Description

A Helm chart for KubeRocketCI CD Pipeline Operator

Overview

IdentityNamespaceAutomountSecretsPermissionsWorkloadsRisk
edp-cd-pipeline-operatordefault291Critical

Numbers in the last two columns indicate how many bindings or workloads involve each ServiceAccount.

Identities

🤖 edp-cd-pipeline-operator

Namespace: default  |  Automount:

🔑 Permissions (29)

RoleResourceVerbsRiskTags
Role edp-cd-pipeline-operatorcore/secretscreate · get · list · patch · update · watchCriticalCredentialAccess DataExposure InformationDisclosure SecretAccess
Role edp-cd-pipeline-operator*/configmaps*HighConfigMapAccess DataExposure InformationDisclosure NamespaceAdmin NamespaceWideAccess (+3 more)
ClusterRole edp-cd-pipeline-operator-defaultcore/namespacescreate · delete · get · listHighDenialOfService NamespaceLifecycle ResourceDeletion
Role edp-cd-pipeline-operator*/cdpipelines*MediumNamespaceAdmin NamespaceWideAccess WildcardPermission
Role edp-cd-pipeline-operator*/cdpipelines/finalizers*MediumNamespaceAdmin NamespaceWideAccess WildcardPermission
Role edp-cd-pipeline-operator*/cdpipelines/status*MediumNamespaceAdmin NamespaceWideAccess WildcardPermission
Role edp-cd-pipeline-operator*/codebasebranches*MediumNamespaceAdmin NamespaceWideAccess WildcardPermission
Role edp-cd-pipeline-operator*/codebasebranches/finalizers*MediumNamespaceAdmin NamespaceWideAccess WildcardPermission
Role edp-cd-pipeline-operator*/codebasebranches/status*MediumNamespaceAdmin NamespaceWideAccess WildcardPermission
Role edp-cd-pipeline-operator*/codebaseimagestreams*MediumNamespaceAdmin NamespaceWideAccess WildcardPermission
Role edp-cd-pipeline-operator*/codebaseimagestreams/finalizers*MediumNamespaceAdmin NamespaceWideAccess WildcardPermission
Role edp-cd-pipeline-operator*/codebaseimagestreams/status*MediumNamespaceAdmin NamespaceWideAccess WildcardPermission
Role edp-cd-pipeline-operator*/codebases*MediumNamespaceAdmin NamespaceWideAccess WildcardPermission
Role edp-cd-pipeline-operator*/codebases/finalizers*MediumNamespaceAdmin NamespaceWideAccess WildcardPermission
Role edp-cd-pipeline-operator*/codebases/status*MediumNamespaceAdmin NamespaceWideAccess WildcardPermission
Role edp-cd-pipeline-operator*/edpcomponents*MediumNamespaceAdmin NamespaceWideAccess WildcardPermission
Role edp-cd-pipeline-operator*/edpcomponents/finalizers*MediumNamespaceAdmin NamespaceWideAccess WildcardPermission
Role edp-cd-pipeline-operator*/edpcomponents/status*MediumNamespaceAdmin NamespaceWideAccess WildcardPermission
Role edp-cd-pipeline-operator*/events*MediumNamespaceAdmin NamespaceWideAccess WildcardPermission
Role edp-cd-pipeline-operator*/gitservers*MediumNamespaceAdmin NamespaceWideAccess WildcardPermission
Role edp-cd-pipeline-operator*/gitservers/finalizers*MediumNamespaceAdmin NamespaceWideAccess WildcardPermission
Role edp-cd-pipeline-operator*/gitservers/status*MediumNamespaceAdmin NamespaceWideAccess WildcardPermission
Role edp-cd-pipeline-operator*/stages*MediumNamespaceAdmin NamespaceWideAccess WildcardPermission
Role edp-cd-pipeline-operator*/stages/finalizers*MediumNamespaceAdmin NamespaceWideAccess WildcardPermission
Role edp-cd-pipeline-operator*/stages/status*MediumNamespaceAdmin NamespaceWideAccess WildcardPermission
Role edp-cd-pipeline-operatorargoproj.io/applicationsetscreate · get · list · patch · update · watchLow
Role edp-cd-pipeline-operatorcoordination.k8s.io/leasescreate · get · list · updateLow
ClusterRole edp-cd-pipeline-operator-default-validation-webhookcore/namespacesget · list · watchLowClusterStructure InformationDisclosure Reconnaissance
ClusterRole edp-cd-pipeline-operator-default-validation-webhookadmissionregistration.k8s.io/validatingwebhookconfigurationsget · patch · updateLow

⚠️ Potential Abuse (7)

The following security risks were found based on the above permissions:

📦 Workloads (1)

KindNameContainerImage
Deploymentcd-pipeline-operatorcd-pipeline-operatorepamedp/cd-pipeline-operator:2.25.2