25T11:44:11.0411521Z
2024-04-25T11:44:11.0411764Z Check: CKV_K8S_23: "Minimize the admission of root containers"
2024-04-25T11:44:11.0412484Z FAILED for resource: Deployment.default.fixmycar-frontend
2024-04-25T11:44:11.0413312Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/frontend-deployment.yaml:1-44
2024-04-25T11:44:11.0414613Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-22
2024-04-25T11:44:11.0415484Z
2024-04-25T11:44:11.0415673Z 1 | apiVersion: apps/v1
2024-04-25T11:44:11.0416430Z 2 | kind: Deployment
2024-04-25T11:44:11.0416878Z 3 | metadata:
2024-04-25T11:44:11.0417312Z 4 | name: fixmycar-frontend
2024-04-25T11:44:11.0417673Z 5 | labels:
2024-04-25T11:44:11.0418122Z 6 | app: fixmycar-frontend
2024-04-25T11:44:11.0418537Z 7 | spec:
2024-04-25T11:44:11.0418820Z 8 | replicas: 1
2024-04-25T11:44:11.0419254Z 9 | selector:
2024-04-25T11:44:11.0419608Z 10 | matchLabels:
2024-04-25T11:44:11.0419998Z 11 | app: fixmycar-frontend
2024-04-25T11:44:11.0420479Z 12 | template:
2024-04-25T11:44:11.0420905Z 13 | metadata:
2024-04-25T11:44:11.0421204Z 14 | labels:
2024-04-25T11:44:11.0421679Z 15 | app: fixmycar-frontend
2024-04-25T11:44:11.0422107Z 16 | spec:
2024-04-25T11:44:11.0422402Z 17 | containers:
2024-04-25T11:44:11.0422909Z 18 | - name: fixmycar-frontend
2024-04-25T11:44:11.0423662Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-cloud-sql:latest
2024-04-25T11:44:11.0424316Z 20 | imagePullPolicy: Always
2024-04-25T11:44:11.0424836Z 21 | env:
2024-04-25T11:44:11.0425246Z 22 | - name: BACKEND_URL
2024-04-25T11:44:11.0425886Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080"
2024-04-25T11:44:11.0426570Z 24 | ports:
2024-04-25T11:44:11.0427084Z 25 | - containerPort: 8501
2024-04-25T11:44:11.0427490Z 26 | livenessProbe:
2024-04-25T11:44:11.0427967Z 27 | httpGet:
2024-04-25T11:44:11.0428368Z 28 | path: /_stcore/health
2024-04-25T11:44:11.0428769Z 29 | port: 8501
2024-04-25T11:44:11.0429240Z 30 | scheme: HTTP
2024-04-25T11:44:11.0429650Z 31 | timeoutSeconds: 1
2024-04-25T11:44:11.0430060Z 32 | readinessProbe:
2024-04-25T11:44:11.0430517Z 33 | httpGet:
2024-04-25T11:44:11.0430918Z 34 | path: /_stcore/health
2024-04-25T11:44:11.0431351Z 35 | port: 8501
2024-04-25T11:44:11.0431808Z 36 | scheme: HTTP
2024-04-25T11:44:11.0432287Z 37 | timeoutSeconds: 1
2024-04-25T11:44:11.0432680Z 38 | resources:
2024-04-25T11:44:11.0433108Z 39 | limits:
2024-04-25T11:44:11.0433472Z 40 | cpu: 1
2024-04-25T11:44:11.0433827Z 41 | memory: 2Gi
2024-04-25T11:44:11.0434278Z 42 | requests:
2024-04-25T11:44:11.0434836Z 43 | cpu: 100m
2024-04-25T11:44:11.0435203Z 44 | memory: 745Mi
2024-04-25T11:44:11.0435568Z
2024-04-25T11:44:11.0435920Z Check: CKV_K8S_38: "Ensure that Service Account Tokens are only mounted where necessary"
2024-04-25T11:44:11.0436766Z FAILED for resource: Deployment.default.fixmycar-frontend
2024-04-25T11:44:11.0437675Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/frontend-deployment.yaml:1-44
2024-04-25T11:44:11.0438890Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-35
2024-04-25T11:44:11.0439761Z
2024-04-25T11:44:11.0439896Z 1 | apiVersion: apps/v1
2024-04-25T11:44:11.0440336Z 2 | kind: Deployment
2024-04-25T11:44:11.0440660Z 3 | metadata:
2024-04-25T11:44:11.0441061Z 4 | name: fixmycar-frontend
2024-04-25T11:44:11.0441514Z 5 | labels:
2024-04-25T11:44:11.0441874Z 6 | app: fixmycar-frontend
2024-04-25T11:44:11.0442280Z 7 | spec:
2024-04-25T11:44:11.0442666Z 8 | replicas: 1
2024-04-25T11:44:11.0442993Z 9 | selector:
2024-04-25T11:44:11.0443332Z 10 | matchLabels:
2024-04-25T11:44:11.0443808Z 11 | app: fixmycar-frontend
2024-04-25T11:44:11.0444276Z 12 | template:
2024-04-25T11:44:11.0444607Z 13 | metadata:
2024-04-25T11:44:11.0445000Z 14 | labels:
2024-04-25T11:44:11.0445382Z 15 | app: fixmycar-frontend
2024-04-25T11:44:11.0445952Z 16 | spec:
2024-04-25T11:44:11.0446372Z 17 | containers:
2024-04-25T11:44:11.0446766Z 18 | - name: fixmycar-frontend
2024-04-25T11:44:11.0447520Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-cloud-sql:latest
2024-04-25T11:44:11.0448305Z 20 | imagePullPolicy: Always
2024-04-25T11:44:11.0448702Z 21 | env:
2024-04-25T11:44:11.0449105Z 22 | - name: BACKEND_URL
2024-04-25T11:44:11.0449865Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080"
2024-04-25T11:44:11.0450516Z 24 | ports:
2024-04-25T11:44:11.0450938Z 25 | - containerPort: 8501
2024-04-25T11:44:11.0451452Z 26 | livenessProbe:
2024-04-25T11:44:11.0451808Z 27 | httpGet:
2024-04-25T11:44:11.0452229Z 28 | path: /_stcore/health
2024-04-25T11:44:11.0452725Z 29 | port: 8501
2024-04-25T11:44:11.0453212Z 30 | scheme: HTTP
2024-04-25T11:44:11.0453608Z 31 | timeoutSeconds: 1
2024-04-25T11:44:11.0454099Z 32 | readinessProbe:
2024-04-25T11:44:11.0454476Z 33 | httpGet:
2024-04-25T11:44:11.0454867Z 34 | path: /_stcore/health
2024-04-25T11:44:11.0455440Z 35 | port: 8501
2024-04-25T11:44:11.0456158Z 36 | scheme: HTTP
2024-04-25T11:44:11.0456579Z 37 | timeoutSeconds: 1
2024-04-25T11:44:11.0457077Z 38 | resources:
2024-04-25T11:44:11.0457430Z 39 | limits:
2024-04-25T11:44:11.0457791Z 40 | cpu: 1
2024-04-25T11:44:11.0458237Z 41 | memory: 2Gi
2024-04-25T11:44:11.0458614Z 42 | requests:
2024-04-25T11:44:11.0458994Z 43 | cpu: 100m
2024-04-25T11:44:11.0459462Z 44 | memory: 745Mi
2024-04-25T11:44:11.0459711Z
2024-04-25T11:44:11.0459950Z Check: CKV_K8S_21: "The default namespace should not be used"
2024-04-25T11:44:11.0460641Z FAILED for resource: Service.default.fixmycar-backend
2024-04-25T11:44:11.0461653Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/backend-service.yaml:1-12
2024-04-25T11:44:11.0462879Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-20
2024-04-25T11:44:11.0463648Z
2024-04-25T11:44:11.0463775Z 1 | apiVersion: v1
2024-04-25T11:44:11.0464214Z 2 | kind: Service
2024-04-25T11:44:11.0464522Z 3 | metadata:
2024-04-25T11:44:11.0464905Z 4 | name: fixmycar-backend
2024-04-25T11:44:11.0465374Z 5 | spec:
2024-04-25T11:44:11.0465809Z 6 | selector:
2024-04-25T11:44:11.0466227Z 7 | app: fixmycar-backend
2024-04-25T11:44:11.0466700Z 8 | ports:
2024-04-25T11:44:11.0467024Z 9 | - name: http
2024-04-25T11:44:11.0467471Z 10 | port: 8080
2024-04-25T11:44:11.0467909Z 11 | targetPort: 8080
2024-04-25T11:44:11.0468262Z 12 | type: ClusterIP
2024-04-25T11:44:11.0468528Z
2024-04-25T11:44:11.0468892Z Check: CKV_K8S_22: "Use read-only filesystem for containers where possible"
2024-04-25T11:44:11.0469713Z FAILED for resource: Deployment.default.fixmycar-backend
2024-04-25T11:44:11.0470591Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/backend-deployment.yaml:1-34
2024-04-25T11:44:11.0471836Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-21
2024-04-25T11:44:11.0472664Z
2024-04-25T11:44:11.0472798Z 1 | apiVersion: apps/v1
2024-04-25T11:44:11.0473192Z 2 | kind: Deployment
2024-04-25T11:44:11.0473518Z 3 | metadata:
2024-04-25T11:44:11.0473966Z 4 | name: fixmycar-backend
2024-04-25T11:44:11.0474378Z 5 | labels:
2024-04-25T11:44:11.0474803Z 6 | app: fixmycar-backend
2024-04-25T11:44:11.0475266Z 7 | spec:
2024-04-25T11:44:11.0475602Z 8 | replicas: 1
2024-04-25T11:44:11.0475910Z 9 | selector:
2024-04-25T11:44:11.0476311Z 10 | matchLabels:
2024-04-25T11:44:11.0476736Z 11 | app: fixmycar-backend
2024-04-25T11:44:11.0477262Z 12 | template:
2024-04-25T11:44:11.0477688Z 13 | metadata:
2024-04-25T11:44:11.0478026Z 14 | labels:
2024-04-25T11:44:11.0478438Z 15 | app: fixmycar-backend
2024-04-25T11:44:11.0478936Z 16 | spec:
2024-04-25T11:44:11.0479353Z 17 | containers:
2024-04-25T11:44:11.0479736Z 18 | - name: fixmycar-backend
2024-04-25T11:44:11.0480604Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/backend-vertex-ai-search:latest
2024-04-25T11:44:11.0481335Z 20 | imagePullPolicy: Always
2024-04-25T11:44:11.0481733Z 21 | ports:
2024-04-25T11:44:11.0482229Z 22 | - containerPort: 3100
2024-04-25T11:44:11.0482659Z 23 | resources:
2024-04-25T11:44:11.0482991Z 24 | limits:
2024-04-25T11:44:11.0483438Z 25 | cpu: "1"
2024-04-25T11:44:11.0483831Z 26 | memory: "2Gi"
2024-04-25T11:44:11.0484190Z 27 | env:
2024-04-25T11:44:11.0484673Z 28 | - name: LOG_LEVEL
2024-04-25T11:44:11.0485171Z 29 | value: "debug"
2024-04-25T11:44:11.0485622Z 30 | - name: GCP_PROJECT_ID
2024-04-25T11:44:11.0486177Z 31 | value: "PROJECT-ID"
2024-04-25T11:44:11.0486693Z 32 | - name: VERTEX_AI_DATASTORE_ID
2024-04-25T11:44:11.0487215Z 33 | value: "YOUR-DATASTORE-ID"
2024-04-25T11:44:11.0487774Z 34 | serviceAccountName: fixmycar
2024-04-25T11:44:11.0488061Z
2024-04-25T11:44:11.0488339Z Check: CKV_K8S_21: "The default namespace should not be used"
2024-04-25T11:44:11.0489016Z FAILED for resource: Deployment.default.fixmycar-backend
2024-04-25T11:44:11.0489975Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/backend-deployment.yaml:1-34
2024-04-25T11:44:11.0491238Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-20
2024-04-25T11:44:11.0491989Z
2024-04-25T11:44:11.0492129Z 1 | apiVersion: apps/v1
2024-04-25T11:44:11.0492596Z 2 | kind: Deployment
2024-04-25T11:44:11.0493045Z 3 | metadata:
2024-04-25T11:44:11.0493390Z 4 | name: fixmycar-backend
2024-04-25T11:44:11.0493861Z 5 | labels:
2024-04-25T11:44:11.0494259Z 6 | app: fixmycar-backend
2024-04-25T11:44:11.0494616Z 7 | spec:
2024-04-25T11:44:11.0495010Z 8 | replicas: 1
2024-04-25T11:44:11.0495369Z 9 | selector:
2024-04-25T11:44:11.0495672Z 10 | matchLabels:
2024-04-25T11:44:11.0496439Z 11 | app: fixmycar-backend
2024-04-25T11:44:11.0497031Z 12 | template:
2024-04-25T11:44:11.0497341Z 13 | metadata:
2024-04-25T11:44:11.0497869Z 14 | labels:
2024-04-25T11:44:11.0498271Z 15 | app: fixmycar-backend
2024-04-25T11:44:11.0498651Z 16 | spec:
2024-04-25T11:44:11.0499221Z 17 | containers:
2024-04-25T11:44:11.0499719Z 18 | - name: fixmycar-backend
2024-04-25T11:44:11.0500482Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/backend-vertex-ai-search:latest
2024-04-25T11:44:11.0501330Z 20 | imagePullPolicy: Always
2024-04-25T11:44:11.0501767Z 21 | ports:
2024-04-25T11:44:11.0502159Z 22 | - containerPort: 3100
2024-04-25T11:44:11.0502698Z 23 | resources:
2024-04-25T11:44:11.0503077Z 24 | limits:
2024-04-25T11:44:11.0503412Z 25 | cpu: "1"
2024-04-25T11:44:11.0503951Z 26 | memory: "2Gi"
2024-04-25T11:44:11.0504351Z 27 | env:
2024-04-25T11:44:11.0504714Z 28 | - name: LOG_LEVEL
2024-04-25T11:44:11.0505214Z 29 | value: "debug"
2024-04-25T11:44:11.0505683Z 30 | - name: GCP_PROJECT_ID
2024-04-25T11:44:11.0506158Z 31 | value: "PROJECT-ID"
2024-04-25T11:44:11.0506760Z 32 | - name: VERTEX_AI_DATASTORE_ID
2024-04-25T11:44:11.0507304Z 33 | value: "YOUR-DATASTORE-ID"
2024-04-25T11:44:11.0507773Z 34 | serviceAccountName: fixmycar
2024-04-25T11:44:11.0508352Z
2024-04-25T11:44:11.0508693Z Check: CKV_K8S_37: "Minimize the admission of containers with capabilities assigned"
2024-04-25T11:44:11.0509518Z FAILED for resource: Deployment.default.fixmycar-backend
2024-04-25T11:44:11.0510547Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/backend-deployment.yaml:1-34
2024-04-25T11:44:11.0511779Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-34
2024-04-25T11:44:11.0512543Z
2024-04-25T11:44:11.0512701Z 1 | apiVersion: apps/v1
2024-04-25T11:44:11.0513145Z 2 | kind: Deployment
2024-04-25T11:44:11.0513466Z 3 | metadata:
2024-04-25T11:44:11.0513868Z 4 | name: fixmycar-backend
2024-04-25T11:44:11.0514318Z 5 | labels:
2024-04-25T11:44:11.0514658Z 6 | app: fixmycar-backend
2024-04-25T11:44:11.0515068Z 7 | spec:
2024-04-25T11:44:11.0515449Z 8 | replicas: 1
2024-04-25T11:44:11.0515759Z 9 | selector:
2024-04-25T11:44:11.0516119Z 10 | matchLabels:
2024-04-25T11:44:11.0516668Z 11 | app: fixmycar-backend
2024-04-25T11:44:11.0517039Z 12 | template:
2024-04-25T11:44:11.0517387Z 13 | metadata:
2024-04-25T11:44:11.0517783Z 14 | labels:
2024-04-25T11:44:11.0518159Z 15 | app: fixmycar-backend
2024-04-25T11:44:11.0518570Z 16 | spec:
2024-04-25T11:44:11.0518970Z 17 | containers:
2024-04-25T11:44:11.0519153Z 18 | - name: fixmycar-backend
2024-04-25T11:44:11.0519659Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/backend-vertex-ai-search:latest
2024-04-25T11:44:11.0519847Z 20 | imagePullPolicy: Always
2024-04-25T11:44:11.0519968Z 21 | ports:
2024-04-25T11:44:11.0520153Z 22 | - containerPort: 3100
2024-04-25T11:44:11.0520383Z 23 | resources:
2024-04-25T11:44:11.0520522Z 24 | limits:
2024-04-25T11:44:11.0520646Z 25 | cpu: "1"
2024-04-25T11:44:11.0520814Z 26 | memory: "2Gi"
2024-04-25T11:44:11.0520940Z 27 | env:
2024-04-25T11:44:11.0521110Z 28 | - name: LOG_LEVEL
2024-04-25T11:44:11.0521428Z 29 | value: "debug"
2024-04-25T11:44:11.0521632Z 30 | - name: GCP_PROJECT_ID
2024-04-25T11:44:11.0521812Z 31 | value: "PROJECT-ID"
2024-04-25T11:44:11.0522060Z 32 | - name: VERTEX_AI_DATASTORE_ID
2024-04-25T11:44:11.0522265Z 33 | value: "YOUR-DATASTORE-ID"
2024-04-25T11:44:11.0522455Z 34 | serviceAccountName: fixmycar
2024-04-25T11:44:11.0522601Z
2024-04-25T11:44:11.0523001Z Check: CKV_K8S_40: "Containers should run as a high UID to avoid host conflict"
2024-04-25T11:44:11.0523296Z FAILED for resource: Deployment.default.fixmycar-backend
2024-04-25T11:44:11.0523805Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/backend-deployment.yaml:1-34
2024-04-25T11:44:11.0524500Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-37
2024-04-25T11:44:11.0524510Z
2024-04-25T11:44:11.0524644Z 1 | apiVersion: apps/v1
2024-04-25T11:44:11.0524823Z 2 | kind: Deployment
2024-04-25T11:44:11.0525009Z 3 | metadata:
2024-04-25T11:44:11.0525184Z 4 | name: fixmycar-backend
2024-04-25T11:44:11.0525343Z 5 | labels:
2024-04-25T11:44:11.0525511Z 6 | app: fixmycar-backend
2024-04-25T11:44:11.0525682Z 7 | spec:
2024-04-25T11:44:11.0525805Z 8 | replicas: 1
2024-04-25T11:44:11.0525986Z 9 | selector:
2024-04-25T11:44:11.0526149Z 10 | matchLabels:
2024-04-25T11:44:11.0526321Z 11 | app: fixmycar-backend
2024-04-25T11:44:11.0526443Z 12 | template:
2024-04-25T11:44:11.0526692Z 13 | metadata:
2024-04-25T11:44:11.0526810Z 14 | labels:
2024-04-25T11:44:11.0527054Z 15 | app: fixmycar-backend
2024-04-25T11:44:11.0527206Z 16 | spec:
2024-04-25T11:44:11.0527331Z 17 | containers:
2024-04-25T11:44:11.0527509Z 18 | - name: fixmycar-backend
2024-04-25T11:44:11.0528172Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/backend-vertex-ai-search:latest
2024-04-25T11:44:11.0528322Z 20 | imagePullPolicy: Always
2024-04-25T11:44:11.0528519Z 21 | ports:
2024-04-25T11:44:11.0528744Z 22 | - containerPort: 3100
2024-04-25T11:44:11.0528871Z 23 | resources:
2024-04-25T11:44:11.0529012Z 24 | limits:
2024-04-25T11:44:11.0529173Z 25 | cpu: "1"
2024-04-25T11:44:11.0529303Z 26 | memory: "2Gi"
2024-04-25T11:44:11.0529487Z 27 | env:
2024-04-25T11:44:11.0529692Z 28 | - name: LOG_LEVEL
2024-04-25T11:44:11.0529838Z 29 | value: "debug"
2024-04-25T11:44:11.0530022Z 30 | - name: GCP_PROJECT_ID
2024-04-25T11:44:11.0530241Z 31 | value: "PROJECT-ID"
2024-04-25T11:44:11.0530449Z 32 | - name: VERTEX_AI_DATASTORE_ID
2024-04-25T11:44:11.0530754Z 33 | value: "YOUR-DATASTORE-ID"
2024-04-25T11:44:11.0530907Z 34 | serviceAccountName: fixmycar
