gitlab-operator :: RBAC ATLAS

Description

The GitLab operator aims to manage the full lifecycle of GitLab instances in your Kubernetes or Openshift container platforms.

https://gitlab.com/gitlab-org/cloud-native/gitlab-operator

Overview

Identity	Namespace	Automount	Secrets	Permissions	Workloads	Risk
`gitlab-manager`	default	❌	—	31	1	Critical
`gitlab-nginx-ingress`	default	❌	—	25	0	Critical
`gitlab-operator-cert-manager`	default	✅	—	61	1	Critical
`gitlab-operator-cert-manager-cainjector`	default	✅	—	14	1	Critical
`gitlab-prometheus-server`	default	❌	—	12	0	High
`gitlab-operator-cert-manager-webhook`	default	✅	—	3	1	Medium
`gitlab-app-nonroot`	default	❌	—	1	0	Low
`gitlab-operator-cert-manager-startupapicheck`	default	✅	—	1	1	Low

Numbers in the last two columns indicate how many bindings or workloads involve each ServiceAccount.

Identities

🤖 `gitlab-operator-cert-manager`

Namespace: default | Automount: ✅

🔑 Permissions (61)

Role	Resource	Verbs	Risk	Tags
ClusterRole `gitlab-operator-cert-manager-controller-challenges`	core/pods	create · delete · get · list · watch	Critical	LateralMovement Persistence PotentialPrivilegeEscalation PrivilegeEscalation WorkloadExecution
ClusterRole `gitlab-operator-cert-manager-controller-certificates`	core/secrets	create · delete · get · list · update · watch	Critical	ClusterWideSecretAccess CredentialAccess DataExposure InformationDisclosure SecretAccess
ClusterRole `gitlab-operator-cert-manager-controller-challenges`	core/secrets	get · list · watch	Critical	ClusterWideSecretAccess CredentialAccess DataExposure InformationDisclosure SecretAccess
ClusterRole `gitlab-operator-cert-manager-controller-clusterissuers`	core/secrets	create · delete · get · list · update · watch	Critical	ClusterWideSecretAccess CredentialAccess DataExposure InformationDisclosure SecretAccess
ClusterRole `gitlab-operator-cert-manager-controller-issuers`	core/secrets	create · delete · get · list · update · watch	Critical	ClusterWideSecretAccess CredentialAccess DataExposure InformationDisclosure SecretAccess
ClusterRole `gitlab-operator-cert-manager-controller-orders`	core/secrets	get · list · watch	Critical	ClusterWideSecretAccess CredentialAccess DataExposure InformationDisclosure SecretAccess
ClusterRole `gitlab-operator-cert-manager-controller-certificatesigningrequests`	authorization.k8s.io/subjectaccessreviews	create	Medium	InformationDisclosure RBACQuery
ClusterRole `gitlab-operator-cert-manager-controller-certificates`	cert-manager.io/certificaterequests	get · list · update · watch	Low
ClusterRole `gitlab-operator-cert-manager-controller-ingress-shim`	cert-manager.io/certificaterequests	create · delete · get · list · update · watch	Low
ClusterRole `gitlab-operator-cert-manager-controller-certificates`	cert-manager.io/certificaterequests/finalizers	update	Low
ClusterRole `gitlab-operator-cert-manager-controller-certificates`	cert-manager.io/certificaterequests/status	update	Low
ClusterRole `gitlab-operator-cert-manager-controller-certificates`	cert-manager.io/certificates	get · list · update · watch	Low
ClusterRole `gitlab-operator-cert-manager-controller-ingress-shim`	cert-manager.io/certificates	create · delete · get · list · update · watch	Low
ClusterRole `gitlab-operator-cert-manager-controller-certificates`	cert-manager.io/certificates/finalizers	update	Low
ClusterRole `gitlab-operator-cert-manager-controller-certificates`	cert-manager.io/certificates/status	update	Low
ClusterRole `gitlab-operator-cert-manager-controller-certificatesigningrequests`	certificates.k8s.io/certificatesigningrequests	get · list · update · watch	Low
ClusterRole `gitlab-operator-cert-manager-controller-certificatesigningrequests`	certificates.k8s.io/certificatesigningrequests/status	update	Low
ClusterRole `gitlab-operator-cert-manager-controller-challenges`	acme.cert-manager.io/challenges	get · list · update · watch	Low
ClusterRole `gitlab-operator-cert-manager-controller-orders`	acme.cert-manager.io/challenges	create · delete · get · list · watch	Low
ClusterRole `gitlab-operator-cert-manager-controller-challenges`	acme.cert-manager.io/challenges/finalizers	update	Low
ClusterRole `gitlab-operator-cert-manager-controller-challenges`	acme.cert-manager.io/challenges/status	update	Low
ClusterRole `gitlab-operator-cert-manager-controller-certificates`	cert-manager.io/clusterissuers	get · list · watch	Low
ClusterRole `gitlab-operator-cert-manager-controller-challenges`	cert-manager.io/clusterissuers	get · list · watch	Low
ClusterRole `gitlab-operator-cert-manager-controller-clusterissuers`	cert-manager.io/clusterissuers	get · list · update · watch	Low
