Delete secrets Kubernetes ClusterRole warns about viewing secrets #6713
evankanderson
started this conversation in
False Detection
Replies: 2 comments
-
cc @chen-keinan |
Beta Was this translation helpful? Give feedback.
0 replies
-
@evankanderson can you please add your expected results |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
IDs
ksv041
Description
Using trivy to scan a manifest with a ClusterRole that grants delete only on secrets leads to the following critical warning:
Reproduction Steps
trivy fs --scanners misconfig
on the file or a directory containing it, and get the warning aboveTarget
Filesystem
Scanner
Misconfiguration
Target OS
No response
Debug Output
Version
Checklist
-f json
that shows data sources and confirmed that the security advisory in data sources was correctBeta Was this translation helpful? Give feedback.
All reactions