2024-04-25T11:44:11.0530913Z
2024-04-25T11:44:11.0531215Z Check: CKV_K8S_29: "Apply security context to your pods and containers"
2024-04-25T11:44:11.0531610Z FAILED for resource: Deployment.default.fixmycar-backend
2024-04-25T11:44:11.0532082Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/backend-deployment.yaml:1-34
2024-04-25T11:44:11.0533090Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-securitycontext-is-applied-to-pods-and-containers
2024-04-25T11:44:11.0533197Z
2024-04-25T11:44:11.0533331Z 1 | apiVersion: apps/v1
2024-04-25T11:44:11.0533475Z 2 | kind: Deployment
2024-04-25T11:44:11.0533629Z 3 | metadata:
2024-04-25T11:44:11.0533803Z 4 | name: fixmycar-backend
2024-04-25T11:44:11.0533920Z 5 | labels:
2024-04-25T11:44:11.0534187Z 6 | app: fixmycar-backend
2024-04-25T11:44:11.0534309Z 7 | spec:
2024-04-25T11:44:11.0534449Z 8 | replicas: 1
2024-04-25T11:44:11.0534604Z 9 | selector:
2024-04-25T11:44:11.0534727Z 10 | matchLabels:
2024-04-25T11:44:11.0534900Z 11 | app: fixmycar-backend
2024-04-25T11:44:11.0535124Z 12 | template:
2024-04-25T11:44:11.0535258Z 13 | metadata:
2024-04-25T11:44:11.0535377Z 14 | labels:
2024-04-25T11:44:11.0535588Z 15 | app: fixmycar-backend
2024-04-25T11:44:11.0535706Z 16 | spec:
2024-04-25T11:44:11.0536120Z 17 | containers:
2024-04-25T11:44:11.0536633Z 18 | - name: fixmycar-backend
2024-04-25T11:44:11.0537136Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/backend-vertex-ai-search:latest
2024-04-25T11:44:11.0537370Z 20 | imagePullPolicy: Always
2024-04-25T11:44:11.0537530Z 21 | ports:
2024-04-25T11:44:11.0537714Z 22 | - containerPort: 3100
2024-04-25T11:44:11.0537838Z 23 | resources:
2024-04-25T11:44:11.0538095Z 24 | limits:
2024-04-25T11:44:11.0538221Z 25 | cpu: "1"
2024-04-25T11:44:11.0538353Z 26 | memory: "2Gi"
2024-04-25T11:44:11.0538515Z 27 | env:
2024-04-25T11:44:11.0538684Z 28 | - name: LOG_LEVEL
2024-04-25T11:44:11.0538867Z 29 | value: "debug"
2024-04-25T11:44:11.0539108Z 30 | - name: GCP_PROJECT_ID
2024-04-25T11:44:11.0539287Z 31 | value: "PROJECT-ID"
2024-04-25T11:44:11.0539532Z 32 | - name: VERTEX_AI_DATASTORE_ID
2024-04-25T11:44:11.0539740Z 33 | value: "YOUR-DATASTORE-ID"
2024-04-25T11:44:11.0539892Z 34 | serviceAccountName: fixmycar
2024-04-25T11:44:11.0539899Z
2024-04-25T11:44:11.0540308Z Check: CKV_K8S_30: "Apply security context to your containers"
2024-04-25T11:44:11.0540670Z FAILED for resource: Deployment.default.fixmycar-backend
2024-04-25T11:44:11.0541149Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/backend-deployment.yaml:1-34
2024-04-25T11:44:11.0542075Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-28
2024-04-25T11:44:11.0542082Z
2024-04-25T11:44:11.0542214Z 1 | apiVersion: apps/v1
2024-04-25T11:44:11.0542394Z 2 | kind: Deployment
2024-04-25T11:44:11.0542512Z 3 | metadata:
2024-04-25T11:44:11.0542754Z 4 | name: fixmycar-backend
2024-04-25T11:44:11.0542984Z 5 | labels:
2024-04-25T11:44:11.0543153Z 6 | app: fixmycar-backend
2024-04-25T11:44:11.0543286Z 7 | spec:
2024-04-25T11:44:11.0543447Z 8 | replicas: 1
2024-04-25T11:44:11.0543564Z 9 | selector:
2024-04-25T11:44:11.0543750Z 10 | matchLabels:
2024-04-25T11:44:11.0543953Z 11 | app: fixmycar-backend
2024-04-25T11:44:11.0544069Z 12 | template:
2024-04-25T11:44:11.0544201Z 13 | metadata:
2024-04-25T11:44:11.0544352Z 14 | labels:
2024-04-25T11:44:11.0544523Z 15 | app: fixmycar-backend
2024-04-25T11:44:11.0544707Z 16 | spec:
2024-04-25T11:44:11.0544866Z 17 | containers:
2024-04-25T11:44:11.0545060Z 18 | - name: fixmycar-backend
2024-04-25T11:44:11.0545521Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/backend-vertex-ai-search:latest
2024-04-25T11:44:11.0545705Z 20 | imagePullPolicy: Always
2024-04-25T11:44:11.0545824Z 21 | ports:
2024-04-25T11:44:11.0546070Z 22 | - containerPort: 3100
2024-04-25T11:44:11.0546232Z 23 | resources:
2024-04-25T11:44:11.0546368Z 24 | limits:
2024-04-25T11:44:11.0546532Z 25 | cpu: "1"
2024-04-25T11:44:11.0546775Z 26 | memory: "2Gi"
2024-04-25T11:44:11.0546895Z 27 | env:
2024-04-25T11:44:11.0547566Z 28 | - name: LOG_LEVEL
2024-04-25T11:44:11.0547757Z 29 | value: "debug"
2024-04-25T11:44:11.0547968Z 30 | - name: GCP_PROJECT_ID
2024-04-25T11:44:11.0548181Z 31 | value: "PROJECT-ID"
2024-04-25T11:44:11.0548395Z 32 | - name: VERTEX_AI_DATASTORE_ID
2024-04-25T11:44:11.0548597Z 33 | value: "YOUR-DATASTORE-ID"
2024-04-25T11:44:11.0548966Z 34 | serviceAccountName: fixmycar
2024-04-25T11:44:11.0548974Z
2024-04-25T11:44:11.0549163Z Check: CKV_K8S_43: "Image should use digest"
2024-04-25T11:44:11.0549471Z FAILED for resource: Deployment.default.fixmycar-backend
2024-04-25T11:44:11.0549982Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/backend-deployment.yaml:1-34
2024-04-25T11:44:11.0550790Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-39
2024-04-25T11:44:11.0550798Z
2024-04-25T11:44:11.0552031Z 1 | apiVersion: apps/v1
2024-04-25T11:44:11.0552192Z 2 | kind: Deployment
2024-04-25T11:44:11.0552317Z 3 | metadata:
2024-04-25T11:44:11.0552542Z 4 | name: fixmycar-backend
2024-04-25T11:44:11.0552658Z 5 | labels:
2024-04-25T11:44:11.0552834Z 6 | app: fixmycar-backend
2024-04-25T11:44:11.0553095Z 7 | spec:
2024-04-25T11:44:11.0553220Z 8 | replicas: 1
2024-04-25T11:44:11.0553338Z 9 | selector:
2024-04-25T11:44:11.0553498Z 10 | matchLabels:
2024-04-25T11:44:11.0553671Z 11 | app: fixmycar-backend
2024-04-25T11:44:11.0553790Z 12 | template:
2024-04-25T11:44:11.0554119Z 13 | metadata:
2024-04-25T11:44:11.0554234Z 14 | labels:
2024-04-25T11:44:11.0554408Z 15 | app: fixmycar-backend
2024-04-25T11:44:11.0554560Z 16 | spec:
2024-04-25T11:44:11.0554689Z 17 | containers:
2024-04-25T11:44:11.0554869Z 18 | - name: fixmycar-backend
2024-04-25T11:44:11.0555449Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/backend-vertex-ai-search:latest
2024-04-25T11:44:11.0555602Z 20 | imagePullPolicy: Always
2024-04-25T11:44:11.0555721Z 21 | ports:
2024-04-25T11:44:11.0555940Z 22 | - containerPort: 3100
2024-04-25T11:44:11.0556228Z 23 | resources:
2024-04-25T11:44:11.0556386Z 24 | limits:
2024-04-25T11:44:11.0556579Z 25 | cpu: "1"
2024-04-25T11:44:11.0556713Z 26 | memory: "2Gi"
2024-04-25T11:44:11.0556865Z 27 | env:
2024-04-25T11:44:11.0557038Z 28 | - name: LOG_LEVEL
2024-04-25T11:44:11.0557185Z 29 | value: "debug"
2024-04-25T11:44:11.0557406Z 30 | - name: GCP_PROJECT_ID
2024-04-25T11:44:11.0557648Z 31 | value: "PROJECT-ID"
2024-04-25T11:44:11.0557863Z 32 | - name: VERTEX_AI_DATASTORE_ID
2024-04-25T11:44:11.0558102Z 33 | value: "YOUR-DATASTORE-ID"
2024-04-25T11:44:11.0558272Z 34 | serviceAccountName: fixmycar
2024-04-25T11:44:11.0558278Z
2024-04-25T11:44:11.0558747Z Check: CKV_K8S_31: "Ensure that the seccomp profile is set to docker/default or runtime/default"
2024-04-25T11:44:11.0559061Z FAILED for resource: Deployment.default.fixmycar-backend
2024-04-25T11:44:11.0559582Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/backend-deployment.yaml:1-34
2024-04-25T11:44:11.0560283Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-29
2024-04-25T11:44:11.0560289Z
2024-04-25T11:44:11.0560422Z 1 | apiVersion: apps/v1
2024-04-25T11:44:11.0560568Z 2 | kind: Deployment
2024-04-25T11:44:11.0560723Z 3 | metadata:
2024-04-25T11:44:11.0560891Z 4 | name: fixmycar-backend
2024-04-25T11:44:11.0561073Z 5 | labels:
2024-04-25T11:44:11.0561285Z 6 | app: fixmycar-backend
2024-04-25T11:44:11.0561416Z 7 | spec:
2024-04-25T11:44:11.0561538Z 8 | replicas: 1
2024-04-25T11:44:11.0561692Z 9 | selector:
2024-04-25T11:44:11.0561815Z 10 | matchLabels:
2024-04-25T11:44:11.0562055Z 11 | app: fixmycar-backend
2024-04-25T11:44:11.0562211Z 12 | template:
2024-04-25T11:44:11.0562349Z 13 | metadata:
2024-04-25T11:44:11.0562473Z 14 | labels:
2024-04-25T11:44:11.0562694Z 15 | app: fixmycar-backend
2024-04-25T11:44:11.0562813Z 16 | spec:
2024-04-25T11:44:11.0563002Z 17 | containers:
2024-04-25T11:44:11.0563239Z 18 | - name: fixmycar-backend
2024-04-25T11:44:11.0563724Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/backend-vertex-ai-search:latest
2024-04-25T11:44:11.0564007Z 20 | imagePullPolicy: Always
2024-04-25T11:44:11.0564128Z 21 | ports:
2024-04-25T11:44:11.0564311Z 22 | - containerPort: 3100
2024-04-25T11:44:11.0564687Z 23 | resources:
2024-04-25T11:44:11.0564818Z 24 | limits:
2024-04-25T11:44:11.0564944Z 25 | cpu: "1"
2024-04-25T11:44:11.0565110Z 26 | memory: "2Gi"
2024-04-25T11:44:11.0565227Z 27 | env:
2024-04-25T11:44:11.0565401Z 28 | - name: LOG_LEVEL
2024-04-25T11:44:11.0565655Z 29 | value: "debug"
2024-04-25T11:44:11.0565844Z 30 | - name: GCP_PROJECT_ID
2024-04-25T11:44:11.0566031Z 31 | value: "PROJECT-ID"
2024-04-25T11:44:11.0566275Z 32 | - name: VERTEX_AI_DATASTORE_ID
2024-04-25T11:44:11.0566483Z 33 | value: "YOUR-DATASTORE-ID"
2024-04-25T11:44:11.0566636Z 34 | serviceAccountName: fixmycar
2024-04-25T11:44:11.0566642Z
2024-04-25T11:44:11.0567104Z Check: CKV_K8S_28: "Minimize the admission of containers with the NET_RAW capability"
2024-04-25T11:44:11.0567399Z FAILED for resource: Deployment.default.fixmycar-backend
2024-04-25T11:44:11.0567909Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/backend-deployment.yaml:1-34
2024-04-25T11:44:11.0568601Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-27
2024-04-25T11:44:11.0568607Z
2024-04-25T11:44:11.0568740Z 1 | apiVersion: apps/v1
2024-04-25T11:44:11.0568986Z 2 | kind: Deployment
2024-04-25T11:44:11.0569108Z 3 | metadata:
2024-04-25T11:44:11.0569533Z 4 | name: fixmycar-backend
2024-04-25T11:44:11.0569687Z 5 | labels:
2024-04-25T11:44:11.0569860Z 6 | app: fixmycar-backend
2024-04-25T11:44:11.0569994Z 7 | spec:
2024-04-25T11:44:11.0570222Z 8 | replicas: 1
2024-04-25T11:44:11.0570344Z 9 | selector:
2024-04-25T11:44:11.0570468Z 10 | matchLabels:
2024-04-25T11:44:11.0570676Z 11 | app: fixmycar-backend
2024-04-25T11:44:11.0570813Z 12 | template:
2024-04-25T11:44:11.0570932Z 13 | metadata:
2024-04-25T11:44:11.0571156Z 14 | labels:
2024-04-25T11:44:11.0571335Z 15 | app: fixmycar-backend
2024-04-25T11:44:11.0571454Z 16 | spec:
2024-04-25T11:44:11.0571613Z 17 | containers:
2024-04-25T11:44:11.0571810Z 18 | - name: fixmycar-backend
2024-04-25T11:44:11.0572322Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/backend-vertex-ai-search:latest
2024-04-25T11:44:11.0572547Z 20 | imagePullPolicy: Always
2024-04-25T11:44:11.0572673Z 21 | ports:
2024-04-25T11:44:11.0572897Z 22 | - containerPort: 3100
2024-04-25T11:44:11.0573039Z 23 | resources:
2024-04-25T11:44:11.0573160Z 24 | limits:
2024-04-25T11:44:11.0573322Z 25 | cpu: "1"
2024-04-25T11:44:11.0573511Z 26 | memory: "2Gi"
2024-04-25T11:44:11.0573630Z 27 | env:
2024-04-25T11:44:11.0573917Z 28 | - name: LOG_LEVEL
2024-04-25T11:44:11.0574065Z 29 | value: "debug"
2024-04-25T11:44:11.0574251Z 30 | - name: GCP_PROJECT_ID
2024-04-25T11:44:11.0574469Z 31 | value: "PROJECT-ID"
2024-04-25T11:44:11.0574737Z 32 | - name: VERTEX_AI_DATASTORE_ID
2024-04-25T11:44:11.0574943Z 33 | value: "YOUR-DATASTORE-ID"
2024-04-25T11:44:11.0575150Z 34 | serviceAccountName: fixmycar
2024-04-25T11:44:11.0575156Z
2024-04-25T11:44:11.0575477Z Check: CKV_K8S_14: "Image Tag should be fixed - not latest or blank"
2024-04-25T11:44:11.0577165Z FAILED for resource: Deployment.default.fixmycar-backend
2024-04-25T11:44:11.0577695Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/backend-deployment.yaml:1-34
2024-04-25T11:44:11.0578530Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-13
2024-04-25T11:44:11.0578538Z
2024-04-25T11:44:11.0578713Z 1 | apiVersion: apps/v1
2024-04-25T11:44:11.0578861Z 2 | kind: Deployment
2024-04-25T11:44:11.0578981Z 3 | metadata:
2024-04-25T11:44:11.0579361Z 4 | name: fixmycar-backend
2024-04-25T11:44:11.0579486Z 5 | labels:
2024-04-25T11:44:11.0579731Z 6 | app: fixmycar-backend
2024-04-25T11:44:11.0579903Z 7 | spec:
2024-04-25T11:44:11.0580027Z 8 | replicas: 1
2024-04-25T11:44:11.0580147Z 9 | selector:
2024-04-25T11:44:11.0580309Z 10 | matchLabels:
2024-04-25T11:44:11.0580485Z 11 | app: fixmycar-backend
2024-04-25T11:44:11.0580746Z 12 | template:
2024-04-25T11:44:11.0580921Z 13 | metadata:
2024-04-25T11:44:11.0581038Z 14 | labels:
2024-04-25T11:44:11.0581213Z 15 | app: fixmycar-backend
2024-04-25T11:44:11.0581372Z 16 | spec:
2024-04-25T11:44:11.0581497Z 17 | containers:
2024-04-25T11:44:11.0581795Z 18 | - name: fixmycar-backend
2024-04-25T11:44:11.0582285Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/backend-vertex-ai-search:latest
2024-04-25T11:44:11.0582440Z 20 | imagePullPolicy: Always
2024-04-25T11:44:11.0582596Z 21 | ports:
2024-04-25T11:44:11.0582784Z 22 | - containerPort: 3100
2024-04-25T11:44:11.0582912Z 23 | resources:
2024-04-25T11:44:11.0583150Z 24 | limits:
2024-04-25T11:44:11.0583275Z 25 | cpu: "1"
2024-04-25T11:44:11.0583406Z 26 | memory: "2Gi"
2024-04-25T11:44:11.0583560Z 27 | env:
2024-04-25T11:44:11.0583732Z 28 | - name: LOG_LEVEL
2024-04-25T11:44:11.0584367Z 29 | value: "debug"
2024-04-25T11:44:11.0584669Z 30 | - name: GCP_PROJECT_ID
2024-04-25T11:44:11.0584853Z 31 | value: "PROJECT-ID"
2024-04-25T11:44:11.0585066Z 32 | - name: VERTEX_AI_DATASTORE_ID
2024-04-25T11:44:11.0585313Z 33 | value: "YOUR-DATASTORE-ID"
2024-04-25T11:44:11.0585485Z 34 | serviceAccountName: fixmycar
2024-04-25T11:44:11.0585491Z
2024-04-25T11:44:11.0585880Z Check: CKV_K8S_8: "Liveness Probe Should be Configured"
2024-04-25T11:44:11.0586172Z FAILED for resource: Deployment.default.fixmycar-backend
2024-04-25T11:44:11.0586647Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/backend-deployment.yaml:1-34
2024-04-25T11:44:11.0587370Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-7
2024-04-25T11:44:11.0587376Z
2024-04-25T11:44:11.0587530Z 1 | apiVersion: apps/v1
2024-04-25T11:44:11.0587661Z 2 | kind: Deployment
2024-04-25T11:44:11.0587883Z 3 | metadata:
2024-04-25T11:44:11.0588055Z 4 | name: fixmycar-backend
2024-04-25T11:44:11.0588170Z 5 | labels:
2024-04-25T11:44:11.0588378Z 6 | app: fixmycar-backend
2024-04-25T11:44:11.0588512Z 7 | spec:
2024-04-25T11:44:11.0588636Z 8 | replicas: 1
2024-04-25T11:44:11.0588854Z 9 | selector:
2024-04-25T11:44:11.0588980Z 10 | matchLabels:
2024-04-25T11:44:11.0589152Z 11 | app: fixmycar-backend
2024-04-25T11:44:11.0589324Z 12 | template:
2024-04-25T11:44:11.0589444Z 13 | metadata:
2024-04-25T11:44:11.0589602Z 14 | labels:
2024-04-25T11:44:11.0589839Z 15 | app: fixmycar-backend
2024-04-25T11:44:11.0589958Z 16 | spec:
2024-04-25T11:44:11.0590117Z 17 | containers:
2024-04-25T11:44:11.0590315Z 18 | - name: fixmycar-backend
2024-04-25T11:44:11.0590804Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/backend-vertex-ai-search:latest
2024-04-25T11:44:11.0591077Z 20 | imagePullPolicy: Always
2024-04-25T11:44:11.0591263Z 21 | ports:
2024-04-25T11:44:11.0591448Z 22 | - containerPort: 3100
2024-04-25T11:44:11.0591625Z 23 | resources:
2024-04-25T11:44:11.0591745Z 24 | limits:
2024-04-25T11:44:11.0591872Z 25 | cpu: "1"
2024-04-25T11:44:11.0592039Z 26 | memory: "2Gi"
2024-04-25T11:44:11.0592220Z 27 | env:
2024-04-25T11:44:11.0592390Z 28 | - name: LOG_LEVEL
2024-04-25T11:44:11.0592576Z 29 | value: "debug"
