argocd-image-updater
v0.12.2
1 Service Accounts
1 Workloads
4 Bindings
1 Critical
1 Medium
2 Low
Description
A Helm chart for Argo CD Image Updater, a tool to automatically update the container images of Kubernetes workloads which are managed by Argo CD
Overview
| Identity | Namespace | Automount | Secrets | Permissions | Workloads | Risk |
|---|---|---|---|---|---|---|
argocd-image-updater | default | ❌ | — | 4 | 1 | Critical |
Numbers in the last two columns indicate how many bindings or workloads involve each ServiceAccount.
Identities
🤖 argocd-image-updater
Namespace: default | Automount: ❌
🔑 Permissions (4)
| Role | Resource | Verbs | Risk | Tags |
|---|---|---|---|---|
Role argocd-image-updater | core/secrets | get · list · watch | Critical | CredentialAccess DataExposure InformationDisclosure SecretAccess |
Role argocd-image-updater | core/configmaps | get · list · watch | Medium | ConfigMapAccess DataExposure InformationDisclosure |
ClusterRole argocd-image-updater | argoproj.io/applications | get · list · patch · update | Low | |
ClusterRole argocd-image-updater | core/events | create | Low |
⚠️ Potential Abuse (3)
The following security risks were found based on the above permissions:
📦 Workloads (1)
| Kind | Name | Container | Image |
|---|---|---|---|
| Deployment | argocd-image-updater | argocd-image-updater | quay.io/argoprojlabs/argocd-image-updater:v0.16.0 |