ClusterRole `gitlab-operator-cert-manager-controller-ingress-shim`	cert-manager.io/clusterissuers	get · list · watch	Low
ClusterRole `gitlab-operator-cert-manager-controller-orders`	cert-manager.io/clusterissuers	get · list · watch	Low
ClusterRole `gitlab-operator-cert-manager-controller-clusterissuers`	cert-manager.io/clusterissuers/status	update	Low
Role `gitlab-operator-cert-manager:leaderelection`	core/configmaps	create	Low
ClusterRole `gitlab-operator-cert-manager-controller-certificates`	core/events	create · patch	Low
ClusterRole `gitlab-operator-cert-manager-controller-challenges`	core/events	create · patch	Low
ClusterRole `gitlab-operator-cert-manager-controller-clusterissuers`	core/events	create · patch	Low
ClusterRole `gitlab-operator-cert-manager-controller-ingress-shim`	core/events	create · patch	Low
ClusterRole `gitlab-operator-cert-manager-controller-issuers`	core/events	create · patch	Low
ClusterRole `gitlab-operator-cert-manager-controller-orders`	core/events	create · patch	Low
ClusterRole `gitlab-operator-cert-manager-controller-ingress-shim`	networking.x-k8s.io/gateways	get · list · watch	Low
ClusterRole `gitlab-operator-cert-manager-controller-ingress-shim`	networking.x-k8s.io/gateways/finalizers	update	Low
ClusterRole `gitlab-operator-cert-manager-controller-challenges`	networking.x-k8s.io/httproutes	create · delete · get · list · update · watch	Low
ClusterRole `gitlab-operator-cert-manager-controller-ingress-shim`	networking.x-k8s.io/httproutes	get · list · watch	Low
ClusterRole `gitlab-operator-cert-manager-controller-ingress-shim`	networking.x-k8s.io/httproutes/finalizers	update	Low
ClusterRole `gitlab-operator-cert-manager-controller-challenges`	networking.k8s.io/ingresses	create · delete · get · list · update · watch	Low
ClusterRole `gitlab-operator-cert-manager-controller-ingress-shim`	networking.k8s.io/ingresses	get · list · watch	Low
ClusterRole `gitlab-operator-cert-manager-controller-ingress-shim`	networking.k8s.io/ingresses/finalizers	update	Low
ClusterRole `gitlab-operator-cert-manager-controller-certificates`	cert-manager.io/issuers	get · list · watch	Low
ClusterRole `gitlab-operator-cert-manager-controller-challenges`	cert-manager.io/issuers	get · list · watch	Low
ClusterRole `gitlab-operator-cert-manager-controller-ingress-shim`	cert-manager.io/issuers	get · list · watch	Low
ClusterRole `gitlab-operator-cert-manager-controller-issuers`	cert-manager.io/issuers	get · list · update · watch	Low
ClusterRole `gitlab-operator-cert-manager-controller-orders`	cert-manager.io/issuers	get · list · watch	Low
ClusterRole `gitlab-operator-cert-manager-controller-issuers`	cert-manager.io/issuers/status	update	Low
Role `gitlab-operator-cert-manager:leaderelection`	coordination.k8s.io/leases	create	Low
ClusterRole `gitlab-operator-cert-manager-controller-certificates`	acme.cert-manager.io/orders	create · delete · get · list · watch	Low
ClusterRole `gitlab-operator-cert-manager-controller-orders`	acme.cert-manager.io/orders	get · list · update · watch	Low
ClusterRole `gitlab-operator-cert-manager-controller-orders`	acme.cert-manager.io/orders/finalizers	update	Low
ClusterRole `gitlab-operator-cert-manager-controller-orders`	acme.cert-manager.io/orders/status	update	Low
ClusterRole `gitlab-operator-cert-manager-controller-challenges`	route.openshift.io/routes/custom-host	create	Low
ClusterRole `gitlab-operator-cert-manager-controller-challenges`	core/services	create · delete · get · list · watch	Low
Role `gitlab-operator-cert-manager:leaderelection`	core/configmaps (restricted to: cert-manager-controller)	get · patch · update	Low	ResourceNameRestricted
Role `gitlab-operator-cert-manager:leaderelection`	coordination.k8s.io/leases (restricted to: cert-manager-controller)	get · patch · update	Low	ResourceNameRestricted
ClusterRole `gitlab-operator-cert-manager-controller-approve:cert-manager-io`	cert-manager.io/signers *(restricted to: clusterissuers.cert-manager.io/)**	approve	Low	ResourceNameRestricted
ClusterRole `gitlab-operator-cert-manager-controller-certificatesigningrequests`	certificates.k8s.io/signers *(restricted to: clusterissuers.cert-manager.io/)**	sign	Low	ResourceNameRestricted
ClusterRole `gitlab-operator-cert-manager-controller-approve:cert-manager-io`	cert-manager.io/signers *(restricted to: issuers.cert-manager.io/)**	approve	Low	ResourceNameRestricted
ClusterRole `gitlab-operator-cert-manager-controller-certificatesigningrequests`	certificates.k8s.io/signers *(restricted to: issuers.cert-manager.io/)**	sign	Low	ResourceNameRestricted