2024-04-25T11:44:11.0592886Z 30 | - name: GCP_PROJECT_ID
2024-04-25T11:44:11.0593075Z 31 | value: "PROJECT-ID"
2024-04-25T11:44:11.0593413Z 32 | - name: VERTEX_AI_DATASTORE_ID
2024-04-25T11:44:11.0593701Z 33 | value: "YOUR-DATASTORE-ID"
2024-04-25T11:44:11.0593914Z 34 | serviceAccountName: fixmycar
2024-04-25T11:44:11.0593920Z
2024-04-25T11:44:11.0594240Z Check: CKV_K8S_20: "Containers should not run with allowPrivilegeEscalation"
2024-04-25T11:44:11.0594525Z FAILED for resource: Deployment.default.fixmycar-backend
2024-04-25T11:44:11.0595031Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/backend-deployment.yaml:1-34
2024-04-25T11:44:11.0595726Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-19
2024-04-25T11:44:11.0595732Z
2024-04-25T11:44:11.0595951Z 1 | apiVersion: apps/v1
2024-04-25T11:44:11.0596117Z 2 | kind: Deployment
2024-04-25T11:44:11.0596239Z 3 | metadata:
2024-04-25T11:44:11.0596482Z 4 | name: fixmycar-backend
2024-04-25T11:44:11.0596637Z 5 | labels:
2024-04-25T11:44:11.0596808Z 6 | app: fixmycar-backend
2024-04-25T11:44:11.0597018Z 7 | spec:
2024-04-25T11:44:11.0597181Z 8 | replicas: 1
2024-04-25T11:44:11.0597305Z 9 | selector:
2024-04-25T11:44:11.0597464Z 10 | matchLabels:
2024-04-25T11:44:11.0597639Z 11 | app: fixmycar-backend
2024-04-25T11:44:11.0597905Z 12 | template:
2024-04-25T11:44:11.0598132Z 13 | metadata:
2024-04-25T11:44:11.0598251Z 14 | labels:
2024-04-25T11:44:11.0598431Z 15 | app: fixmycar-backend
2024-04-25T11:44:11.0598582Z 16 | spec:
2024-04-25T11:44:11.0598723Z 17 | containers:
2024-04-25T11:44:11.0598902Z 18 | - name: fixmycar-backend
2024-04-25T11:44:11.0599480Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/backend-vertex-ai-search:latest
2024-04-25T11:44:11.0599634Z 20 | imagePullPolicy: Always
2024-04-25T11:44:11.0599757Z 21 | ports:
2024-04-25T11:44:11.0599992Z 22 | - containerPort: 3100
2024-04-25T11:44:11.0600116Z 23 | resources:
2024-04-25T11:44:11.0600239Z 24 | limits:
2024-04-25T11:44:11.0600464Z 25 | cpu: "1"
2024-04-25T11:44:11.0600593Z 26 | memory: "2Gi"
2024-04-25T11:44:11.0600788Z 27 | env:
2024-04-25T11:44:11.0601016Z 28 | - name: LOG_LEVEL
2024-04-25T11:44:11.0601147Z 29 | value: "debug"
2024-04-25T11:44:11.0601331Z 30 | - name: GCP_PROJECT_ID
2024-04-25T11:44:11.0601621Z 31 | value: "PROJECT-ID"
2024-04-25T11:44:11.0601834Z 32 | - name: VERTEX_AI_DATASTORE_ID
2024-04-25T11:44:11.0602095Z 33 | value: "YOUR-DATASTORE-ID"
2024-04-25T11:44:11.0602248Z 34 | serviceAccountName: fixmycar
2024-04-25T11:44:11.0602254Z
2024-04-25T11:44:11.0602499Z Check: CKV_K8S_23: "Minimize the admission of root containers"
2024-04-25T11:44:11.0602887Z FAILED for resource: Deployment.default.fixmycar-backend
2024-04-25T11:44:11.0603363Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/backend-deployment.yaml:1-34
2024-04-25T11:44:11.0604059Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-22
2024-04-25T11:44:11.0604064Z
2024-04-25T11:44:11.0604253Z 1 | apiVersion: apps/v1
2024-04-25T11:44:11.0604380Z 2 | kind: Deployment
2024-04-25T11:44:11.0604497Z 3 | metadata:
2024-04-25T11:44:11.0604770Z 4 | name: fixmycar-backend
2024-04-25T11:44:11.0604886Z 5 | labels:
2024-04-25T11:44:11.0605110Z 6 | app: fixmycar-backend
2024-04-25T11:44:11.0605225Z 7 | spec:
2024-04-25T11:44:11.0605348Z 8 | replicas: 1
2024-04-25T11:44:11.0605503Z 9 | selector:
2024-04-25T11:44:11.0605692Z 10 | matchLabels:
2024-04-25T11:44:11.0605867Z 11 | app: fixmycar-backend
2024-04-25T11:44:11.0606242Z 12 | template:
2024-04-25T11:44:11.0606365Z 13 | metadata:
2024-04-25T11:44:11.0606481Z 14 | labels:
2024-04-25T11:44:11.0606691Z 15 | app: fixmycar-backend
2024-04-25T11:44:11.0606876Z 16 | spec:
2024-04-25T11:44:11.0607021Z 17 | containers:
2024-04-25T11:44:11.0607237Z 18 | - name: fixmycar-backend
2024-04-25T11:44:11.0607711Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/backend-vertex-ai-search:latest
2024-04-25T11:44:11.0607864Z 20 | imagePullPolicy: Always
2024-04-25T11:44:11.0608018Z 21 | ports:
2024-04-25T11:44:11.0608268Z 22 | - containerPort: 3100
2024-04-25T11:44:11.0608410Z 23 | resources:
2024-04-25T11:44:11.0608567Z 24 | limits:
2024-04-25T11:44:11.0608693Z 25 | cpu: "1"
2024-04-25T11:44:11.0608823Z 26 | memory: "2Gi"
2024-04-25T11:44:11.0608979Z 27 | env:
2024-04-25T11:44:11.0609230Z 28 | - name: LOG_LEVEL
2024-04-25T11:44:11.0609360Z 29 | value: "debug"
2024-04-25T11:44:11.0609582Z 30 | - name: GCP_PROJECT_ID
2024-04-25T11:44:11.0609763Z 31 | value: "PROJECT-ID"
2024-04-25T11:44:11.0610008Z 32 | - name: VERTEX_AI_DATASTORE_ID
2024-04-25T11:44:11.0610212Z 33 | value: "YOUR-DATASTORE-ID"
2024-04-25T11:44:11.0610450Z 34 | serviceAccountName: fixmycar
2024-04-25T11:44:11.0610649Z
2024-04-25T11:44:11.0611048Z Check: CKV_K8S_38: "Ensure that Service Account Tokens are only mounted where necessary"
2024-04-25T11:44:11.0611334Z FAILED for resource: Deployment.default.fixmycar-backend
2024-04-25T11:44:11.0611800Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/backend-deployment.yaml:1-34
2024-04-25T11:44:11.0612549Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-35
2024-04-25T11:44:11.0612554Z
2024-04-25T11:44:11.0612690Z 1 | apiVersion: apps/v1
2024-04-25T11:44:11.0612926Z 2 | kind: Deployment
2024-04-25T11:44:11.0613048Z 3 | metadata:
2024-04-25T11:44:11.0613215Z 4 | name: fixmycar-backend
2024-04-25T11:44:11.0613367Z 5 | labels:
2024-04-25T11:44:11.0613553Z 6 | app: fixmycar-backend
2024-04-25T11:44:11.0613669Z 7 | spec:
2024-04-25T11:44:11.0613900Z 8 | replicas: 1
2024-04-25T11:44:11.0614018Z 9 | selector:
2024-04-25T11:44:11.0614147Z 10 | matchLabels:
2024-04-25T11:44:11.0614373Z 11 | app: fixmycar-backend
2024-04-25T11:44:11.0614492Z 12 | template:
2024-04-25T11:44:11.0614609Z 13 | metadata:
2024-04-25T11:44:11.0614825Z 14 | labels:
2024-04-25T11:44:11.0614998Z 15 | app: fixmycar-backend
2024-04-25T11:44:11.0615116Z 16 | spec:
2024-04-25T11:44:11.0615291Z 17 | containers:
2024-04-25T11:44:11.0615471Z 18 | - name: fixmycar-backend
2024-04-25T11:44:11.0616156Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/backend-vertex-ai-search:latest
2024-04-25T11:44:11.0616421Z 20 | imagePullPolicy: Always
2024-04-25T11:44:11.0616540Z 21 | ports:
2024-04-25T11:44:11.0616729Z 22 | - containerPort: 3100
2024-04-25T11:44:11.0616909Z 23 | resources:
2024-04-25T11:44:11.0617032Z 24 | limits:
2024-04-25T11:44:11.0617160Z 25 | cpu: "1"
2024-04-25T11:44:11.0617397Z 26 | memory: "2Gi"
2024-04-25T11:44:11.0617516Z 27 | env:
2024-04-25T11:44:11.0617737Z 28 | - name: LOG_LEVEL
2024-04-25T11:44:11.0617868Z 29 | value: "debug"
2024-04-25T11:44:11.0618052Z 30 | - name: GCP_PROJECT_ID
2024-04-25T11:44:11.0618334Z 31 | value: "PROJECT-ID"
2024-04-25T11:44:11.0618545Z 32 | - name: VERTEX_AI_DATASTORE_ID
2024-04-25T11:44:11.0618750Z 33 | value: "YOUR-DATASTORE-ID"
2024-04-25T11:44:11.0618954Z 34 | serviceAccountName: fixmycar
2024-04-25T11:44:11.0619112Z
2024-04-25T11:44:11.0619341Z Check: CKV_K8S_9: "Readiness Probe Should be Configured"
2024-04-25T11:44:11.0619628Z FAILED for resource: Deployment.default.fixmycar-backend
2024-04-25T11:44:11.0620206Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/backend-deployment.yaml:1-34
2024-04-25T11:44:11.0620892Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-8
2024-04-25T11:44:11.0620904Z
2024-04-25T11:44:11.0621093Z 1 | apiVersion: apps/v1
2024-04-25T11:44:11.0621218Z 2 | kind: Deployment
2024-04-25T11:44:11.0621337Z 3 | metadata:
2024-04-25T11:44:11.0621626Z 4 | name: fixmycar-backend
2024-04-25T11:44:11.0621812Z 5 | labels:
2024-04-25T11:44:11.0622001Z 6 | app: fixmycar-backend
2024-04-25T11:44:11.0622153Z 7 | spec:
2024-04-25T11:44:11.0622275Z 8 | replicas: 1
2024-04-25T11:44:11.0622395Z 9 | selector:
2024-04-25T11:44:11.0622562Z 10 | matchLabels:
2024-04-25T11:44:11.0622802Z 11 | app: fixmycar-backend
2024-04-25T11:44:11.0622939Z 12 | template:
2024-04-25T11:44:11.0623093Z 13 | metadata:
2024-04-25T11:44:11.0623213Z 14 | labels:
2024-04-25T11:44:11.0623392Z 15 | app: fixmycar-backend
2024-04-25T11:44:11.0623543Z 16 | spec:
2024-04-25T11:44:11.0623747Z 17 | containers:
2024-04-25T11:44:11.0623928Z 18 | - name: fixmycar-backend
2024-04-25T11:44:11.0624598Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/backend-vertex-ai-search:latest
2024-04-25T11:44:11.0624747Z 20 | imagePullPolicy: Always
2024-04-25T11:44:11.0624867Z 21 | ports:
2024-04-25T11:44:11.0625105Z 22 | - containerPort: 3100
2024-04-25T11:44:11.0625299Z 23 | resources:
2024-04-25T11:44:11.0625420Z 24 | limits:
2024-04-25T11:44:11.0625582Z 25 | cpu: "1"
2024-04-25T11:44:11.0625787Z 26 | memory: "2Gi"
2024-04-25T11:44:11.0625963Z 27 | env:
2024-04-25T11:44:11.0626134Z 28 | - name: LOG_LEVEL
2024-04-25T11:44:11.0626335Z 29 | value: "debug"
2024-04-25T11:44:11.0626559Z 30 | - name: GCP_PROJECT_ID
2024-04-25T11:44:11.0626736Z 31 | value: "PROJECT-ID"
2024-04-25T11:44:11.0626946Z 32 | - name: VERTEX_AI_DATASTORE_ID
2024-04-25T11:44:11.0627201Z 33 | value: "YOUR-DATASTORE-ID"
2024-04-25T11:44:11.0627359Z 34 | serviceAccountName: fixmycar
2024-04-25T11:44:11.0627364Z
2024-04-25T11:44:11.0627669Z Check: CKV_K8S_21: "The default namespace should not be used"
2024-04-25T11:44:11.0627980Z FAILED for resource: Service.default.fixmycar-frontend
2024-04-25T11:44:11.0628442Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/frontend-service.yaml:1-13
2024-04-25T11:44:11.0629183Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-20
2024-04-25T11:44:11.0629193Z
2024-04-25T11:44:11.0629320Z 1 | apiVersion: v1
2024-04-25T11:44:11.0629443Z 2 | kind: Service
2024-04-25T11:44:11.0629661Z 3 | metadata:
2024-04-25T11:44:11.0629834Z 4 | name: fixmycar-frontend
2024-04-25T11:44:11.0629952Z 5 | spec:
2024-04-25T11:44:11.0630130Z 6 | type: ClusterIP
2024-04-25T11:44:11.0630250Z 7 | selector:
2024-04-25T11:44:11.0630423Z 8 | app: fixmycar-frontend
2024-04-25T11:44:11.0630645Z 9 | ports:
2024-04-25T11:44:11.0630844Z 10 | - name: fixmycar-frontend-port
2024-04-25T11:44:11.0630973Z 11 | protocol: TCP
2024-04-25T11:44:11.0631225Z 12 | port: 80
2024-04-25T11:44:11.0631356Z 13 | targetPort: 8501
2024-04-25T11:44:11.0631362Z
2024-04-25T11:44:11.0631717Z Check: CKV_K8S_22: "Use read-only filesystem for containers where possible"
2024-04-25T11:44:11.0632107Z FAILED for resource: Deployment.default.fixmycar-frontend
2024-04-25T11:44:11.0632708Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/frontend-deployment.yaml:1-44
2024-04-25T11:44:11.0633456Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-21
2024-04-25T11:44:11.0633462Z
2024-04-25T11:44:11.0633593Z 1 | apiVersion: apps/v1
2024-04-25T11:44:11.0633721Z 2 | kind: Deployment
2024-04-25T11:44:11.0633952Z 3 | metadata:
2024-04-25T11:44:11.0634126Z 4 | name: fixmycar-frontend
2024-04-25T11:44:11.0634265Z 5 | labels:
2024-04-25T11:44:11.0634471Z 6 | app: fixmycar-frontend
2024-04-25T11:44:11.0634589Z 7 | spec:
2024-04-25T11:44:11.0634711Z 8 | replicas: 1
2024-04-25T11:44:11.0634936Z 9 | selector:
2024-04-25T11:44:11.0635063Z 10 | matchLabels:
2024-04-25T11:44:11.0635257Z 11 | app: fixmycar-frontend
2024-04-25T11:44:11.0635412Z 12 | template:
2024-04-25T11:44:11.0635532Z 13 | metadata:
2024-04-25T11:44:11.0635648Z 14 | labels:
2024-04-25T11:44:11.0635927Z 15 | app: fixmycar-frontend
2024-04-25T11:44:11.0636066Z 16 | spec:
2024-04-25T11:44:11.0636267Z 17 | containers:
2024-04-25T11:44:11.0636499Z 18 | - name: fixmycar-frontend
2024-04-25T11:44:11.0636978Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-vertex-ai-search:latest
2024-04-25T11:44:11.0637165Z 20 | imagePullPolicy: Always
2024-04-25T11:44:11.0637360Z 21 | env:
2024-04-25T11:44:11.0637690Z 22 | - name: BACKEND_URL
2024-04-25T11:44:11.0638105Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080"
2024-04-25T11:44:11.0638227Z 24 | ports:
2024-04-25T11:44:11.0638410Z 25 | - containerPort: 8501
2024-04-25T11:44:11.0638601Z 26 | livenessProbe:
2024-04-25T11:44:11.0638807Z 27 | httpGet:
2024-04-25T11:44:11.0638959Z 28 | path: /_stcore/health
2024-04-25T11:44:11.0639125Z 29 | port: 8501
2024-04-25T11:44:11.0639263Z 30 | scheme: HTTP
2024-04-25T11:44:11.0639401Z 31 | timeoutSeconds: 1
2024-04-25T11:44:11.0639588Z 32 | readinessProbe:
2024-04-25T11:44:11.0639775Z 33 | httpGet:
2024-04-25T11:44:11.0639924Z 34 | path: /_stcore/health
2024-04-25T11:44:11.0640088Z 35 | port: 8501
2024-04-25T11:44:11.0640219Z 36 | scheme: HTTP
2024-04-25T11:44:11.0640360Z 37 | timeoutSeconds: 1
2024-04-25T11:44:11.0640538Z 38 | resources:
2024-04-25T11:44:11.0640720Z 39 | limits:
2024-04-25T11:44:11.0640936Z 40 | cpu: 1
2024-04-25T11:44:11.0641101Z 41 | memory: 2Gi
2024-04-25T11:44:11.0641225Z 42 | requests:
2024-04-25T11:44:11.0641404Z 43 | cpu: 100m
2024-04-25T11:44:11.0641536Z 44 | memory: 745Mi
2024-04-25T11:44:11.0641542Z
2024-04-25T11:44:11.0641846Z Check: CKV_K8S_21: "The default namespace should not be used"
2024-04-25T11:44:11.0642195Z FAILED for resource: Deployment.default.fixmycar-frontend
2024-04-25T11:44:11.0642688Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/frontend-deployment.yaml:1-44
2024-04-25T11:44:11.0643398Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-20
2024-04-25T11:44:11.0643403Z
2024-04-25T11:44:11.0643594Z 1 | apiVersion: apps/v1
2024-04-25T11:44:11.0643727Z 2 | kind: Deployment
2024-04-25T11:44:11.0643914Z 3 | metadata:
2024-04-25T11:44:11.0644126Z 4 | name: fixmycar-frontend
2024-04-25T11:44:11.0644243Z 5 | labels:
2024-04-25T11:44:11.0644473Z 6 | app: fixmycar-frontend
2024-04-25T11:44:11.0644590Z 7 | spec:
2024-04-25T11:44:11.0644717Z 8 | replicas: 1
2024-04-25T11:44:11.0644936Z 9 | selector:
2024-04-25T11:44:11.0645067Z 10 | matchLabels:
2024-04-25T11:44:11.0645244Z 11 | app: fixmycar-frontend
2024-04-25T11:44:11.0645416Z 12 | template:
2024-04-25T11:44:11.0645660Z 13 | metadata:
2024-04-25T11:44:11.0645849Z 14 | labels:
2024-04-25T11:44:11.0646138Z 15 | app: fixmycar-frontend
2024-04-25T11:44:11.0646258Z 16 | spec:
2024-04-25T11:44:11.0646404Z 17 | containers:
2024-04-25T11:44:11.0646631Z 18 | - name: fixmycar-frontend
2024-04-25T11:44:11.0647122Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-vertex-ai-search:latest
2024-04-25T11:44:11.0647279Z 20 | imagePullPolicy: Always
2024-04-25T11:44:11.0647498Z 21 | env:
2024-04-25T11:44:11.0647694Z 22 | - name: BACKEND_URL
2024-04-25T11:44:11.0648071Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080"
2024-04-25T11:44:11.0648230Z 24 | ports:
2024-04-25T11:44:11.0648413Z 25 | - containerPort: 8501
2024-04-25T11:44:11.0648545Z 26 | livenessProbe:
2024-04-25T11:44:11.0648780Z 27 | httpGet:
2024-04-25T11:44:11.0648952Z 28 | path: /_stcore/health
2024-04-25T11:44:11.0649114Z 29 | port: 8501
2024-04-25T11:44:11.0649243Z 30 | scheme: HTTP
2024-04-25T11:44:11.0649379Z 31 | timeoutSeconds: 1
2024-04-25T11:44:11.0649607Z 32 | readinessProbe:
2024-04-25T11:44:11.0649745Z 33 | httpGet:
2024-04-25T11:44:11.0649894Z 34 | path: /_stcore/health
2024-04-25T11:44:11.0650179Z 35 | port: 8501
2024-04-25T11:44:11.0650306Z 36 | scheme: HTTP
