fix(container): update kube-prometheus-stack docker tag ( 66.2.1 → 66.2.2 ) - autoclosed #3567
renovate[bot]code-health.yml
on: pull_request
Annotations
2 errors and 18 warnings
|
Run Ansible Lint
Path does not exist: ansible.sarif
|
|
Run Ansible Lint
Process completed with exit code 1.
|
|
Check YAML files:
kubernetes/main/apps/longhorn-system/longhorn/app/helmrelease.yaml#L73
73:6 [comments] missing starting space in comment
|
|
Check YAML files:
kubernetes/main/apps/rook-ceph/kustomization.yaml#L7
7:4 [comments] missing starting space in comment
|
|
Check YAML files:
kubernetes/main/apps/rook-ceph/kustomization.yaml#L9
9:4 [comments] missing starting space in comment
|
|
Check YAML files:
kubernetes/main/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml#L29
29:5 [comments-indentation] comment not indented like content
|
|
Check YAML files:
kubernetes/main/apps/rook-ceph/rook-ceph/cluster/helmrelease.yaml#L189
189:5 [comments-indentation] comment not indented like content
|
|
Check YAML files:
kubernetes/main/apps/observability/kube-prometheus-stack/app/externalsecret.yaml#L57
57:52 [comments] missing starting space in comment
|
|
Check YAML files:
kubernetes/main/apps/observability/kube-prometheus-stack/app/helmrelease.yaml#L86
86:10 [comments] missing starting space in comment
|
|
Check YAML files:
kubernetes/main/apps/observability/grafana/app/externalsecret.yaml#L23
23:10 [comments] missing starting space in comment
|
|
Check YAML files:
kubernetes/main/apps/observability/grafana/app/helmrelease.yaml#L135
135:11 [comments-indentation] comment not indented like content
|
|
Check YAML files:
kubernetes/main/apps/network/external-dns/app/pihole/helmrelease.yaml#L46
46:16 [comments] missing starting space in comment
|
|
[LOW] Unpinned Actions Full Length Commit SHA:
.github/workflows/flux-diff.yaml#L106
Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
|
|
[LOW] Unpinned Actions Full Length Commit SHA:
.github/workflows/flux-diff.yaml#L36
Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
|
|
[LOW] Unpinned Actions Full Length Commit SHA:
.github/workflows/flux-upgrades.yaml#L32
Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
|
|
[LOW] Unpinned Actions Full Length Commit SHA:
.github/workflows/flux-image-test.yaml#L68
Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
|
|
[LOW] Unpinned Actions Full Length Commit SHA:
.github/workflows/flux-image-test.yaml#L88
Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
|
|
[LOW] Unpinned Actions Full Length Commit SHA:
.github/workflows/flux-image-test.yaml#L98
Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
|
|
[LOW] Unpinned Actions Full Length Commit SHA:
.github/workflows/flux-image-test.yaml#L36
Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
|
|
[LOW] Unpinned Actions Full Length Commit SHA:
.github/workflows/flux-diff.yaml#L80
Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
|