⚠️ Potential Abuse (6)

The following security risks were found based on the above permissions:

📦 Workloads (1)

Kind	Name	Container	Image
Deployment	gitlab-operator-cert-manager	cert-manager	quay.io/jetstack/cert-manager-controller:v1.6.1

🤖 `gitlab-manager`

Namespace: default | Automount: ❌

🔑 Permissions (31)

Role	Resource	Verbs	Risk	Tags
ClusterRole `gitlab-manager-role`	core/configmaps	create · delete · get · list · patch · update · watch	Critical	ConfigMapAccess DataExposure InformationDisclosure PotentialPrivilegeEscalation Tampering
ClusterRole `gitlab-manager-role`	batch/cronjobs	create · delete · get · list · patch · update · watch	Critical	Persistence PotentialPrivilegeEscalation PrivilegeEscalation Tampering WorkloadLifecycle
ClusterRole `gitlab-manager-role`	apps/daemonsets	create · delete · get · list · patch · update · watch	Critical	NodeAccess Persistence PrivilegeEscalation Tampering WorkloadLifecycle
ClusterRole `gitlab-manager-role`	apps/deployments	create · delete · get · list · patch · update · watch	Critical	Persistence PotentialPrivilegeEscalation PrivilegeEscalation Tampering WorkloadLifecycle
ClusterRole `gitlab-manager-role`	core/endpoints	create · delete · get · list · patch · update · watch	Critical	DenialOfService ManInTheMiddle NetworkManipulation Tampering TrafficRedirection
ClusterRole `gitlab-manager-role`	batch/jobs	create · delete · get · list · patch · update · watch	Critical	PotentialPrivilegeEscalation PrivilegeEscalation Tampering WorkloadLifecycle
Role `gitlab-leader-election-role`	coordination.k8s.io/leases	create · delete · get · list · patch · update · watch	Critical	ControlPlaneDisruption CriticalNamespace DenialOfService Tampering
ClusterRole `gitlab-manager-role`	core/secrets	create · delete · get · list · patch · update · watch	Critical	ClusterWideSecretAccess CredentialAccess DataExposure InformationDisclosure Persistence (+4 more)
ClusterRole `gitlab-manager-role`	core/services	create · delete · get · list · patch · update · watch	Critical	DenialOfService NetworkManipulation ServiceExposure Tampering
ClusterRole `gitlab-manager-role`	apps/statefulsets	create · delete · get · list · patch · update · watch	Critical	Persistence PotentialPrivilegeEscalation PrivilegeEscalation Tampering WorkloadLifecycle
Role `gitlab-leader-election-role`	core/configmaps	create · delete · get · list · patch · update · watch	High	ConfigMapAccess DataExposure InformationDisclosure PotentialPrivilegeEscalation Tampering
ClusterRole `gitlab-manager-role`	networking.k8s.io/ingresses	create · delete · get · list · patch · update · watch	High	DenialOfService NetworkManipulation ServiceExposure Tampering
ClusterRole `gitlab-manager-role`	core/namespaces	create · delete · get · list · patch · update · watch	High	ClusterStructure DenialOfService InformationDisclosure NamespaceLifecycle Reconnaissance (+1 more)
ClusterRole `gitlab-manager-role`	core/serviceaccounts	create · delete · get · list · patch · update · watch	High	IdentityManagement PotentialPrivilegeEscalation Tampering