2024-04-25T11:44:11.0650486Z 37 | timeoutSeconds: 1
2024-04-25T11:44:11.0650732Z 38 | resources:
2024-04-25T11:44:11.0650853Z 39 | limits:
2024-04-25T11:44:11.0650973Z 40 | cpu: 1
2024-04-25T11:44:11.0651133Z 41 | memory: 2Gi
2024-04-25T11:44:11.0651257Z 42 | requests:
2024-04-25T11:44:11.0651384Z 43 | cpu: 100m
2024-04-25T11:44:11.0651635Z 44 | memory: 745Mi
2024-04-25T11:44:11.0651642Z
2024-04-25T11:44:11.0651988Z Check: CKV_K8S_37: "Minimize the admission of containers with capabilities assigned"
2024-04-25T11:44:11.0652286Z FAILED for resource: Deployment.default.fixmycar-frontend
2024-04-25T11:44:11.0652796Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/frontend-deployment.yaml:1-44
2024-04-25T11:44:11.0653486Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-34
2024-04-25T11:44:11.0653496Z
2024-04-25T11:44:11.0653680Z 1 | apiVersion: apps/v1
2024-04-25T11:44:11.0653878Z 2 | kind: Deployment
2024-04-25T11:44:11.0653995Z 3 | metadata:
2024-04-25T11:44:11.0654208Z 4 | name: fixmycar-frontend
2024-04-25T11:44:11.0654324Z 5 | labels:
2024-04-25T11:44:11.0654496Z 6 | app: fixmycar-frontend
2024-04-25T11:44:11.0654664Z 7 | spec:
2024-04-25T11:44:11.0654855Z 8 | replicas: 1
2024-04-25T11:44:11.0654973Z 9 | selector:
2024-04-25T11:44:11.0655134Z 10 | matchLabels:
2024-04-25T11:44:11.0655307Z 11 | app: fixmycar-frontend
2024-04-25T11:44:11.0655468Z 12 | template:
2024-04-25T11:44:11.0655645Z 13 | metadata:
2024-04-25T11:44:11.0656777Z 14 | labels:
2024-04-25T11:44:11.0657021Z 15 | app: fixmycar-frontend
2024-04-25T11:44:11.0657176Z 16 | spec:
2024-04-25T11:44:11.0657303Z 17 | containers:
2024-04-25T11:44:11.0657518Z 18 | - name: fixmycar-frontend
2024-04-25T11:44:11.0658055Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-vertex-ai-search:latest
2024-04-25T11:44:11.0658291Z 20 | imagePullPolicy: Always
2024-04-25T11:44:11.0658447Z 21 | env:
2024-04-25T11:44:11.0658627Z 22 | - name: BACKEND_URL
2024-04-25T11:44:11.0659010Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080"
2024-04-25T11:44:11.0659184Z 24 | ports:
2024-04-25T11:44:11.0659540Z 25 | - containerPort: 8501
2024-04-25T11:44:11.0659751Z 26 | livenessProbe:
2024-04-25T11:44:11.0659912Z 27 | httpGet:
2024-04-25T11:44:11.0660084Z 28 | path: /_stcore/health
2024-04-25T11:44:11.0660214Z 29 | port: 8501
2024-04-25T11:44:11.0660385Z 30 | scheme: HTTP
2024-04-25T11:44:11.0660522Z 31 | timeoutSeconds: 1
2024-04-25T11:44:11.0660726Z 32 | readinessProbe:
2024-04-25T11:44:11.0660885Z 33 | httpGet:
2024-04-25T11:44:11.0661049Z 34 | path: /_stcore/health
2024-04-25T11:44:11.0661219Z 35 | port: 8501
2024-04-25T11:44:11.0661382Z 36 | scheme: HTTP
2024-04-25T11:44:11.0661522Z 37 | timeoutSeconds: 1
2024-04-25T11:44:11.0661742Z 38 | resources:
2024-04-25T11:44:11.0661879Z 39 | limits:
2024-04-25T11:44:11.0662001Z 40 | cpu: 1
2024-04-25T11:44:11.0662166Z 41 | memory: 2Gi
2024-04-25T11:44:11.0662294Z 42 | requests:
2024-04-25T11:44:11.0662418Z 43 | cpu: 100m
2024-04-25T11:44:11.0662646Z 44 | memory: 745Mi
2024-04-25T11:44:11.0662653Z
2024-04-25T11:44:11.0662997Z Check: CKV_K8S_40: "Containers should run as a high UID to avoid host conflict"
2024-04-25T11:44:11.0663300Z FAILED for resource: Deployment.default.fixmycar-frontend
2024-04-25T11:44:11.0663971Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/frontend-deployment.yaml:1-44
2024-04-25T11:44:11.0664673Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-37
2024-04-25T11:44:11.0664679Z
2024-04-25T11:44:11.0664939Z 1 | apiVersion: apps/v1
2024-04-25T11:44:11.0665067Z 2 | kind: Deployment
2024-04-25T11:44:11.0665186Z 3 | metadata:
2024-04-25T11:44:11.0665398Z 4 | name: fixmycar-frontend
2024-04-25T11:44:11.0665514Z 5 | labels:
2024-04-25T11:44:11.0665690Z 6 | app: fixmycar-frontend
2024-04-25T11:44:11.0665922Z 7 | spec:
2024-04-25T11:44:11.0666046Z 8 | replicas: 1
2024-04-25T11:44:11.0666209Z 9 | selector:
2024-04-25T11:44:11.0666370Z 10 | matchLabels:
2024-04-25T11:44:11.0666547Z 11 | app: fixmycar-frontend
2024-04-25T11:44:11.0666666Z 12 | template:
2024-04-25T11:44:11.0666897Z 13 | metadata:
2024-04-25T11:44:11.0667014Z 14 | labels:
2024-04-25T11:44:11.0667199Z 15 | app: fixmycar-frontend
2024-04-25T11:44:11.0667351Z 16 | spec:
2024-04-25T11:44:11.0667476Z 17 | containers:
2024-04-25T11:44:11.0667662Z 18 | - name: fixmycar-frontend
2024-04-25T11:44:11.0668261Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-vertex-ai-search:latest
2024-04-25T11:44:11.0668414Z 20 | imagePullPolicy: Always
2024-04-25T11:44:11.0668533Z 21 | env:
2024-04-25T11:44:11.0668744Z 22 | - name: BACKEND_URL
2024-04-25T11:44:11.0669116Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080"
2024-04-25T11:44:11.0669254Z 24 | ports:
2024-04-25T11:44:11.0669537Z 25 | - containerPort: 8501
2024-04-25T11:44:11.0669669Z 26 | livenessProbe:
2024-04-25T11:44:11.0669829Z 27 | httpGet:
2024-04-25T11:44:11.0669979Z 28 | path: /_stcore/health
2024-04-25T11:44:11.0670111Z 29 | port: 8501
2024-04-25T11:44:11.0670292Z 30 | scheme: HTTP
2024-04-25T11:44:11.0670485Z 31 | timeoutSeconds: 1
2024-04-25T11:44:11.0670619Z 32 | readinessProbe:
2024-04-25T11:44:11.0670817Z 33 | httpGet:
2024-04-25T11:44:11.0670963Z 34 | path: /_stcore/health
2024-04-25T11:44:11.0671106Z 35 | port: 8501
2024-04-25T11:44:11.0671268Z 36 | scheme: HTTP
2024-04-25T11:44:11.0671459Z 37 | timeoutSeconds: 1
2024-04-25T11:44:11.0671582Z 38 | resources:
2024-04-25T11:44:11.0671862Z 39 | limits:
2024-04-25T11:44:11.0672004Z 40 | cpu: 1
2024-04-25T11:44:11.0672130Z 41 | memory: 2Gi
2024-04-25T11:44:11.0672289Z 42 | requests:
2024-04-25T11:44:11.0672483Z 43 | cpu: 100m
2024-04-25T11:44:11.0672618Z 44 | memory: 745Mi
2024-04-25T11:44:11.0672624Z
2024-04-25T11:44:11.0672963Z Check: CKV_K8S_29: "Apply security context to your pods and containers"
2024-04-25T11:44:11.0673264Z FAILED for resource: Deployment.default.fixmycar-frontend
2024-04-25T11:44:11.0673782Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/frontend-deployment.yaml:1-44
2024-04-25T11:44:11.0674796Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-securitycontext-is-applied-to-pods-and-containers
2024-04-25T11:44:11.0674802Z
2024-04-25T11:44:11.0675000Z 1 | apiVersion: apps/v1
2024-04-25T11:44:11.0675166Z 2 | kind: Deployment
2024-04-25T11:44:11.0675301Z 3 | metadata:
2024-04-25T11:44:11.0675473Z 4 | name: fixmycar-frontend
2024-04-25T11:44:11.0675625Z 5 | labels:
2024-04-25T11:44:11.0675795Z 6 | app: fixmycar-frontend
2024-04-25T11:44:11.0676020Z 7 | spec:
2024-04-25T11:44:11.0676193Z 8 | replicas: 1
2024-04-25T11:44:11.0676312Z 9 | selector:
2024-04-25T11:44:11.0676436Z 10 | matchLabels:
2024-04-25T11:44:11.0676778Z 11 | app: fixmycar-frontend
2024-04-25T11:44:11.0676900Z 12 | template:
2024-04-25T11:44:11.0677088Z 13 | metadata:
2024-04-25T11:44:11.0677260Z 14 | labels:
2024-04-25T11:44:11.0677437Z 15 | app: fixmycar-frontend
2024-04-25T11:44:11.0677589Z 16 | spec:
2024-04-25T11:44:11.0677720Z 17 | containers:
2024-04-25T11:44:11.0677908Z 18 | - name: fixmycar-frontend
2024-04-25T11:44:11.0678562Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-vertex-ai-search:latest
2024-04-25T11:44:11.0678723Z 20 | imagePullPolicy: Always
2024-04-25T11:44:11.0678842Z 21 | env:
2024-04-25T11:44:11.0679054Z 22 | - name: BACKEND_URL
2024-04-25T11:44:11.0679424Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080"
2024-04-25T11:44:11.0679549Z 24 | ports:
2024-04-25T11:44:11.0679875Z 25 | - containerPort: 8501
2024-04-25T11:44:11.0680011Z 26 | livenessProbe:
2024-04-25T11:44:11.0680133Z 27 | httpGet:
2024-04-25T11:44:11.0680317Z 28 | path: /_stcore/health
2024-04-25T11:44:11.0680443Z 29 | port: 8501
2024-04-25T11:44:11.0680624Z 30 | scheme: HTTP
2024-04-25T11:44:11.0680856Z 31 | timeoutSeconds: 1
2024-04-25T11:44:11.0680987Z 32 | readinessProbe:
2024-04-25T11:44:11.0681109Z 33 | httpGet:
2024-04-25T11:44:11.0681291Z 34 | path: /_stcore/health
2024-04-25T11:44:11.0681419Z 35 | port: 8501
2024-04-25T11:44:11.0681660Z 36 | scheme: HTTP
2024-04-25T11:44:11.0681795Z 37 | timeoutSeconds: 1
2024-04-25T11:44:11.0681917Z 38 | resources:
2024-04-25T11:44:11.0682074Z 39 | limits:
2024-04-25T11:44:11.0682192Z 40 | cpu: 1
2024-04-25T11:44:11.0682340Z 41 | memory: 2Gi
2024-04-25T11:44:11.0682560Z 42 | requests:
2024-04-25T11:44:11.0682690Z 43 | cpu: 100m
2024-04-25T11:44:11.0682822Z 44 | memory: 745Mi
2024-04-25T11:44:11.0682828Z
2024-04-25T11:44:11.0683111Z Check: CKV_K8S_30: "Apply security context to your containers"
2024-04-25T11:44:11.0683408Z FAILED for resource: Deployment.default.fixmycar-frontend
2024-04-25T11:44:11.0683903Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/frontend-deployment.yaml:1-44
2024-04-25T11:44:11.0684822Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-28
2024-04-25T11:44:11.0684831Z
2024-04-25T11:44:11.0684974Z 1 | apiVersion: apps/v1
2024-04-25T11:44:11.0685135Z 2 | kind: Deployment
2024-04-25T11:44:11.0685274Z 3 | metadata:
2024-04-25T11:44:11.0685491Z 4 | name: fixmycar-frontend
2024-04-25T11:44:11.0685639Z 5 | labels:
2024-04-25T11:44:11.0685884Z 6 | app: fixmycar-frontend
2024-04-25T11:44:11.0686002Z 7 | spec:
2024-04-25T11:44:11.0686164Z 8 | replicas: 1
2024-04-25T11:44:11.0686301Z 9 | selector:
2024-04-25T11:44:11.0686425Z 10 | matchLabels:
2024-04-25T11:44:11.0686636Z 11 | app: fixmycar-frontend
2024-04-25T11:44:11.0686817Z 12 | template:
2024-04-25T11:44:11.0686938Z 13 | metadata:
2024-04-25T11:44:11.0687108Z 14 | labels:
2024-04-25T11:44:11.0687289Z 15 | app: fixmycar-frontend
2024-04-25T11:44:11.0687408Z 16 | spec:
2024-04-25T11:44:11.0687566Z 17 | containers:
2024-04-25T11:44:11.0687812Z 18 | - name: fixmycar-frontend
2024-04-25T11:44:11.0688309Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-vertex-ai-search:latest
2024-04-25T11:44:11.0688509Z 20 | imagePullPolicy: Always
2024-04-25T11:44:11.0688628Z 21 | env:
2024-04-25T11:44:11.0688802Z 22 | - name: BACKEND_URL
2024-04-25T11:44:11.0689215Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080"
2024-04-25T11:44:11.0689542Z 24 | ports:
2024-04-25T11:44:11.0689788Z 25 | - containerPort: 8501
2024-04-25T11:44:11.0689921Z 26 | livenessProbe:
2024-04-25T11:44:11.0690086Z 27 | httpGet:
2024-04-25T11:44:11.0690269Z 28 | path: /_stcore/health
2024-04-25T11:44:11.0690397Z 29 | port: 8501
2024-04-25T11:44:11.0690589Z 30 | scheme: HTTP
2024-04-25T11:44:11.0690776Z 31 | timeoutSeconds: 1
2024-04-25T11:44:11.0690907Z 32 | readinessProbe:
2024-04-25T11:44:11.0691034Z 33 | httpGet:
2024-04-25T11:44:11.0691215Z 34 | path: /_stcore/health
2024-04-25T11:44:11.0691341Z 35 | port: 8501
2024-04-25T11:44:11.0691544Z 36 | scheme: HTTP
2024-04-25T11:44:11.0691715Z 37 | timeoutSeconds: 1
2024-04-25T11:44:11.0691840Z 38 | resources:
2024-04-25T11:44:11.0691962Z 39 | limits:
2024-04-25T11:44:11.0692118Z 40 | cpu: 1
2024-04-25T11:44:11.0692245Z 41 | memory: 2Gi
2024-04-25T11:44:11.0692448Z 42 | requests:
2024-04-25T11:44:11.0692608Z 43 | cpu: 100m
2024-04-25T11:44:11.0692736Z 44 | memory: 745Mi
2024-04-25T11:44:11.0692742Z
2024-04-25T11:44:11.0692948Z Check: CKV_K8S_43: "Image should use digest"
2024-04-25T11:44:11.0693244Z FAILED for resource: Deployment.default.fixmycar-frontend
2024-04-25T11:44:11.0693744Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/frontend-deployment.yaml:1-44
2024-04-25T11:44:11.0694545Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-39
2024-04-25T11:44:11.0694552Z
2024-04-25T11:44:11.0694685Z 1 | apiVersion: apps/v1
2024-04-25T11:44:11.0694851Z 2 | kind: Deployment
2024-04-25T11:44:11.0695003Z 3 | metadata:
2024-04-25T11:44:11.0695175Z 4 | name: fixmycar-frontend
2024-04-25T11:44:11.0695313Z 5 | labels:
2024-04-25T11:44:11.0695580Z 6 | app: fixmycar-frontend
2024-04-25T11:44:11.0695695Z 7 | spec:
2024-04-25T11:44:11.0695941Z 8 | replicas: 1
2024-04-25T11:44:11.0696097Z 9 | selector:
2024-04-25T11:44:11.0696238Z 10 | matchLabels:
2024-04-25T11:44:11.0696415Z 11 | app: fixmycar-frontend
2024-04-25T11:44:11.0696640Z 12 | template:
2024-04-25T11:44:11.0696762Z 13 | metadata:
2024-04-25T11:44:11.0696915Z 14 | labels:
2024-04-25T11:44:11.0697093Z 15 | app: fixmycar-frontend
2024-04-25T11:44:11.0697379Z 16 | spec:
2024-04-25T11:44:11.0697605Z 17 | containers:
2024-04-25T11:44:11.0697797Z 18 | - name: fixmycar-frontend
2024-04-25T11:44:11.0698282Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-vertex-ai-search:latest
2024-04-25T11:44:11.0698489Z 20 | imagePullPolicy: Always
2024-04-25T11:44:11.0698606Z 21 | env:
2024-04-25T11:44:11.0698785Z 22 | - name: BACKEND_URL
2024-04-25T11:44:11.0699255Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080"
2024-04-25T11:44:11.0699377Z 24 | ports:
2024-04-25T11:44:11.0699604Z 25 | - containerPort: 8501
2024-04-25T11:44:11.0699790Z 26 | livenessProbe:
2024-04-25T11:44:11.0699911Z 27 | httpGet:
2024-04-25T11:44:11.0700058Z 28 | path: /_stcore/health
2024-04-25T11:44:11.0700284Z 29 | port: 8501
2024-04-25T11:44:11.0700414Z 30 | scheme: HTTP
2024-04-25T11:44:11.0700553Z 31 | timeoutSeconds: 1
2024-04-25T11:44:11.0700740Z 32 | readinessProbe:
2024-04-25T11:44:11.0700860Z 33 | httpGet:
2024-04-25T11:44:11.0701040Z 34 | path: /_stcore/health
2024-04-25T11:44:11.0701231Z 35 | port: 8501
2024-04-25T11:44:11.0701362Z 36 | scheme: HTTP
2024-04-25T11:44:11.0701548Z 37 | timeoutSeconds: 1
2024-04-25T11:44:11.0701845Z 38 | resources:
2024-04-25T11:44:11.0701964Z 39 | limits:
2024-04-25T11:44:11.0702117Z 40 | cpu: 1
2024-04-25T11:44:11.0702312Z 41 | memory: 2Gi
2024-04-25T11:44:11.0702454Z 42 | requests:
2024-04-25T11:44:11.0702613Z 43 | cpu: 100m
2024-04-25T11:44:11.0702741Z 44 | memory: 745Mi
2024-04-25T11:44:11.0702747Z
2024-04-25T11:44:11.0703145Z Check: CKV_K8S_31: "Ensure that the seccomp profile is set to docker/default or runtime/default"
2024-04-25T11:44:11.0703480Z FAILED for resource: Deployment.default.fixmycar-frontend
2024-04-25T11:44:11.0704063Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/frontend-deployment.yaml:1-44
2024-04-25T11:44:11.0704809Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-29
2024-04-25T11:44:11.0704815Z
2024-04-25T11:44:11.0704946Z 1 | apiVersion: apps/v1
2024-04-25T11:44:11.0705078Z 2 | kind: Deployment
2024-04-25T11:44:11.0705228Z 3 | metadata:
2024-04-25T11:44:11.0705399Z 4 | name: fixmycar-frontend
2024-04-25T11:44:11.0705589Z 5 | labels:
2024-04-25T11:44:11.0705801Z 6 | app: fixmycar-frontend
2024-04-25T11:44:11.0705920Z 7 | spec:
2024-04-25T11:44:11.0706040Z 8 | replicas: 1
2024-04-25T11:44:11.0706191Z 9 | selector:
2024-04-25T11:44:11.0706312Z 10 | matchLabels:
2024-04-25T11:44:11.0706558Z 11 | app: fixmycar-frontend
2024-04-25T11:44:11.0706714Z 12 | template:
2024-04-25T11:44:11.0706835Z 13 | metadata:
2024-04-25T11:44:11.0706954Z 14 | labels:
2024-04-25T11:44:11.0707166Z 15 | app: fixmycar-frontend
2024-04-25T11:44:11.0707298Z 16 | spec:
2024-04-25T11:44:11.0707484Z 17 | containers:
2024-04-25T11:44:11.0707707Z 18 | - name: fixmycar-frontend
2024-04-25T11:44:11.0708189Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-vertex-ai-search:latest
