Description

A Helm chart for Argo-CD

Overview

IdentityNamespaceAutomountSecretsPermissionsWorkloadsRisk
argocd-application-controllerdefault11Critical
argocd-serverdefault41Critical
argocd-dex-serverdefault01

Numbers in the last two columns indicate how many bindings or workloads involve each ServiceAccount.

Identities

🤖 argocd-server

Namespace: default  |  Automount:

🔑 Permissions (4)

RoleResourceVerbsRiskTags
ClusterRole argocd-server*delete · get · patchCriticalAuthorizationBypass ClusterAdminAccess ClusterWideAccess ClusterWideLogAccess CodeExecution (+10 more)
ClusterRole argocd-servercore/pods/loggetHighClusterWideLogAccess DataExposure InformationDisclosure LogAccess
ClusterRole argocd-servercore/eventslistLow
ClusterRole argocd-servercore/podsgetLow

⚠️ Potential Abuse (6)

The following security risks were found based on the above permissions:

📦 Workloads (1)

KindNameContainerImage
Deploymentargocd-serverargocd-serverargoproj/argocd:v1.2.4

🤖 argocd-application-controller

Namespace: default  |  Automount:

🔑 Permissions (1)

RoleResourceVerbsRiskTags
ClusterRole argocd-application-controller**CriticalAPIServerDoS APIServiceManipulation AuthorizationBypass AvailabilityImpact BackupAccess (+68 more)

⚠️ Potential Abuse (106)

The following security risks were found based on the above permissions:

📦 Workloads (1)

KindNameContainerImage
Deploymentargocd-application-controllerargocd-application-controllerargoproj/argocd:v1.2.4

🤖 argocd-dex-server

Namespace: default  |  Automount:

🔑 Permissions (0)

No explicit RBAC bindings.

📦 Workloads (1)

KindNameContainerImage
Deploymentargocd-dex-serverdexquay.io/dexidp/dex:v2.19.0