Description

A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes.

Overview

IdentityNamespaceAutomountSecretsPermissionsWorkloadsRisk
argocd-application-controllerdefault61Critical

Numbers in the last two columns indicate how many bindings or workloads involve each ServiceAccount.

Identities

🤖 argocd-application-controller

Namespace: default  |  Automount:

🔑 Permissions (6)

RoleResourceVerbsRiskTags
ClusterRole argo-cd-argocd-application-controller**CriticalAPIServerDoS APIServiceManipulation AuthorizationBypass AvailabilityImpact BackupAccess (+68 more)
Role argo-cd-argocd-application-controllercore/secretsget · list · watchCriticalCredentialAccess DataExposure InformationDisclosure SecretAccess
Role argo-cd-argocd-application-controllercore/configmapsget · list · watchMediumConfigMapAccess DataExposure InformationDisclosure
Role argo-cd-argocd-application-controllerargoproj.io/applicationscreate · delete · get · list · patch · update · watchLow
Role argo-cd-argocd-application-controllerargoproj.io/appprojectscreate · delete · get · list · patch · update · watchLow
Role argo-cd-argocd-application-controllercore/eventscreate · listLow

⚠️ Potential Abuse (107)

The following security risks were found based on the above permissions:

📦 Workloads (1)

KindNameContainerImage
Deploymentargo-cd-argocd-application-controllerapplication-controllerargoproj/argocd:v1.3.6