2024-04-25T11:44:11.0708340Z 20 | imagePullPolicy: Always
2024-04-25T11:44:11.0708495Z 21 | env:
2024-04-25T11:44:11.0708687Z 22 | - name: BACKEND_URL
2024-04-25T11:44:11.0709196Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080"
2024-04-25T11:44:11.0709318Z 24 | ports:
2024-04-25T11:44:11.0709500Z 25 | - containerPort: 8501
2024-04-25T11:44:11.0709666Z 26 | livenessProbe:
2024-04-25T11:44:11.0709805Z 27 | httpGet:
2024-04-25T11:44:11.0710076Z 28 | path: /_stcore/health
2024-04-25T11:44:11.0710311Z 29 | port: 8501
2024-04-25T11:44:11.0710443Z 30 | scheme: HTTP
2024-04-25T11:44:11.0710579Z 31 | timeoutSeconds: 1
2024-04-25T11:44:11.0710765Z 32 | readinessProbe:
2024-04-25T11:44:11.0710885Z 33 | httpGet:
2024-04-25T11:44:11.0711033Z 34 | path: /_stcore/health
2024-04-25T11:44:11.0711261Z 35 | port: 8501
2024-04-25T11:44:11.0711388Z 36 | scheme: HTTP
2024-04-25T11:44:11.0711523Z 37 | timeoutSeconds: 1
2024-04-25T11:44:11.0711697Z 38 | resources:
2024-04-25T11:44:11.0711816Z 39 | limits:
2024-04-25T11:44:11.0711936Z 40 | cpu: 1
2024-04-25T11:44:11.0712162Z 41 | memory: 2Gi
2024-04-25T11:44:11.0712285Z 42 | requests:
2024-04-25T11:44:11.0712410Z 43 | cpu: 100m
2024-04-25T11:44:11.0712603Z 44 | memory: 745Mi
2024-04-25T11:44:11.0712609Z
2024-04-25T11:44:11.0712996Z Check: CKV_K8S_28: "Minimize the admission of containers with the NET_RAW capability"
2024-04-25T11:44:11.0713396Z FAILED for resource: Deployment.default.fixmycar-frontend
2024-04-25T11:44:11.0713878Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/frontend-deployment.yaml:1-44
2024-04-25T11:44:11.0714574Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-27
2024-04-25T11:44:11.0714720Z
2024-04-25T11:44:11.0714893Z 1 | apiVersion: apps/v1
2024-04-25T11:44:11.0715018Z 2 | kind: Deployment
2024-04-25T11:44:11.0715135Z 3 | metadata:
2024-04-25T11:44:11.0715416Z 4 | name: fixmycar-frontend
2024-04-25T11:44:11.0715533Z 5 | labels:
2024-04-25T11:44:11.0715723Z 6 | app: fixmycar-frontend
2024-04-25T11:44:11.0715874Z 7 | spec:
2024-04-25T11:44:11.0715996Z 8 | replicas: 1
2024-04-25T11:44:11.0716149Z 9 | selector:
2024-04-25T11:44:11.0716339Z 10 | matchLabels:
2024-04-25T11:44:11.0716533Z 11 | app: fixmycar-frontend
2024-04-25T11:44:11.0716687Z 12 | template:
2024-04-25T11:44:11.0716804Z 13 | metadata:
2024-04-25T11:44:11.0716919Z 14 | labels:
2024-04-25T11:44:11.0717130Z 15 | app: fixmycar-frontend
2024-04-25T11:44:11.0717307Z 16 | spec:
2024-04-25T11:44:11.0717448Z 17 | containers:
2024-04-25T11:44:11.0717671Z 18 | - name: fixmycar-frontend
2024-04-25T11:44:11.0718149Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-vertex-ai-search:latest
2024-04-25T11:44:11.0718336Z 20 | imagePullPolicy: Always
2024-04-25T11:44:11.0718493Z 21 | env:
2024-04-25T11:44:11.0718754Z 22 | - name: BACKEND_URL
2024-04-25T11:44:11.0719127Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080"
2024-04-25T11:44:11.0719284Z 24 | ports:
2024-04-25T11:44:11.0719469Z 25 | - containerPort: 8501
2024-04-25T11:44:11.0719599Z 26 | livenessProbe:
2024-04-25T11:44:11.0719757Z 27 | httpGet:
2024-04-25T11:44:11.0719983Z 28 | path: /_stcore/health
2024-04-25T11:44:11.0720110Z 29 | port: 8501
2024-04-25T11:44:11.0720274Z 30 | scheme: HTTP
2024-04-25T11:44:11.0720408Z 31 | timeoutSeconds: 1
2024-04-25T11:44:11.0720578Z 32 | readinessProbe:
2024-04-25T11:44:11.0720717Z 33 | httpGet:
2024-04-25T11:44:11.0720923Z 34 | path: /_stcore/health
2024-04-25T11:44:11.0721083Z 35 | port: 8501
2024-04-25T11:44:11.0721210Z 36 | scheme: HTTP
2024-04-25T11:44:11.0721343Z 37 | timeoutSeconds: 1
2024-04-25T11:44:11.0721500Z 38 | resources:
2024-04-25T11:44:11.0721637Z 39 | limits:
2024-04-25T11:44:11.0721821Z 40 | cpu: 1
2024-04-25T11:44:11.0721985Z 41 | memory: 2Gi
2024-04-25T11:44:11.0722276Z 42 | requests:
2024-04-25T11:44:11.0722404Z 43 | cpu: 100m
2024-04-25T11:44:11.0722586Z 44 | memory: 745Mi
2024-04-25T11:44:11.0722593Z
2024-04-25T11:44:11.0722924Z Check: CKV_K8S_14: "Image Tag should be fixed - not latest or blank"
2024-04-25T11:44:11.0723283Z FAILED for resource: Deployment.default.fixmycar-frontend
2024-04-25T11:44:11.0723796Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/frontend-deployment.yaml:1-44
2024-04-25T11:44:11.0724484Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-13
2024-04-25T11:44:11.0724490Z
2024-04-25T11:44:11.0724678Z 1 | apiVersion: apps/v1
2024-04-25T11:44:11.0724803Z 2 | kind: Deployment
2024-04-25T11:44:11.0724923Z 3 | metadata:
2024-04-25T11:44:11.0725189Z 4 | name: fixmycar-frontend
2024-04-25T11:44:11.0725309Z 5 | labels:
2024-04-25T11:44:11.0725484Z 6 | app: fixmycar-frontend
2024-04-25T11:44:11.0725651Z 7 | spec:
2024-04-25T11:44:11.0725773Z 8 | replicas: 1
2024-04-25T11:44:11.0725891Z 9 | selector:
2024-04-25T11:44:11.0726110Z 10 | matchLabels:
2024-04-25T11:44:11.0726283Z 11 | app: fixmycar-frontend
2024-04-25T11:44:11.0726400Z 12 | template:
2024-04-25T11:44:11.0726571Z 13 | metadata:
2024-04-25T11:44:11.0726687Z 14 | labels:
2024-04-25T11:44:11.0726991Z 15 | app: fixmycar-frontend
2024-04-25T11:44:11.0727215Z 16 | spec:
2024-04-25T11:44:11.0727404Z 17 | containers:
2024-04-25T11:44:11.0727590Z 18 | - name: fixmycar-frontend
2024-04-25T11:44:11.0728101Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-vertex-ai-search:latest
2024-04-25T11:44:11.0728247Z 20 | imagePullPolicy: Always
2024-04-25T11:44:11.0728461Z 21 | env:
2024-04-25T11:44:11.0728639Z 22 | - name: BACKEND_URL
2024-04-25T11:44:11.0729028Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080"
2024-04-25T11:44:11.0729185Z 24 | ports:
2024-04-25T11:44:11.0729364Z 25 | - containerPort: 8501
2024-04-25T11:44:11.0729495Z 26 | livenessProbe:
2024-04-25T11:44:11.0729714Z 27 | httpGet:
2024-04-25T11:44:11.0729878Z 28 | path: /_stcore/health
2024-04-25T11:44:11.0730004Z 29 | port: 8501
2024-04-25T11:44:11.0730170Z 30 | scheme: HTTP
2024-04-25T11:44:11.0730306Z 31 | timeoutSeconds: 1
2024-04-25T11:44:11.0730438Z 32 | readinessProbe:
2024-04-25T11:44:11.0730653Z 33 | httpGet:
2024-04-25T11:44:11.0730816Z 34 | path: /_stcore/health
2024-04-25T11:44:11.0730943Z 35 | port: 8501
2024-04-25T11:44:11.0731105Z 36 | scheme: HTTP
2024-04-25T11:44:11.0731239Z 37 | timeoutSeconds: 1
2024-04-25T11:44:11.0731363Z 38 | resources:
2024-04-25T11:44:11.0731602Z 39 | limits:
2024-04-25T11:44:11.0731765Z 40 | cpu: 1
2024-04-25T11:44:11.0731924Z 41 | memory: 2Gi
2024-04-25T11:44:11.0732048Z 42 | requests:
2024-04-25T11:44:11.0732172Z 43 | cpu: 100m
2024-04-25T11:44:11.0732333Z 44 | memory: 745Mi
2024-04-25T11:44:11.0732339Z
2024-04-25T11:44:11.0732732Z Check: CKV_K8S_20: "Containers should not run with allowPrivilegeEscalation"
2024-04-25T11:44:11.0733031Z FAILED for resource: Deployment.default.fixmycar-frontend
2024-04-25T11:44:11.0733547Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/frontend-deployment.yaml:1-44
2024-04-25T11:44:11.0734235Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-19
2024-04-25T11:44:11.0734240Z
2024-04-25T11:44:11.0734371Z 1 | apiVersion: apps/v1
2024-04-25T11:44:11.0734549Z 2 | kind: Deployment
2024-04-25T11:44:11.0734850Z 3 | metadata:
2024-04-25T11:44:11.0735063Z 4 | name: fixmycar-frontend
2024-04-25T11:44:11.0735181Z 5 | labels:
2024-04-25T11:44:11.0735351Z 6 | app: fixmycar-frontend
2024-04-25T11:44:11.0735518Z 7 | spec:
2024-04-25T11:44:11.0735648Z 8 | replicas: 1
2024-04-25T11:44:11.0736278Z 9 | selector:
2024-04-25T11:44:11.0736456Z 10 | matchLabels:
2024-04-25T11:44:11.0736645Z 11 | app: fixmycar-frontend
2024-04-25T11:44:11.0736771Z 12 | template:
2024-04-25T11:44:11.0736940Z 13 | metadata:
2024-04-25T11:44:11.0737055Z 14 | labels:
2024-04-25T11:44:11.0737351Z 15 | app: fixmycar-frontend
2024-04-25T11:44:11.0737506Z 16 | spec:
2024-04-25T11:44:11.0737632Z 17 | containers:
2024-04-25T11:44:11.0737819Z 18 | - name: fixmycar-frontend
2024-04-25T11:44:11.0738356Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-vertex-ai-search:latest
2024-04-25T11:44:11.0738505Z 20 | imagePullPolicy: Always
2024-04-25T11:44:11.0738693Z 21 | env:
2024-04-25T11:44:11.0738904Z 22 | - name: BACKEND_URL
2024-04-25T11:44:11.0739277Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080"
2024-04-25T11:44:11.0739419Z 24 | ports:
2024-04-25T11:44:11.0739637Z 25 | - containerPort: 8501
2024-04-25T11:44:11.0739767Z 26 | livenessProbe:
2024-04-25T11:44:11.0740131Z 27 | httpGet:
2024-04-25T11:44:11.0740318Z 28 | path: /_stcore/health
2024-04-25T11:44:11.0740468Z 29 | port: 8501
2024-04-25T11:44:11.0740636Z 30 | scheme: HTTP
2024-04-25T11:44:11.0740771Z 31 | timeoutSeconds: 1
2024-04-25T11:44:11.0740905Z 32 | readinessProbe:
2024-04-25T11:44:11.0741131Z 33 | httpGet:
2024-04-25T11:44:11.0741293Z 34 | path: /_stcore/health
2024-04-25T11:44:11.0741419Z 35 | port: 8501
2024-04-25T11:44:11.0741585Z 36 | scheme: HTTP
2024-04-25T11:44:11.0741759Z 37 | timeoutSeconds: 1
2024-04-25T11:44:11.0741881Z 38 | resources:
2024-04-25T11:44:11.0742100Z 39 | limits:
2024-04-25T11:44:11.0742237Z 40 | cpu: 1
2024-04-25T11:44:11.0742363Z 41 | memory: 2Gi
2024-04-25T11:44:11.0742524Z 42 | requests:
2024-04-25T11:44:11.0742649Z 43 | cpu: 100m
2024-04-25T11:44:11.0742782Z 44 | memory: 745Mi
2024-04-25T11:44:11.0742788Z
2024-04-25T11:44:11.0743145Z Check: CKV_K8S_23: "Minimize the admission of root containers"
2024-04-25T11:44:11.0743442Z FAILED for resource: Deployment.default.fixmycar-frontend
2024-04-25T11:44:11.0743962Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/frontend-deployment.yaml:1-44
2024-04-25T11:44:11.0744656Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-22
2024-04-25T11:44:11.0744666Z
2024-04-25T11:44:11.0744797Z 1 | apiVersion: apps/v1
2024-04-25T11:44:11.0745019Z 2 | kind: Deployment
2024-04-25T11:44:11.0745156Z 3 | metadata:
2024-04-25T11:44:11.0745331Z 4 | name: fixmycar-frontend
2024-04-25T11:44:11.0745481Z 5 | labels:
2024-04-25T11:44:11.0745653Z 6 | app: fixmycar-frontend
2024-04-25T11:44:11.0745768Z 7 | spec:
2024-04-25T11:44:11.0746007Z 8 | replicas: 1
2024-04-25T11:44:11.0746130Z 9 | selector:
2024-04-25T11:44:11.0746256Z 10 | matchLabels:
2024-04-25T11:44:11.0746464Z 11 | app: fixmycar-frontend
2024-04-25T11:44:11.0746581Z 12 | template:
2024-04-25T11:44:11.0746732Z 13 | metadata:
2024-04-25T11:44:11.0746965Z 14 | labels:
2024-04-25T11:44:11.0747150Z 15 | app: fixmycar-frontend
2024-04-25T11:44:11.0747267Z 16 | spec:
2024-04-25T11:44:11.0747428Z 17 | containers:
2024-04-25T11:44:11.0747615Z 18 | - name: fixmycar-frontend
2024-04-25T11:44:11.0748288Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-vertex-ai-search:latest
2024-04-25T11:44:11.0748512Z 20 | imagePullPolicy: Always
2024-04-25T11:44:11.0748632Z 21 | env:
2024-04-25T11:44:11.0748851Z 22 | - name: BACKEND_URL
2024-04-25T11:44:11.0749226Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080"
2024-04-25T11:44:11.0749347Z 24 | ports:
2024-04-25T11:44:11.0749585Z 25 | - containerPort: 8501
2024-04-25T11:44:11.0749782Z 26 | livenessProbe:
2024-04-25T11:44:11.0749906Z 27 | httpGet:
2024-04-25T11:44:11.0750093Z 28 | path: /_stcore/health
2024-04-25T11:44:11.0750217Z 29 | port: 8501
2024-04-25T11:44:11.0750366Z 30 | scheme: HTTP
2024-04-25T11:44:11.0750537Z 31 | timeoutSeconds: 1
2024-04-25T11:44:11.0750744Z 32 | readinessProbe:
2024-04-25T11:44:11.0750867Z 33 | httpGet:
2024-04-25T11:44:11.0751052Z 34 | path: /_stcore/health
2024-04-25T11:44:11.0751216Z 35 | port: 8501
2024-04-25T11:44:11.0751359Z 36 | scheme: HTTP
2024-04-25T11:44:11.0751528Z 37 | timeoutSeconds: 1
2024-04-25T11:44:11.0751705Z 38 | resources:
2024-04-25T11:44:11.0751859Z 39 | limits:
2024-04-25T11:44:11.0751981Z 40 | cpu: 1
2024-04-25T11:44:11.0752248Z 41 | memory: 2Gi
2024-04-25T11:44:11.0752409Z 42 | requests:
2024-04-25T11:44:11.0752536Z 43 | cpu: 100m
2024-04-25T11:44:11.0752730Z 44 | memory: 745Mi
2024-04-25T11:44:11.0752737Z
2024-04-25T11:44:11.0753131Z Check: CKV_K8S_38: "Ensure that Service Account Tokens are only mounted where necessary"
2024-04-25T11:44:11.0753447Z FAILED for resource: Deployment.default.fixmycar-frontend
2024-04-25T11:44:11.0753926Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/frontend-deployment.yaml:1-44
2024-04-25T11:44:11.0754662Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-35
2024-04-25T11:44:11.0754669Z
2024-04-25T11:44:11.0754800Z 1 | apiVersion: apps/v1
2024-04-25T11:44:11.0755036Z 2 | kind: Deployment
2024-04-25T11:44:11.0755172Z 3 | metadata:
2024-04-25T11:44:11.0755342Z 4 | name: fixmycar-frontend
2024-04-25T11:44:11.0755496Z 5 | labels:
2024-04-25T11:44:11.0755668Z 6 | app: fixmycar-frontend
2024-04-25T11:44:11.0755877Z 7 | spec:
2024-04-25T11:44:11.0756116Z 8 | replicas: 1
2024-04-25T11:44:11.0756272Z 9 | selector:
2024-04-25T11:44:11.0756395Z 10 | matchLabels:
2024-04-25T11:44:11.0756608Z 11 | app: fixmycar-frontend
2024-04-25T11:44:11.0756729Z 12 | template:
2024-04-25T11:44:11.0756850Z 13 | metadata:
2024-04-25T11:44:11.0757073Z 14 | labels:
2024-04-25T11:44:11.0757253Z 15 | app: fixmycar-frontend
2024-04-25T11:44:11.0757369Z 16 | spec:
2024-04-25T11:44:11.0757530Z 17 | containers:
2024-04-25T11:44:11.0757712Z 18 | - name: fixmycar-frontend
2024-04-25T11:44:11.0758195Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-vertex-ai-search:latest
2024-04-25T11:44:11.1000919Z 20 | imagePullPolicy: Always
2024-04-25T11:44:11.1001051Z 21 | env:
2024-04-25T11:44:11.1001525Z 22 | - name: BACKEND_URL
2024-04-25T11:44:11.1002078Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080"
2024-04-25T11:44:11.1002236Z 24 | ports:
2024-04-25T11:44:11.1002488Z 25 | - containerPort: 8501
2024-04-25T11:44:11.1002634Z 26 | livenessProbe:
2024-04-25T11:44:11.1002768Z 27 | httpGet:
2024-04-25T11:44:11.1002950Z 28 | path: /_stcore/health
2024-04-25T11:44:11.1003107Z 29 | port: 8501
2024-04-25T11:44:11.1003253Z 30 | scheme: HTTP
2024-04-25T11:44:11.1004022Z 31 | timeoutSeconds: 1
2024-04-25T11:44:11.1004200Z 32 | readinessProbe:
2024-04-25T11:44:11.1004342Z 33 | httpGet:
2024-04-25T11:44:11.1004537Z 34 | path: /_stcore/health
2024-04-25T11:44:11.1004687Z 35 | port: 8501
2024-04-25T11:44:11.1004839Z 36 | scheme: HTTP
2024-04-25T11:44:11.1005011Z 37 | timeoutSeconds: 1
2024-04-25T11:44:11.1005177Z 38 | resources:
2024-04-25T11:44:11.1005320Z 39 | limits:
2024-04-25T11:44:11.1005471Z 40 | cpu: 1
2024-04-25T11:44:11.1005623Z 41 | memory: 2Gi
2024-04-25T11:44:11.1005769Z 42 | requests:
2024-04-25T11:44:11.1005914Z 43 | cpu: 100m
2024-04-25T11:44:11.1006063Z 44 | memory: 745Mi
2024-04-25T11:44:11.1006073Z
2024-04-25T11:44:11.1006590Z Check: CKV2_K8S_6: "Minimize the admission of pods which lack an associated NetworkPolicy"
2024-04-25T11:44:11.1007173Z FAILED for resource: Pod.default.fixmycar-backend.app-fixmycar-backend
2024-04-25T11:44:11.1007786Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/backend-deployment.yaml:1-59
2024-04-25T11:44:11.1007794Z
2024-04-25T11:44:11.1008301Z Code lines for this resource are too many. Please use IDE of your choice to review the file.
