gerrit-operator
v2.23.1
2 Service Accounts
2 Workloads
29 Bindings
28 Medium
1 Low
Description
A Helm chart for KubeRocketCI Gerrit Operator
Overview
| Identity | Namespace | Automount | Secrets | Permissions | Workloads | Risk |
|---|---|---|---|---|---|---|
edp-gerrit-operator | default | ❌ | — | 29 | 1 | Medium |
gerrit | default | ❌ | — | 0 | 1 | — |
Numbers in the last two columns indicate how many bindings or workloads involve each ServiceAccount.
Identities
🤖 edp-gerrit-operator
Namespace: default | Automount: ❌
🔑 Permissions (29)
| Role | Resource | Verbs | Risk | Tags |
|---|---|---|---|---|
Role edp-gerrit-operator | */events | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-gerrit-operator | */gerritgroupmembers | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-gerrit-operator | */gerritgroupmembers/finalizers | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-gerrit-operator | */gerritgroupmembers/status | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-gerrit-operator | */gerritgroups | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-gerrit-operator | */gerritgroups/status | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-gerrit-operator | */gerritmergerequests | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-gerrit-operator | */gerritmergerequests/finalizers | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-gerrit-operator | */gerritmergerequests/status | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-gerrit-operator | */gerritprojectaccesses | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-gerrit-operator | */gerritprojectaccesses/finalizers | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-gerrit-operator | */gerritprojectaccesses/status | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-gerrit-operator | */gerritprojects | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-gerrit-operator | */gerritprojects/finalizers | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-gerrit-operator | */gerritprojects/status | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-gerrit-operator | */gerritreplicationconfigs | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-gerrit-operator | */gerritreplicationconfigs/status | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-gerrit-operator | */gerrits | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-gerrit-operator | */gerrits/finalizers | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-gerrit-operator | */gerrits/status | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-gerrit-operator | */keycloakclients | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-gerrit-operator | */keycloakclients/finalizers | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-gerrit-operator | */keycloakclients/status | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-gerrit-operator | */keycloakrealms | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-gerrit-operator | */keycloakrealms/status | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-gerrit-operator | */keycloaks | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-gerrit-operator | */keycloaks/status | * | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-gerrit-operator | */securitycontextconstraints | create · delete · get · list · patch · update | Medium | NamespaceAdmin NamespaceWideAccess |
Role edp-gerrit-operator | coordination.k8s.io/leases | create · get · list · update | Low |
⚠️ Potential Abuse (2)
The following security risks were found based on the above permissions:
📦 Workloads (1)
| Kind | Name | Container | Image |
|---|---|---|---|
| Deployment | gerrit-operator | gerrit-operator | epamedp/gerrit-operator:2.23.1 |
🤖 gerrit
Namespace: default | Automount: ❌
🔑 Permissions (0)
No explicit RBAC bindings.
📦 Workloads (1)
| Kind | Name | Container | Image |
|---|---|---|---|
| Deployment | gerrit | gerrit | epamedp/edp-gerrit:3.6.2-oauth |