Description

A Helm chart to install Argo-Events in k8s Cluster

Overview

IdentityNamespaceAutomountSecretsPermissionsWorkloadsRisk
argo-eventsdefault51Critical
argo-signalsdefault20Low

Numbers in the last two columns indicate how many bindings or workloads involve each ServiceAccount.

Identities

🤖 argo-events

Namespace: default  |  Automount:

🔑 Permissions (5)

RoleResourceVerbsRiskTags
ClusterRole -sensor-controller-cluster-rolecore/secretsget · list · patch · watchCriticalClusterWideSecretAccess CredentialAccess DataExposure InformationDisclosure SecretAccess
ClusterRole -sensor-controller-cluster-rolecore/configmapsget · list · patch · watchHighConfigMapAccess DataExposure InformationDisclosure
ClusterRole -sensor-controller-cluster-rolecore/podsget · list · patch · watchLow
ClusterRole -sensor-controller-cluster-roleargoproj.io/sensorsget · list · patch · update · watchLow
ClusterRole -sensor-controller-cluster-roleargoproj.io/workflowscreate · deleteLow

⚠️ Potential Abuse (5)

The following security risks were found based on the above permissions:

📦 Workloads (1)

KindNameContainerImage
Deploymentargo-events-sensor-controllersensor-controllerargoproj/sensor-controller:latest

🤖 argo-signals

Namespace: default  |  Automount:

🔑 Permissions (2)

RoleResourceVerbsRiskTags
ClusterRole -signals-cluster-rolecore/podslist · patch · watchLow
ClusterRole -signals-cluster-roleargoproj.io/sensors workflows podsget · list · watchLow

⚠️ Potential Abuse (1)

The following security risks were found based on the above permissions:

📦 Workloads (0)

No workloads use this ServiceAccount.