2024-04-25T11:44:11.1008878Z Check: CKV2_K8S_6: "Minimize the admission of pods which lack an associated NetworkPolicy"
2024-04-25T11:44:11.1009894Z FAILED for resource: Pod.default.fixmycar-frontend.app-fixmycar-frontend
2024-04-25T11:44:11.1010534Z File: /gemini/sample-apps/fixmycar/cloud-sql/kubernetes/frontend-deployment.yaml:1-44
2024-04-25T11:44:11.1010545Z
2024-04-25T11:44:11.1010710Z 1 | apiVersion: apps/v1
2024-04-25T11:44:11.1010876Z 2 | kind: Deployment
2024-04-25T11:44:11.1011019Z 3 | metadata:
2024-04-25T11:44:11.1011309Z 4 | name: fixmycar-frontend
2024-04-25T11:44:11.1011477Z 5 | labels:
2024-04-25T11:44:11.1011716Z 6 | app: fixmycar-frontend
2024-04-25T11:44:11.1011844Z 7 | spec:
2024-04-25T11:44:11.1011992Z 8 | replicas: 1
2024-04-25T11:44:11.1012120Z 9 | selector:
2024-04-25T11:44:11.1012273Z 10 | matchLabels:
2024-04-25T11:44:11.1012550Z 11 | app: fixmycar-frontend
2024-04-25T11:44:11.1012719Z 12 | template:
2024-04-25T11:44:11.1012859Z 13 | metadata:
2024-04-25T11:44:11.1012996Z 14 | labels:
2024-04-25T11:44:11.1013237Z 15 | app: fixmycar-frontend
2024-04-25T11:44:11.1013373Z 16 | spec:
2024-04-25T11:44:11.1013533Z 17 | containers:
2024-04-25T11:44:11.1013769Z 18 | - name: fixmycar-frontend
2024-04-25T11:44:11.1014362Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-cloud-sql:latest
2024-04-25T11:44:11.1014557Z 20 | imagePullPolicy: Always
2024-04-25T11:44:11.1014709Z 21 | env:
2024-04-25T11:44:11.1014970Z 22 | - name: BACKEND_URL
2024-04-25T11:44:11.1015503Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080"
2024-04-25T11:44:11.1015664Z 24 | ports:
2024-04-25T11:44:11.1016183Z 25 | - containerPort: 8501
2024-04-25T11:44:11.1016352Z 26 | livenessProbe:
2024-04-25T11:44:11.1016496Z 27 | httpGet:
2024-04-25T11:44:11.1016709Z 28 | path: /_stcore/health
2024-04-25T11:44:11.1016876Z 29 | port: 8501
2024-04-25T11:44:11.1017057Z 30 | scheme: HTTP
2024-04-25T11:44:11.1017239Z 31 | timeoutSeconds: 1
2024-04-25T11:44:11.1017420Z 32 | readinessProbe:
2024-04-25T11:44:11.1017583Z 33 | httpGet:
2024-04-25T11:44:11.1017791Z 34 | path: /_stcore/health
2024-04-25T11:44:11.1017956Z 35 | port: 8501
2024-04-25T11:44:11.1018129Z 36 | scheme: HTTP
2024-04-25T11:44:11.1018326Z 37 | timeoutSeconds: 1
2024-04-25T11:44:11.1018493Z 38 | resources:
2024-04-25T11:44:11.1018934Z 39 | limits:
2024-04-25T11:44:11.1019142Z 40 | cpu: 1
2024-04-25T11:44:11.1019310Z 41 | memory: 2Gi
2024-04-25T11:44:11.1019476Z 42 | requests:
2024-04-25T11:44:11.1019634Z 43 | cpu: 100m
2024-04-25T11:44:11.1019816Z 44 | memory: 745Mi
2024-04-25T11:44:11.1019826Z
2024-04-25T11:44:11.1020416Z Check: CKV2_K8S_6: "Minimize the admission of pods which lack an associated NetworkPolicy"
2024-04-25T11:44:11.1021060Z FAILED for resource: Pod.default.fixmycar-backend.app-fixmycar-backend
2024-04-25T11:44:11.1021849Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/backend-deployment.yaml:1-34
2024-04-25T11:44:11.1021861Z
2024-04-25T11:44:11.1022055Z 1 | apiVersion: apps/v1
2024-04-25T11:44:11.1022216Z 2 | kind: Deployment
2024-04-25T11:44:11.1022360Z 3 | metadata:
2024-04-25T11:44:11.1022648Z 4 | name: fixmycar-backend
2024-04-25T11:44:11.1022797Z 5 | labels:
2024-04-25T11:44:11.1023033Z 6 | app: fixmycar-backend
2024-04-25T11:44:11.1023199Z 7 | spec:
2024-04-25T11:44:11.1023357Z 8 | replicas: 1
2024-04-25T11:44:11.1023509Z 9 | selector:
2024-04-25T11:44:11.1023684Z 10 | matchLabels:
2024-04-25T11:44:11.1023942Z 11 | app: fixmycar-backend
2024-04-25T11:44:11.1024113Z 12 | template:
2024-04-25T11:44:11.1024263Z 13 | metadata:
2024-04-25T11:44:11.1024420Z 14 | labels:
2024-04-25T11:44:11.1024968Z 15 | app: fixmycar-backend
2024-04-25T11:44:11.1025111Z 16 | spec:
2024-04-25T11:44:11.1025265Z 17 | containers:
2024-04-25T11:44:11.1025531Z 18 | - name: fixmycar-backend
2024-04-25T11:44:11.1026251Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/backend-vertex-ai-search:latest
2024-04-25T11:44:11.1026455Z 20 | imagePullPolicy: Always
2024-04-25T11:44:11.1026624Z 21 | ports:
2024-04-25T11:44:11.1026889Z 22 | - containerPort: 3100
2024-04-25T11:44:11.1027055Z 23 | resources:
2024-04-25T11:44:11.1027231Z 24 | limits:
2024-04-25T11:44:11.1027386Z 25 | cpu: "1"
2024-04-25T11:44:11.1027548Z 26 | memory: "2Gi"
2024-04-25T11:44:11.1027706Z 27 | env:
2024-04-25T11:44:11.1027941Z 28 | - name: LOG_LEVEL
2024-04-25T11:44:11.1028111Z 29 | value: "debug"
2024-04-25T11:44:11.1028397Z 30 | - name: GCP_PROJECT_ID
2024-04-25T11:44:11.1028657Z 31 | value: "PROJECT-ID"
2024-04-25T11:44:11.1028966Z 32 | - name: VERTEX_AI_DATASTORE_ID
2024-04-25T11:44:11.1029283Z 33 | value: "YOUR-DATASTORE-ID"
2024-04-25T11:44:11.1029503Z 34 | serviceAccountName: fixmycar
2024-04-25T11:44:11.1029512Z
2024-04-25T11:44:11.1030067Z Check: CKV2_K8S_6: "Minimize the admission of pods which lack an associated NetworkPolicy"
2024-04-25T11:44:11.1030605Z FAILED for resource: Pod.default.fixmycar-frontend.app-fixmycar-frontend
2024-04-25T11:44:11.1031366Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/kubernetes/frontend-deployment.yaml:1-44
2024-04-25T11:44:11.1031376Z
2024-04-25T11:44:11.1031564Z 1 | apiVersion: apps/v1
2024-04-25T11:44:11.1031730Z 2 | kind: Deployment
2024-04-25T11:44:11.1031885Z 3 | metadata:
2024-04-25T11:44:11.1032154Z 4 | name: fixmycar-frontend
2024-04-25T11:44:11.1032308Z 5 | labels:
2024-04-25T11:44:11.1032551Z 6 | app: fixmycar-frontend
2024-04-25T11:44:11.1032701Z 7 | spec:
2024-04-25T11:44:11.1032852Z 8 | replicas: 1
2024-04-25T11:44:11.1032995Z 9 | selector:
2024-04-25T11:44:11.1033161Z 10 | matchLabels:
2024-04-25T11:44:11.1033398Z 11 | app: fixmycar-frontend
2024-04-25T11:44:11.1033547Z 12 | template:
2024-04-25T11:44:11.1033686Z 13 | metadata:
2024-04-25T11:44:11.1033823Z 14 | labels:
2024-04-25T11:44:11.1034077Z 15 | app: fixmycar-frontend
2024-04-25T11:44:11.1034220Z 16 | spec:
2024-04-25T11:44:11.1034571Z 17 | containers:
2024-04-25T11:44:11.1034883Z 18 | - name: fixmycar-frontend
2024-04-25T11:44:11.1035650Z 19 | image: us-central1-docker.pkg.dev/PROJECT-ID/fixmycar/frontend-vertex-ai-search:latest
2024-04-25T11:44:11.1035856Z 20 | imagePullPolicy: Always
2024-04-25T11:44:11.1036020Z 21 | env:
2024-04-25T11:44:11.1036258Z 22 | - name: BACKEND_URL
2024-04-25T11:44:11.1036831Z 23 | value: "http://fixmycar-backend.default.svc.cluster.local:8080"
2024-04-25T11:44:11.1037004Z 24 | ports:
2024-04-25T11:44:11.1037254Z 25 | - containerPort: 8501
2024-04-25T11:44:11.1037431Z 26 | livenessProbe:
2024-04-25T11:44:11.1037608Z 27 | httpGet:
2024-04-25T11:44:11.1037803Z 28 | path: /_stcore/health
2024-04-25T11:44:11.1037967Z 29 | port: 8501
2024-04-25T11:44:11.1038149Z 30 | scheme: HTTP
2024-04-25T11:44:11.1038336Z 31 | timeoutSeconds: 1
2024-04-25T11:44:11.1038528Z 32 | readinessProbe:
2024-04-25T11:44:11.1038683Z 33 | httpGet:
2024-04-25T11:44:11.1038879Z 34 | path: /_stcore/health
2024-04-25T11:44:11.1039058Z 35 | port: 8501
2024-04-25T11:44:11.1039226Z 36 | scheme: HTTP
2024-04-25T11:44:11.1039397Z 37 | timeoutSeconds: 1
2024-04-25T11:44:11.1039563Z 38 | resources:
2024-04-25T11:44:11.1039920Z 39 | limits:
2024-04-25T11:44:11.1040069Z 40 | cpu: 1
2024-04-25T11:44:11.1040249Z 41 | memory: 2Gi
2024-04-25T11:44:11.1040407Z 42 | requests:
2024-04-25T11:44:11.1040576Z 43 | cpu: 100m
2024-04-25T11:44:11.1040762Z 44 | memory: 745Mi
2024-04-25T11:44:11.1040772Z
2024-04-25T11:44:11.1040941Z dockerfile scan results:
2024-04-25T11:44:11.1040948Z
2024-04-25T11:44:11.1041280Z Passed checks: 528, Failed checks: 20, Skipped checks: 0
2024-04-25T11:44:11.1041312Z
2024-04-25T11:44:11.1041923Z Check: CKV_DOCKER_2: "Ensure that HEALTHCHECK instructions have been added to container images"
2024-04-25T11:44:11.1042465Z FAILED for resource: /language/sample-apps/chat-streamlit/Dockerfile.
2024-04-25T11:44:11.1042888Z File: /language/sample-apps/chat-streamlit/Dockerfile:1-10
2024-04-25T11:44:11.1044635Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images
2024-04-25T11:44:11.1044657Z
2024-04-25T11:44:11.1044817Z 1 | FROM python:3.8
2024-04-25T11:44:11.1044971Z 2 |
2024-04-25T11:44:11.1045128Z 3 | EXPOSE 8080
2024-04-25T11:44:11.1045289Z 4 | WORKDIR /app
2024-04-25T11:44:11.1045446Z 5 |
2024-04-25T11:44:11.1045590Z 6 | COPY . ./
2024-04-25T11:44:11.1045726Z 7 |
2024-04-25T11:44:11.1046131Z 8 | RUN pip install --no-cache-dir -r requirements.txt
2024-04-25T11:44:11.1046273Z 9 |
2024-04-25T11:44:11.1046927Z 10 | ENTRYPOINT ["streamlit", "run", "app.py", "--server.port=8080", "--server.address=0.0.0.0"]
2024-04-25T11:44:11.1046940Z
2024-04-25T11:44:11.1047352Z Check: CKV_DOCKER_3: "Ensure that a user for the container has been created"
2024-04-25T11:44:11.1047840Z FAILED for resource: /language/sample-apps/chat-streamlit/Dockerfile.
2024-04-25T11:44:11.1048217Z File: /language/sample-apps/chat-streamlit/Dockerfile:1-10
2024-04-25T11:44:11.1049251Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created
2024-04-25T11:44:11.1049258Z
2024-04-25T11:44:11.1049359Z 1 | FROM python:3.8
2024-04-25T11:44:11.1049450Z 2 |
2024-04-25T11:44:11.1049537Z 3 | EXPOSE 8080
2024-04-25T11:44:11.1049628Z 4 | WORKDIR /app
2024-04-25T11:44:11.1049722Z 5 |
2024-04-25T11:44:11.1049816Z 6 | COPY . ./
2024-04-25T11:44:11.1049900Z 7 |
2024-04-25T11:44:11.1050390Z 8 | RUN pip install --no-cache-dir -r requirements.txt
2024-04-25T11:44:11.1050480Z 9 |
2024-04-25T11:44:11.1050888Z 10 | ENTRYPOINT ["streamlit", "run", "app.py", "--server.port=8080", "--server.address=0.0.0.0"]
2024-04-25T11:44:11.1050894Z
2024-04-25T11:44:11.1051229Z Check: CKV_DOCKER_2: "Ensure that HEALTHCHECK instructions have been added to container images"
2024-04-25T11:44:11.1051614Z FAILED for resource: /gemini/sample-apps/fixmycar/vertex-ai-search/frontend/Dockerfile.
2024-04-25T11:44:11.1051954Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/frontend/Dockerfile:1-27
2024-04-25T11:44:11.1052903Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images
2024-04-25T11:44:11.1052908Z
2024-04-25T11:44:11.1053050Z 1 | FROM python:3.8-slim
2024-04-25T11:44:11.1053131Z 2 |
2024-04-25T11:44:11.1053323Z 3 | RUN groupadd --gid 1000 appuser \
2024-04-25T11:44:11.1053571Z 4 | && useradd --uid 1000 --gid 1000 -ms /bin/bash appuser
2024-04-25T11:44:11.1053654Z 5 |
2024-04-25T11:44:11.1053848Z 6 | RUN pip3 install --no-cache-dir --upgrade \
2024-04-25T11:44:11.1053949Z 7 | pip \
2024-04-25T11:44:11.1054040Z 8 | virtualenv
2024-04-25T11:44:11.1054122Z 9 |
2024-04-25T11:44:11.1054322Z 10 | RUN apt-get update && apt-get install -y \
2024-04-25T11:44:11.1054459Z 11 | build-essential \
2024-04-25T11:44:11.1054757Z 12 | software-properties-common \
2024-04-25T11:44:11.1054860Z 13 | git
2024-04-25T11:44:11.1054943Z 14 |
2024-04-25T11:44:11.1055036Z 15 | USER appuser
2024-04-25T11:44:11.1055153Z 16 | WORKDIR /home/appuser
2024-04-25T11:44:11.1055235Z 17 |
2024-04-25T11:44:11.1055322Z 18 | COPY . .
2024-04-25T11:44:11.1055419Z 19 |
2024-04-25T11:44:11.1055541Z 20 | ENV VIRTUAL_ENV=/home/appuser/venv
2024-04-25T11:44:11.1055667Z 21 | RUN virtualenv ${VIRTUAL_ENV}
2024-04-25T11:44:11.1056278Z 22 | RUN . ${VIRTUAL_ENV}/bin/activate && pip install -r ./requirements.txt
2024-04-25T11:44:11.1056364Z 23 |
2024-04-25T11:44:11.1056453Z 24 | EXPOSE 8501
2024-04-25T11:44:11.1056548Z 25 |
2024-04-25T11:44:11.1056655Z 26 | COPY run.sh /home/appuser
2024-04-25T11:44:11.1056759Z 27 | ENTRYPOINT ["./run.sh"]
2024-04-25T11:44:11.1057122Z Check: CKV_DOCKER_2: "Ensure that HEALTHCHECK instructions have been added to container images"
2024-04-25T11:44:11.1057475Z FAILED for resource: /language/tuning/distilling_step_by_step/prediction_container/Dockerfile.
2024-04-25T11:44:11.1057862Z File: /language/tuning/distilling_step_by_step/prediction_container/Dockerfile:1-34
2024-04-25T11:44:11.1058818Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images
2024-04-25T11:44:11.1058824Z
2024-04-25T11:44:11.1058936Z 1 | # Copyright 2024 Google LLC
2024-04-25T11:44:11.1059029Z 2 | #
2024-04-25T11:44:11.1059274Z 3 | # Licensed under the Apache License, Version 2.0 (the "License");
2024-04-25T11:44:11.1059506Z 4 | # you may not use this file except in compliance with the License.
2024-04-25T11:44:11.1059672Z 5 | # You may obtain a copy of the License at
2024-04-25T11:44:11.1059760Z 6 | #
2024-04-25T11:44:11.1059991Z 7 | # http://www.apache.org/licenses/LICENSE-2.0
2024-04-25T11:44:11.1060074Z 8 | #
2024-04-25T11:44:11.1060326Z 9 | # Unless required by applicable law or agreed to in writing, software
2024-04-25T11:44:11.1060598Z 10 | # distributed under the License is distributed on an "AS IS" BASIS,
2024-04-25T11:44:11.1060873Z 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
2024-04-25T11:44:11.1061126Z 12 | # See the License for the specific language governing permissions and
2024-04-25T11:44:11.1061261Z 13 | # limitations under the License.
2024-04-25T11:44:11.1061351Z 14 |
2024-04-25T11:44:11.1061575Z 15 | FROM tiangolo/uvicorn-gunicorn-fastapi:python3.9
2024-04-25T11:44:11.1061866Z 16 |
2024-04-25T11:44:11.1062038Z 17 | LABEL com.nvidia.volumes.needed=nvidia_driver
2024-04-25T11:44:11.1062122Z 18 |
2024-04-25T11:44:11.1062458Z 19 | # ENV PATH=/opt/conda/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
2024-04-25T11:44:11.1062578Z 20 | ENV NVIDIA_VISIBLE_DEVICES=all
2024-04-25T11:44:11.1062753Z 21 | ENV NVIDIA_DRIVER_CAPABILITIES=compute,utility
2024-04-25T11:44:11.1062988Z 22 | ENV LD_LIBRARY_PATH=/usr/local/nvidia/lib:/usr/local/nvidia/lib64
2024-04-25T11:44:11.1063071Z 23 |
2024-04-25T11:44:11.1063192Z 24 | # hadolint ignore=DL3013
2024-04-25T11:44:11.1063445Z 25 | RUN python3 -m pip install --upgrade --no-cache-dir pip
2024-04-25T11:44:11.1063583Z 26 |
2024-04-25T11:44:11.1063708Z 27 | COPY ./app /app
2024-04-25T11:44:11.1064055Z 28 | RUN pip3 --timeout=300 --no-cache-dir install -r /app/requirements-torch.txt \
2024-04-25T11:44:11.1064346Z 29 | && pip3 --timeout=300 --no-cache-dir install -r /app/requirements.txt
2024-04-25T11:44:11.1064439Z 30 |
2024-04-25T11:44:11.1064533Z 31 | EXPOSE 7080
2024-04-25T11:44:11.1064617Z 32 |
2024-04-25T11:44:11.1064734Z 33 | # Start the app
2024-04-25T11:44:11.1065216Z 34 | CMD ["gunicorn", "-b", "0.0.0.0:7080", "main:app","--workers","1","--timeout","180","-k","uvicorn.workers.UvicornWorker"]
2024-04-25T11:44:11.1065221Z
2024-04-25T11:44:11.1065480Z Check: CKV_DOCKER_3: "Ensure that a user for the container has been created"
2024-04-25T11:44:11.1065994Z FAILED for resource: /language/tuning/distilling_step_by_step/prediction_container/Dockerfile.
2024-04-25T11:44:11.1066351Z File: /language/tuning/distilling_step_by_step/prediction_container/Dockerfile:1-34
2024-04-25T11:44:11.1067284Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created
2024-04-25T11:44:11.1067290Z
2024-04-25T11:44:11.1067403Z 1 | # Copyright 2024 Google LLC
2024-04-25T11:44:11.1067487Z 2 | #
2024-04-25T11:44:11.1067736Z 3 | # Licensed under the Apache License, Version 2.0 (the "License");
2024-04-25T11:44:11.1067974Z 4 | # you may not use this file except in compliance with the License.
2024-04-25T11:44:11.1068121Z 5 | # You may obtain a copy of the License at
2024-04-25T11:44:11.1068213Z 6 | #
2024-04-25T11:44:11.1068426Z 7 | # http://www.apache.org/licenses/LICENSE-2.0
2024-04-25T11:44:11.1068529Z 8 | #
2024-04-25T11:44:11.1068778Z 9 | # Unless required by applicable law or agreed to in writing, software
2024-04-25T11:44:11.1069018Z 10 | # distributed under the License is distributed on an "AS IS" BASIS,
2024-04-25T11:44:11.1069300Z 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
2024-04-25T11:44:11.1069547Z 12 | # See the License for the specific language governing permissions and
2024-04-25T11:44:11.1069669Z 13 | # limitations under the License.
2024-04-25T11:44:11.1069763Z 14 |
2024-04-25T11:44:11.1069985Z 15 | FROM tiangolo/uvicorn-gunicorn-fastapi:python3.9
2024-04-25T11:44:11.1070067Z 16 |
2024-04-25T11:44:11.1070245Z 17 | LABEL com.nvidia.volumes.needed=nvidia_driver
2024-04-25T11:44:11.1070324Z 18 |
2024-04-25T11:44:11.1070639Z 19 | # ENV PATH=/opt/conda/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
2024-04-25T11:44:11.1070785Z 20 | ENV NVIDIA_VISIBLE_DEVICES=all
2024-04-25T11:44:11.1070946Z 21 | ENV NVIDIA_DRIVER_CAPABILITIES=compute,utility
2024-04-25T11:44:11.1071173Z 22 | ENV LD_LIBRARY_PATH=/usr/local/nvidia/lib:/usr/local/nvidia/lib64
2024-04-25T11:44:11.1071273Z 23 |
2024-04-25T11:44:11.1071385Z 24 | # hadolint ignore=DL3013
2024-04-25T11:44:11.1071645Z 25 | RUN python3 -m pip install --upgrade --no-cache-dir pip
2024-04-25T11:44:11.1071728Z 26 |
2024-04-25T11:44:11.1071823Z 27 | COPY ./app /app
2024-04-25T11:44:11.1072184Z 28 | RUN pip3 --timeout=300 --no-cache-dir install -r /app/requirements-torch.txt \
2024-04-25T11:44:11.1072651Z 29 | && pip3 --timeout=300 --no-cache-dir install -r /app/requirements.txt
2024-04-25T11:44:11.1072742Z 30 |
2024-04-25T11:44:11.1072849Z 31 | EXPOSE 7080
2024-04-25T11:44:11.1072932Z 32 |
2024-04-25T11:44:11.1073026Z 33 | # Start the app
2024-04-25T11:44:11.1073524Z 34 | CMD ["gunicorn", "-b", "0.0.0.0:7080", "main:app","--workers","1","--timeout","180","-k","uvicorn.workers.UvicornWorker"]
2024-04-25T11:44:11.1073529Z
2024-04-25T11:44:11.1073874Z Check: CKV_DOCKER_2: "Ensure that HEALTHCHECK instructions have been added to container images"
2024-04-25T11:44:11.1074071Z FAILED for resource: /search/web-app/Dockerfile.
2024-04-25T11:44:11.1074244Z File: /search/web-app/Dockerfile:1-22
2024-04-25T11:44:11.1075191Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images
2024-04-25T11:44:11.1075197Z
2024-04-25T11:44:11.1075370Z 1 | # Use the official lightweight Python image.
2024-04-25T11:44:11.1075508Z 2 | # https://hub.docker.com/_/python
2024-04-25T11:44:11.1075641Z 3 | FROM python:3.11-slim
2024-04-25T11:44:11.1075733Z 4 |
2024-04-25T11:44:11.1076012Z 5 | # Allow statements and log messages to immediately appear in the Knative logs
2024-04-25T11:44:11.1076125Z 6 | ENV PYTHONUNBUFFERED True
2024-04-25T11:44:11.1076219Z 7 |
2024-04-25T11:44:11.1076366Z 8 | # Copy local code to the container image.
2024-04-25T11:44:11.1076592Z 9 | ENV APP_HOME /app
2024-04-25T11:44:11.1076701Z 10 | WORKDIR $APP_HOME
2024-04-25T11:44:11.1076792Z 11 | COPY . ./
2024-04-25T11:44:11.1076874Z 12 |
2024-04-25T11:44:11.1077021Z 13 | # Install production dependencies.
2024-04-25T11:44:11.1077249Z 14 | RUN pip install --no-cache-dir -r requirements.txt
2024-04-25T11:44:11.1077369Z 15 |
2024-04-25T11:44:11.1077618Z 16 | # Run the web service on container startup. Here we use the gunicorn
2024-04-25T11:44:11.1077795Z 17 | # webserver, with one worker process and 8 threads.
2024-04-25T11:44:11.1078081Z 18 | # For environments with multiple CPU cores, increase the number of workers
2024-04-25T11:44:11.1078214Z 19 | # to be equal to the cores available.
2024-04-25T11:44:11.1078609Z 20 | # Timeout is set to 0 to disable the timeouts of the workers to allow Cloud Run to handle instance scaling.
2024-04-25T11:44:11.1078728Z 21 | # hadolint ignore=DL3025
2024-04-25T11:44:11.1079060Z 22 | CMD exec gunicorn --bind :$PORT --workers 1 --threads 8 --timeout 0 main:app
2024-04-25T11:44:11.1079069Z
2024-04-25T11:44:11.1079328Z Check: CKV_DOCKER_3: "Ensure that a user for the container has been created"
2024-04-25T11:44:11.1079546Z FAILED for resource: /search/web-app/Dockerfile.
2024-04-25T11:44:11.1079704Z File: /search/web-app/Dockerfile:1-22
2024-04-25T11:44:11.1080547Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created
2024-04-25T11:44:11.1080553Z
2024-04-25T11:44:11.1080717Z 1 | # Use the official lightweight Python image.
2024-04-25T11:44:11.1080893Z 2 | # https://hub.docker.com/_/python
2024-04-25T11:44:11.1081041Z 3 | FROM python:3.11-slim
2024-04-25T11:44:11.1081122Z 4 |
2024-04-25T11:44:11.1081413Z 5 | # Allow statements and log messages to immediately appear in the Knative logs
2024-04-25T11:44:11.1081543Z 6 | ENV PYTHONUNBUFFERED True
2024-04-25T11:44:11.1081627Z 7 |
2024-04-25T11:44:11.1081772Z 8 | # Copy local code to the container image.
2024-04-25T11:44:11.1081887Z 9 | ENV APP_HOME /app
2024-04-25T11:44:11.1081984Z 10 | WORKDIR $APP_HOME
2024-04-25T11:44:11.1082075Z 11 | COPY . ./
2024-04-25T11:44:11.1082167Z 12 |
2024-04-25T11:44:11.1082293Z 13 | # Install production dependencies.
2024-04-25T11:44:11.1082527Z 14 | RUN pip install --no-cache-dir -r requirements.txt
2024-04-25T11:44:11.1082611Z 15 |
2024-04-25T11:44:11.1082856Z 16 | # Run the web service on container startup. Here we use the gunicorn
2024-04-25T11:44:11.1083175Z 17 | # webserver, with one worker process and 8 threads.
2024-04-25T11:44:11.1083450Z 18 | # For environments with multiple CPU cores, increase the number of workers
2024-04-25T11:44:11.1083583Z 19 | # to be equal to the cores available.
2024-04-25T11:44:11.1083998Z 20 | # Timeout is set to 0 to disable the timeouts of the workers to allow Cloud Run to handle instance scaling.
2024-04-25T11:44:11.1084109Z 21 | # hadolint ignore=DL3025
2024-04-25T11:44:11.1084440Z 22 | CMD exec gunicorn --bind :$PORT --workers 1 --threads 8 --timeout 0 main:app
2024-04-25T11:44:11.1084446Z
2024-04-25T11:44:11.1084803Z Check: CKV_DOCKER_2: "Ensure that HEALTHCHECK instructions have been added to container images"
2024-04-25T11:44:11.1085137Z FAILED for resource: /gemini/sample-apps/gemini-streamlit-cloudrun/Dockerfile.
2024-04-25T11:44:11.1085435Z File: /gemini/sample-apps/gemini-streamlit-cloudrun/Dockerfile:1-10
2024-04-25T11:44:11.1086378Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images
2024-04-25T11:44:11.1086384Z
2024-04-25T11:44:11.1086480Z 1 | FROM python:3.8
2024-04-25T11:44:11.1086580Z 2 |
2024-04-25T11:44:11.1086673Z 3 | EXPOSE 8080
2024-04-25T11:44:11.1086764Z 4 | WORKDIR /app
2024-04-25T11:44:11.1086858Z 5 |
2024-04-25T11:44:11.1086945Z 6 | COPY . ./
2024-04-25T11:44:11.1087148Z 7 |
2024-04-25T11:44:11.1087334Z 8 | RUN pip install -r requirements.txt
2024-04-25T11:44:11.1087416Z 9 |
2024-04-25T11:44:11.1087805Z 10 | ENTRYPOINT ["streamlit", "run", "app.py", "--server.port=8080", "--server.address=0.0.0.0"]
2024-04-25T11:44:11.1088078Z Check: CKV_DOCKER_3: "Ensure that a user for the container has been created"
2024-04-25T11:44:11.1088415Z FAILED for resource: /gemini/sample-apps/gemini-streamlit-cloudrun/Dockerfile.
2024-04-25T11:44:11.1088717Z File: /gemini/sample-apps/gemini-streamlit-cloudrun/Dockerfile:1-10
2024-04-25T11:44:11.1089533Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created
2024-04-25T11:44:11.1089538Z
2024-04-25T11:44:11.1089637Z 1 | FROM python:3.8
2024-04-25T11:44:11.1089732Z 2 |
2024-04-25T11:44:11.1089833Z 3 | EXPOSE 8080
2024-04-25T11:44:11.1089923Z 4 | WORKDIR /app
2024-04-25T11:44:11.1090026Z 5 |
2024-04-25T11:44:11.1090118Z 6 | COPY . ./
2024-04-25T11:44:11.1090197Z 7 |
2024-04-25T11:44:11.1090372Z 8 | RUN pip install -r requirements.txt
2024-04-25T11:44:11.1090454Z 9 |
2024-04-25T11:44:11.1090834Z 10 | ENTRYPOINT ["streamlit", "run", "app.py", "--server.port=8080", "--server.address=0.0.0.0"]
2024-04-25T11:44:11.1091179Z Check: CKV_DOCKER_2: "Ensure that HEALTHCHECK instructions have been added to container images"
2024-04-25T11:44:11.1091512Z FAILED for resource: /gemini/sample-apps/fixmycar/cloud-sql/backend/Dockerfile.
2024-04-25T11:44:11.1091808Z File: /gemini/sample-apps/fixmycar/cloud-sql/backend/Dockerfile:1-32
2024-04-25T11:44:11.1092737Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images
2024-04-25T11:44:11.1092742Z
2024-04-25T11:44:11.1093015Z 1 | # Base image with Java 17 (using a lightweight Alpine variant for efficiency)
2024-04-25T11:44:11.1093240Z 2 | FROM eclipse-temurin:17-jdk-alpine as builder
2024-04-25T11:44:11.1093321Z 3 |
2024-04-25T11:44:11.1093433Z 4 | # Set working directory
2024-04-25T11:44:11.1093559Z 5 | WORKDIR /workspace/app
2024-04-25T11:44:11.1093639Z 6 |
2024-04-25T11:44:11.1093893Z 7 | # Copy Maven dependencies (for efficient caching and layer separation)
2024-04-25T11:44:11.1094002Z 8 | COPY mvnw .
2024-04-25T11:44:11.1094101Z 9 | COPY .mvn .mvn
2024-04-25T11:44:11.1094219Z 10 | COPY pom.xml .
2024-04-25T11:44:11.1094389Z 11 | RUN ./mvnw dependency:go-offline -B
2024-04-25T11:44:11.1094631Z 12 |
2024-04-25T11:44:11.1094761Z 13 | # Copy project source code
2024-04-25T11:44:11.1094854Z 14 | COPY src src
2024-04-25T11:44:11.1094937Z 15 |
2024-04-25T11:44:11.1095083Z 16 | # Build the application with Maven
2024-04-25T11:44:11.1095240Z 17 | RUN ./mvnw package -DskipTests
2024-04-25T11:44:11.1095323Z 18 |
2024-04-25T11:44:11.1095475Z 19 | # Create a lightweight runtime image
2024-04-25T11:44:11.1095638Z 20 | FROM eclipse-temurin:17-jdk-alpine
2024-04-25T11:44:11.1095718Z 21 |
2024-04-25T11:44:11.1096073Z 22 | # Set working directory
2024-04-25T11:44:11.1096225Z 23 | WORKDIR /app
2024-04-25T11:44:11.1096308Z 24 |
2024-04-25T11:44:11.1096493Z 25 | # Copy the built JAR file from the builder stage
2024-04-25T11:44:11.1096765Z 26 | COPY --from=builder /workspace/app/target/*.jar /app/app.jar
2024-04-25T11:44:11.1096846Z 27 |
2024-04-25T11:44:11.1097134Z 28 | # Expose the application port (replace with your actual port if different)
2024-04-25T11:44:11.1097236Z 29 | EXPOSE 8080
2024-04-25T11:44:11.1097317Z 30 |
2024-04-25T11:44:11.1097572Z 31 | # Run the application using Spring Boot's executable JAR
2024-04-25T11:44:11.1097768Z 32 | ENTRYPOINT ["java", "-jar", "/app/app.jar"]
2024-04-25T11:44:11.1098048Z Check: CKV_DOCKER_3: "Ensure that a user for the container has been created"
2024-04-25T11:44:11.1098390Z FAILED for resource: /gemini/sample-apps/fixmycar/cloud-sql/backend/Dockerfile.
2024-04-25T11:44:11.1098842Z File: /gemini/sample-apps/fixmycar/cloud-sql/backend/Dockerfile:1-32
2024-04-25T11:44:11.1099666Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created
2024-04-25T11:44:11.1099672Z
2024-04-25T11:44:11.1099949Z 1 | # Base image with Java 17 (using a lightweight Alpine variant for efficiency)
2024-04-25T11:44:11.1100151Z 2 | FROM eclipse-temurin:17-jdk-alpine as builder
2024-04-25T11:44:11.1100249Z 3 |
2024-04-25T11:44:11.1100361Z 4 | # Set working directory
2024-04-25T11:44:11.1100474Z 5 | WORKDIR /workspace/app
2024-04-25T11:44:11.1100575Z 6 |
2024-04-25T11:44:11.1100830Z 7 | # Copy Maven dependencies (for efficient caching and layer separation)
2024-04-25T11:44:11.1100943Z 8 | COPY mvnw .
2024-04-25T11:44:11.1101038Z 9 | COPY .mvn .mvn
2024-04-25T11:44:11.1101131Z 10 | COPY pom.xml .
2024-04-25T11:44:11.1101311Z 11 | RUN ./mvnw dependency:go-offline -B
2024-04-25T11:44:11.1101392Z 12 |
2024-04-25T11:44:11.1101502Z 13 | # Copy project source code
2024-04-25T11:44:11.1101608Z 14 | COPY src src
2024-04-25T11:44:11.1101689Z 15 |
2024-04-25T11:44:11.1101813Z 16 | # Build the application with Maven
2024-04-25T11:44:11.1101977Z 17 | RUN ./mvnw package -DskipTests
2024-04-25T11:44:11.1102064Z 18 |
2024-04-25T11:44:11.1102199Z 19 | # Create a lightweight runtime image
2024-04-25T11:44:11.1102366Z 20 | FROM eclipse-temurin:17-jdk-alpine
2024-04-25T11:44:11.1102450Z 21 |
2024-04-25T11:44:11.1102555Z 22 | # Set working directory
2024-04-25T11:44:11.1102669Z 23 | WORKDIR /app
2024-04-25T11:44:11.1102760Z 24 |
2024-04-25T11:44:11.1102929Z 25 | # Copy the built JAR file from the builder stage
2024-04-25T11:44:11.1103205Z 26 | COPY --from=builder /workspace/app/target/*.jar /app/app.jar
2024-04-25T11:44:11.1103288Z 27 |
2024-04-25T11:44:11.1103557Z 28 | # Expose the application port (replace with your actual port if different)
2024-04-25T11:44:11.1103674Z 29 | EXPOSE 8080
2024-04-25T11:44:11.1103759Z 30 |
2024-04-25T11:44:11.1104002Z 31 | # Run the application using Spring Boot's executable JAR
2024-04-25T11:44:11.1104200Z 32 | ENTRYPOINT ["java", "-jar", "/app/app.jar"]
2024-04-25T11:44:11.1104536Z Check: CKV_DOCKER_2: "Ensure that HEALTHCHECK instructions have been added to container images"
2024-04-25T11:44:11.1104804Z FAILED for resource: /gemini/sample-apps/genwealth/Dockerfile.
2024-04-25T11:44:11.1105161Z File: /gemini/sample-apps/genwealth/Dockerfile:1-39
2024-04-25T11:44:11.1106111Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images
2024-04-25T11:44:11.1106118Z
2024-04-25T11:44:11.1106218Z 1 | ##
2024-04-25T11:44:11.1106329Z 2 | ## Stage 1: Build the API
2024-04-25T11:44:11.1106420Z 3 | ##
2024-04-25T11:44:11.1106597Z 4 | FROM node:lts-alpine AS api-build
2024-04-25T11:44:11.1106681Z 5 |
2024-04-25T11:44:11.1106772Z 6 | WORKDIR /src
2024-04-25T11:44:11.1106881Z 7 | COPY ./api .
2024-04-25T11:44:11.1106960Z 8 |
2024-04-25T11:44:11.1107053Z 9 | RUN npm install
2024-04-25T11:44:11.1107208Z 10 | RUN npx tsc --outDir /dist
2024-04-25T11:44:11.1107296Z 11 |
2024-04-25T11:44:11.1107379Z 12 | ##
2024-04-25T11:44:11.1107503Z 13 | ## Stage 2: Build the UI
2024-04-25T11:44:11.1107584Z 14 | ##
2024-04-25T11:44:11.1107749Z 15 | FROM node:lts-alpine AS ui-build
2024-04-25T11:44:11.1107837Z 16 |
2024-04-25T11:44:11.1107928Z 17 | WORKDIR /app
2024-04-25T11:44:11.1108031Z 18 | COPY ./ui .
2024-04-25T11:44:11.1108117Z 19 |
2024-04-25T11:44:11.1108209Z 20 | RUN npm install
2024-04-25T11:44:11.1108391Z 21 | RUN npx ng build --output-path /dist
2024-04-25T11:44:11.1108477Z 22 |
2024-04-25T11:44:11.1108560Z 23 | ##
2024-04-25T11:44:11.1108673Z 24 | ## Stage 3: Build Runtime
2024-04-25T11:44:11.1108875Z 25 | ##
2024-04-25T11:44:11.1109026Z 26 | FROM node:lts-alpine AS runtime
2024-04-25T11:44:11.1109125Z 27 |
2024-04-25T11:44:11.1109220Z 28 | WORKDIR /app
2024-04-25T11:44:11.1109310Z 29 |
2024-04-25T11:44:11.1109536Z 30 | # Copy build artifacts from the api-build stage
2024-04-25T11:44:11.1109685Z 31 | COPY --from=api-build /dist .
2024-04-25T11:44:11.1109917Z 32 | COPY --from=api-build /src/node_modules ./node_modules
2024-04-25T11:44:11.1110017Z 33 |
2024-04-25T11:44:11.1110222Z 34 | # Copy build artifacts from the ui-build stage
2024-04-25T11:44:11.1110471Z 35 | COPY --from=ui-build /dist ./ui/dist/genwealth-advisor-ui
2024-04-25T11:44:11.1110574Z 36 |
2024-04-25T11:44:11.1110664Z 37 | EXPOSE 8080
2024-04-25T11:44:11.1110747Z 38 |
2024-04-25T11:44:11.1110868Z 39 | CMD ["node", "index.js"]
2024-04-25T11:44:11.1110873Z
2024-04-25T11:44:11.1111131Z Check: CKV_DOCKER_3: "Ensure that a user for the container has been created"
2024-04-25T11:44:11.1111411Z FAILED for resource: /gemini/sample-apps/genwealth/Dockerfile.
2024-04-25T11:44:11.1111619Z File: /gemini/sample-apps/genwealth/Dockerfile:1-39
2024-04-25T11:44:11.1112433Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created
2024-04-25T11:44:11.1112438Z
2024-04-25T11:44:11.1112542Z 1 | ##
2024-04-25T11:44:11.1112649Z 2 | ## Stage 1: Build the API
2024-04-25T11:44:11.1112731Z 3 | ##
2024-04-25T11:44:11.1112906Z 4 | FROM node:lts-alpine AS api-build
2024-04-25T11:44:11.1112995Z 5 |
2024-04-25T11:44:11.1113087Z 6 | WORKDIR /src
2024-04-25T11:44:11.1113205Z 7 | COPY ./api .
2024-04-25T11:44:11.1113295Z 8 |
2024-04-25T11:44:11.1113390Z 9 | RUN npm install
2024-04-25T11:44:11.1113552Z 10 | RUN npx tsc --outDir /dist
2024-04-25T11:44:11.1113634Z 11 |
2024-04-25T11:44:11.1113714Z 12 | ##
2024-04-25T11:44:11.1113843Z 13 | ## Stage 2: Build the UI
2024-04-25T11:44:11.1113935Z 14 | ##
2024-04-25T11:44:11.1114087Z 15 | FROM node:lts-alpine AS ui-build
2024-04-25T11:44:11.1114187Z 16 |
2024-04-25T11:44:11.1114275Z 17 | WORKDIR /app
2024-04-25T11:44:11.1114363Z 18 | COPY ./ui .
2024-04-25T11:44:11.1114457Z 19 |
2024-04-25T11:44:11.1114551Z 20 | RUN npm install
2024-04-25T11:44:11.1114734Z 21 | RUN npx ng build --output-path /dist
2024-04-25T11:44:11.1114826Z 22 |
2024-04-25T11:44:11.1114905Z 23 | ##
2024-04-25T11:44:11.1115017Z 24 | ## Stage 3: Build Runtime
2024-04-25T11:44:11.1115101Z 25 | ##
2024-04-25T11:44:11.1115375Z 26 | FROM node:lts-alpine AS runtime
2024-04-25T11:44:11.1115476Z 27 |
2024-04-25T11:44:11.1115572Z 28 | WORKDIR /app
2024-04-25T11:44:11.1115650Z 29 |
2024-04-25T11:44:11.1115875Z 30 | # Copy build artifacts from the api-build stage
2024-04-25T11:44:11.1116018Z 31 | COPY --from=api-build /dist .
2024-04-25T11:44:11.1116245Z 32 | COPY --from=api-build /src/node_modules ./node_modules
2024-04-25T11:44:11.1116333Z 33 |
2024-04-25T11:44:11.1116535Z 34 | # Copy build artifacts from the ui-build stage
2024-04-25T11:44:11.1116782Z 35 | COPY --from=ui-build /dist ./ui/dist/genwealth-advisor-ui
2024-04-25T11:44:11.1116877Z 36 |
2024-04-25T11:44:11.1116970Z 37 | EXPOSE 8080
2024-04-25T11:44:11.1117049Z 38 |
2024-04-25T11:44:11.1117166Z 39 | CMD ["node", "index.js"]
2024-04-25T11:44:11.1117171Z
2024-04-25T11:44:11.1117514Z Check: CKV_DOCKER_2: "Ensure that HEALTHCHECK instructions have been added to container images"
2024-04-25T11:44:11.1117891Z FAILED for resource: /gemini/sample-apps/fixmycar/vertex-ai-search/backend/Dockerfile.
2024-04-25T11:44:11.1118220Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/backend/Dockerfile:1-32
2024-04-25T11:44:11.1119158Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images
2024-04-25T11:44:11.1119163Z
2024-04-25T11:44:11.1119453Z 1 | # Base image with Java 17 (using a lightweight Alpine variant for efficiency)
2024-04-25T11:44:11.1119778Z 2 | FROM eclipse-temurin:17-jdk-alpine as builder
2024-04-25T11:44:11.1119862Z 3 |
2024-04-25T11:44:11.1119978Z 4 | # Set working directory
2024-04-25T11:44:11.1120084Z 5 | WORKDIR /workspace/app
2024-04-25T11:44:11.1120165Z 6 |
2024-04-25T11:44:11.1120434Z 7 | # Copy Maven dependencies (for efficient caching and layer separation)
2024-04-25T11:44:11.1120521Z 8 | COPY mvnw .
2024-04-25T11:44:11.1120615Z 9 | COPY .mvn .mvn
2024-04-25T11:44:11.1120722Z 10 | COPY pom.xml .
2024-04-25T11:44:11.1120895Z 11 | RUN ./mvnw dependency:go-offline -B
2024-04-25T11:44:11.1120988Z 12 |
2024-04-25T11:44:11.1121100Z 13 | # Copy project source code
2024-04-25T11:44:11.1121194Z 14 | COPY src src
2024-04-25T11:44:11.1121297Z 15 |
2024-04-25T11:44:11.1121428Z 16 | # Build the application with Maven
2024-04-25T11:44:11.1121578Z 17 | RUN ./mvnw package -DskipTests
2024-04-25T11:44:11.1121676Z 18 |
2024-04-25T11:44:11.1121807Z 19 | # Create a lightweight runtime image
2024-04-25T11:44:11.1121967Z 20 | FROM eclipse-temurin:17-jdk-alpine
2024-04-25T11:44:11.1122066Z 21 |
2024-04-25T11:44:11.1122175Z 22 | # Set working directory
2024-04-25T11:44:11.1122267Z 23 | WORKDIR /app
2024-04-25T11:44:11.1122367Z 24 |
2024-04-25T11:44:11.1122536Z 25 | # Copy the built JAR file from the builder stage
2024-04-25T11:44:11.1122793Z 26 | COPY --from=builder /workspace/app/target/*.jar /app/app.jar
2024-04-25T11:44:11.1122891Z 27 |
2024-04-25T11:44:11.1123164Z 28 | # Expose the application port (replace with your actual port if different)
2024-04-25T11:44:11.1123256Z 29 | EXPOSE 8080
2024-04-25T11:44:11.1123350Z 30 |
2024-04-25T11:44:11.1123592Z 31 | # Run the application using Spring Boot's executable JAR
2024-04-25T11:44:11.1123783Z 32 | ENTRYPOINT ["java", "-jar", "/app/app.jar"]
2024-04-25T11:44:11.1124054Z Check: CKV_DOCKER_3: "Ensure that a user for the container has been created"
2024-04-25T11:44:11.1124426Z FAILED for resource: /gemini/sample-apps/fixmycar/vertex-ai-search/backend/Dockerfile.
2024-04-25T11:44:11.1124767Z File: /gemini/sample-apps/fixmycar/vertex-ai-search/backend/Dockerfile:1-32
2024-04-25T11:44:11.1125574Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created
2024-04-25T11:44:11.1125579Z
2024-04-25T11:44:11.1125846Z 1 | # Base image with Java 17 (using a lightweight Alpine variant for efficiency)
2024-04-25T11:44:11.1126184Z 2 | FROM eclipse-temurin:17-jdk-alpine as builder
2024-04-25T11:44:11.1126267Z 3 |
2024-04-25T11:44:11.1126370Z 4 | # Set working directory
2024-04-25T11:44:11.1126491Z 5 | WORKDIR /workspace/app
2024-04-25T11:44:11.1126575Z 6 |
2024-04-25T11:44:11.1127012Z 7 | # Copy Maven dependencies (for efficient caching and layer separation)
2024-04-25T11:44:11.1127191Z 8 | COPY mvnw .
2024-04-25T11:44:11.1127312Z 9 | COPY .mvn .mvn
2024-04-25T11:44:11.1127423Z 10 | COPY pom.xml .
2024-04-25T11:44:11.1127613Z 11 | RUN ./mvnw dependency:go-offline -B
2024-04-25T11:44:11.1127693Z 12 |
2024-04-25T11:44:11.1127814Z 13 | # Copy project source code
2024-04-25T11:44:11.1127908Z 14 | COPY src src
2024-04-25T11:44:11.1127987Z 15 |
2024-04-25T11:44:11.1128129Z 16 | # Build the application with Maven
2024-04-25T11:44:11.1128280Z 17 | RUN ./mvnw package -DskipTests
2024-04-25T11:44:11.1128362Z 18 |
2024-04-25T11:44:11.1128506Z 19 | # Create a lightweight runtime image
2024-04-25T11:44:11.1128669Z 20 | FROM eclipse-temurin:17-jdk-alpine
2024-04-25T11:44:11.1128753Z 21 |
2024-04-25T11:44:11.1128866Z 22 | # Set working directory
2024-04-25T11:44:11.1128957Z 23 | WORKDIR /app
2024-04-25T11:44:11.1129040Z 24 |
2024-04-25T11:44:11.1129223Z 25 | # Copy the built JAR file from the builder stage
2024-04-25T11:44:11.1129488Z 26 | COPY --from=builder /workspace/app/target/*.jar /app/app.jar
2024-04-25T11:44:11.1129751Z 27 |
2024-04-25T11:44:11.1130034Z 28 | # Expose the application port (replace with your actual port if different)
2024-04-25T11:44:11.1130127Z 29 | EXPOSE 8080
2024-04-25T11:44:11.1130206Z 30 |
2024-04-25T11:44:11.1130467Z 31 | # Run the application using Spring Boot's executable JAR
2024-04-25T11:44:11.1130656Z 32 | ENTRYPOINT ["java", "-jar", "/app/app.jar"]
2024-04-25T11:44:11.1131009Z Check: CKV_DOCKER_2: "Ensure that HEALTHCHECK instructions have been added to container images"
2024-04-25T11:44:11.1131330Z FAILED for resource: /language/sample-apps/chat-flask-cloudrun/Dockerfile.
2024-04-25T11:44:11.1131600Z File: /language/sample-apps/chat-flask-cloudrun/Dockerfile:1-10
2024-04-25T11:44:11.1132552Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images
2024-04-25T11:44:11.1132559Z
2024-04-25T11:44:11.1132654Z 1 | FROM python:3.8
2024-04-25T11:44:11.1132744Z 2 |
2024-04-25T11:44:11.1132848Z 3 | EXPOSE 8080
2024-04-25T11:44:11.1132939Z 4 | WORKDIR /app
2024-04-25T11:44:11.1133019Z 5 |
2024-04-25T11:44:11.1133117Z 6 | COPY . ./
2024-04-25T11:44:11.1133196Z 7 |
2024-04-25T11:44:11.1133366Z 8 | RUN pip install -r requirements.txt
2024-04-25T11:44:11.1133460Z 9 |
2024-04-25T11:44:11.1133571Z 10 | CMD ["python", "app.py"]
2024-04-25T11:44:11.1133826Z Check: CKV_DOCKER_3: "Ensure that a user for the container has been created"
2024-04-25T11:44:11.1134152Z FAILED for resource: /language/sample-apps/chat-flask-cloudrun/Dockerfile.
2024-04-25T11:44:11.1134413Z File: /language/sample-apps/chat-flask-cloudrun/Dockerfile:1-10
2024-04-25T11:44:11.1135223Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created
2024-04-25T11:44:11.1135228Z
2024-04-25T11:44:11.1135320Z 1 | FROM python:3.8
2024-04-25T11:44:11.1135401Z 2 |
2024-04-25T11:44:11.1135505Z 3 | EXPOSE 8080
2024-04-25T11:44:11.1135595Z 4 | WORKDIR /app
2024-04-25T11:44:11.1135673Z 5 |
2024-04-25T11:44:11.1135969Z 6 | COPY . ./
2024-04-25T11:44:11.1136097Z 7 |
2024-04-25T11:44:11.1136322Z 8 | RUN pip install -r requirements.txt
2024-04-25T11:44:11.1136420Z 9 |
2024-04-25T11:44:11.1136526Z 10 | CMD ["python", "app.py"]
2024-04-25T11:44:11.1136864Z Check: CKV_DOCKER_2: "Ensure that HEALTHCHECK instructions have been added to container images"
2024-04-25T11:44:11.1137314Z FAILED for resource: /language/sample-apps/chat-gradio/Dockerfile.
2024-04-25T11:44:11.1137544Z File: /language/sample-apps/chat-gradio/Dockerfile:1-10
2024-04-25T11:44:11.1138489Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images
2024-04-25T11:44:11.1138495Z
2024-04-25T11:44:11.1138589Z 1 | FROM python:3.11
2024-04-25T11:44:11.1138676Z 2 |
2024-04-25T11:44:11.1138779Z 3 | EXPOSE 8080
2024-04-25T11:44:11.1138867Z 4 | WORKDIR /app
2024-04-25T11:44:11.1138946Z 5 |
2024-04-25T11:44:11.1139046Z 6 | COPY . ./
2024-04-25T11:44:11.1139130Z 7 |
2024-04-25T11:44:11.1139296Z 8 | RUN pip install -r requirements.txt
2024-04-25T11:44:11.1139391Z 9 |
2024-04-25T11:44:11.1139492Z 10 | CMD ["python", "app.py"]
2024-04-25T11:44:11.1139746Z Check: CKV_DOCKER_3: "Ensure that a user for the container has been created"
2024-04-25T11:44:11.1140034Z FAILED for resource: /language/sample-apps/chat-gradio/Dockerfile.
2024-04-25T11:44:11.1140251Z File: /language/sample-apps/chat-gradio/Dockerfile:1-10
2024-04-25T11:44:11.1141063Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created
2024-04-25T11:44:11.1141069Z
2024-04-25T11:44:11.1141169Z 1 | FROM python:3.11
2024-04-25T11:44:11.1141251Z 2 |
2024-04-25T11:44:11.1141503Z 3 | EXPOSE 8080
2024-04-25T11:44:11.1141594Z 4 | WORKDIR /app
2024-04-25T11:44:11.1141671Z 5 |
2024-04-25T11:44:11.1141773Z 6 | COPY . ./
2024-04-25T11:44:11.1141859Z 7 |
2024-04-25T11:44:11.1142026Z 8 | RUN pip install -r requirements.txt
2024-04-25T11:44:11.1142115Z 9 |
2024-04-25T11:44:11.1142223Z 10 | CMD ["python", "app.py"]
2024-04-25T11:44:11.1142556Z Check: CKV_DOCKER_2: "Ensure that HEALTHCHECK instructions have been added to container images"
2024-04-25T11:44:11.1142909Z FAILED for resource: /gemini/sample-apps/fixmycar/cloud-sql/frontend/Dockerfile.
2024-04-25T11:44:11.1143207Z File: /gemini/sample-apps/fixmycar/cloud-sql/frontend/Dockerfile:1-27
2024-04-25T11:44:11.1144152Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-healthcheck-instructions-have-been-added-to-container-images
2024-04-25T11:44:11.1144157Z
2024-04-25T11:44:11.1144289Z 1 | FROM python:3.8-slim
2024-04-25T11:44:11.1144374Z 2 |
2024-04-25T11:44:11.1144545Z 3 | RUN groupadd --gid 1000 appuser \
2024-04-25T11:44:11.1144778Z 4 | && useradd --uid 1000 --gid 1000 -ms /bin/bash appuser
2024-04-25T11:44:11.1144858Z 5 |
2024-04-25T11:44:11.1145061Z 6 | RUN pip3 install --no-cache-dir --upgrade \
2024-04-25T11:44:11.1145147Z 7 | pip \
2024-04-25T11:44:11.1145240Z 8 | virtualenv
2024-04-25T11:44:11.1145342Z 9 |
2024-04-25T11:44:11.1145528Z 10 | RUN apt-get update && apt-get install -y \
2024-04-25T11:44:11.1145662Z 11 | build-essential \
2024-04-25T11:44:11.1145846Z 12 | software-properties-common \
2024-04-25T11:44:11.1145937Z 13 | git
2024-04-25T11:44:11.1146018Z 14 |
2024-04-25T11:44:11.1146119Z 15 | USER appuser
2024-04-25T11:44:11.1146219Z 16 | WORKDIR /home/appuser
2024-04-25T11:44:11.1146301Z 17 |
2024-04-25T11:44:11.1146404Z 18 | COPY . .
2024-04-25T11:44:11.1146490Z 19 |
2024-04-25T11:44:11.1146614Z 20 | ENV VIRTUAL_ENV=/home/appuser/venv
2024-04-25T11:44:11.1146743Z 21 | RUN virtualenv ${VIRTUAL_ENV}
2024-04-25T11:44:11.1147041Z 22 | RUN . ${VIRTUAL_ENV}/bin/activate && pip install -r ./requirements.txt
2024-04-25T11:44:11.1147137Z 23 |
2024-04-25T11:44:11.1147228Z 24 | EXPOSE 8501
2024-04-25T11:44:11.1147309Z 25 |
2024-04-25T11:44:11.1147434Z 26 | COPY run.sh /home/appuser
2024-04-25T11:44:11.1147538Z 27 | ENTRYPOINT ["./run.sh"]
2024-04-25T11:44:11.1147659Z github_actions scan results:
2024-04-25T11:44:11.1147666Z
2024-04-25T11:44:11.1147954Z Passed checks: 15, Failed checks: 1, Skipped checks: 0
2024-04-25T11:44:11.1148145Z
2024-04-25T11:44:11.1148552Z Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
2024-04-25T11:44:11.1148752Z FAILED for resource: on(Lint Code Base)
2024-04-25T11:44:11.1149013Z File: /.github/workflows/linter.yaml:0-1
2024-04-25T11:44:11.1149169Z openapi scan results:
2024-04-25T11:44:11.1149176Z
2024-04-25T11:44:11.1149456Z Passed checks: 2, Failed checks: 3, Skipped checks: 0
2024-04-25T11:44:11.1149495Z
2024-04-25T11:44:11.1149811Z Check: CKV_OPENAPI_21: "Ensure that arrays have a maximum number of items"
2024-04-25T11:44:11.1149922Z FAILED for resource: paths
2024-04-25T11:44:11.1150184Z File: /gemini/sample-apps/genwealth/api/swagger.json:23-28
2024-04-25T11:44:11.1150748Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/api-policies/openapi-policies/bc-openapi-21
2024-04-25T11:44:11.1150753Z
2024-04-25T11:44:11.1150863Z 23 | "schema": {
2024-04-25T11:44:11.1150990Z 24 | "type": "array",
2024-04-25T11:44:11.1151090Z 25 | "items": {
2024-04-25T11:44:11.1151193Z 26 | "type": "string"
2024-04-25T11:44:11.1151299Z 27 | }
2024-04-25T11:44:11.1151385Z 28 | }
2024-04-25T11:44:11.1151391Z
2024-04-25T11:44:11.1151637Z Check: CKV_OPENAPI_5: "Ensure that security operations is not empty."
2024-04-25T11:44:11.1151745Z FAILED for resource: security
2024-04-25T11:44:11.1152130Z File: /gemini/sample-apps/genwealth/api/swagger.json:1-227
2024-04-25T11:44:11.1152862Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/api-policies/openapi-policies/ensure-that-security-operations-is-not-empty
2024-04-25T11:44:11.1152868Z
2024-04-25T11:44:11.1153208Z Code lines for this resource are too many. Please use IDE of your choice to review the file.
2024-04-25T11:44:11.1153477Z Check: CKV_OPENAPI_4: "Ensure that the global security field has rules defined"
2024-04-25T11:44:11.1153608Z FAILED for resource: security
2024-04-25T11:44:11.1153850Z File: /gemini/sample-apps/genwealth/api/swagger.json:1-227
2024-04-25T11:44:11.1154651Z Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/api-policies/openapi-policies/ensure-that-the-global-security-field-has-rules-defined
2024-04-25T11:44:11.1154656Z
2024-04-25T11:44:11.1154994Z Code lines for this resource are too many. Please use IDE of your choice to review the file.
2024-04-25T11:44:11.1155097Z ------
2024-04-25T11:44:11.1155404Z 2024-04-25 11:44:10 [ERROR] Stderr contents for CHECKOV:
2024-04-25T11:44:11.1155500Z ------
2024-04-25T11:44:11.1156524Z 2024-04-25 11:44:03,555 [MainThread ] [WARNI] Failed to download module terraform-google-modules/project-factory/google//modules/project_services:14.4 (for external modules, the --download-external-modules flag is required)
2024-04-25T11:44:11.1156637Z ------
2024-04-25T11:44:11.8698404Z 2024-04-25 11:44:11 [ERROR] Super-linter detected linting errors
2024-04-25T11:44:12.0651189Z Post job cleanup.
2024-04-25T11:44:12.1432752Z [command]/usr/bin/git version
2024-04-25T11:44:12.1476059Z git version 2.43.2
2024-04-25T11:44:12.1519924Z Temporarily overriding HOME='/home/runner/work/_temp/bbeef4f4-e9d7-49ea-941e-76d421d77062' before making global git config changes
2024-04-25T11:44:12.1521731Z Adding repository directory to the temporary git global config as a safe directory
2024-04-25T11:44:12.1525121Z [command]/usr/bin/git config --global --add safe.directory /home/runner/work/generative-ai/generative-ai
2024-04-25T11:44:12.1561876Z [command]/usr/bin/git config --local --name-only --get-regexp core\.sshCommand
2024-04-25T11:44:12.1603520Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'core\.sshCommand' && git config --local --unset-all 'core.sshCommand' || :"
2024-04-25T11:44:12.1861226Z [command]/usr/bin/git config --local --name-only --get-regexp http\.https\:\/\/github\.com\/\.extraheader
2024-04-25T11:44:12.1883717Z http.https://github.com/.extraheader
2024-04-25T11:44:12.1896379Z [command]/usr/bin/git config --local --unset-all http.https://github.com/.extraheader
2024-04-25T11:44:12.1926593Z [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'http\.https\:\/\/github\.com\/\.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :"
2024-04-25T11:44:12.2419748Z Cleaning up orphan processes
Code of Conduct
- [X] I agree to follow this project's Code of Conduct