ClusterRole `gitlab-manager-role`	core/events	create · delete · get · list · patch · update · watch	Medium	InformationDisclosure OperationalData Reconnaissance
ClusterRole `gitlab-metrics-auth-role`	authorization.k8s.io/subjectaccessreviews	create	Medium	InformationDisclosure RBACQuery
ClusterRole `gitlab-metrics-auth-role`	authentication.k8s.io/tokenreviews	create	Medium	CredentialAccess InformationDisclosure RBACQuery
ClusterRole `gitlab-manager-role`	cert-manager.io/certificates	create · delete · get · list · patch · update · watch	Low
Role `gitlab-leader-election-role`	coordination.k8s.io/configmaps	create · delete · get · list · patch · update · watch	Low
ClusterRole `gitlab-manager-role`	discovery.k8s.io/endpointslices	get · list · watch	Low
Role `gitlab-leader-election-role`	core/events	create · patch	Low
ClusterRole `gitlab-manager-role`	apps.gitlab.com/gitlabs	create · delete · get · list · patch · update · watch	Low
ClusterRole `gitlab-manager-role`	apps.gitlab.com/gitlabs/finalizers	update	Low
ClusterRole `gitlab-manager-role`	apps.gitlab.com/gitlabs/status	get · patch · update	Low
ClusterRole `gitlab-manager-role`	autoscaling/horizontalpodautoscalers	create · delete · get · list · patch · update · watch	Low
ClusterRole `gitlab-manager-role`	cert-manager.io/issuers	create · delete · get · list · patch · update · watch	Low
Role `gitlab-leader-election-role`	core/leases	create · delete · get · list · patch · update · watch	Low
ClusterRole `gitlab-manager-role`	core/persistentvolumeclaims	create · delete · get · list · patch · update · watch	Low
ClusterRole `gitlab-manager-role`	monitoring.coreos.com/podmonitors	create · delete · get · list · patch · update · watch	Low
ClusterRole `gitlab-manager-role`	monitoring.coreos.com/prometheuses	create · delete · get · list · patch · update · watch	Low
ClusterRole `gitlab-manager-role`	monitoring.coreos.com/servicemonitors	create · delete · get · list · patch · update · watch	Low

⚠️ Potential Abuse (32)

The following security risks were found based on the above permissions:

📦 Workloads (1)

Kind	Name	Container	Image
Deployment	gitlab-controller-manager	manager	registry.gitlab.com/gitlab-org/cloud-native/gitlab-operator:2.1.1

🤖 `gitlab-nginx-ingress`

Namespace: default | Automount: ❌

🔑 Permissions (25)

Role	Resource	Verbs	Risk	Tags
Role `gitlab-nginx-ingress`	core/secrets	get · list · watch	Critical	CredentialAccess DataExposure InformationDisclosure SecretAccess
Role `gitlab-nginx-ingress`	core/configmaps	create · get · list · update · watch	Medium	ConfigMapAccess DataExposure InformationDisclosure
ClusterRole `gitlab-nginx-ingress`	core/configmaps	list · watch	Low
ClusterRole `gitlab-nginx-ingress`	core/endpoints	list · watch	Low
Role `gitlab-nginx-ingress`	core/endpoints	get · list · watch	Low
ClusterRole `gitlab-nginx-ingress`	discovery.k8s.io/endpointslices	get · list · watch	Low
ClusterRole `gitlab-nginx-ingress`	core/events	create · patch	Low
Role `gitlab-nginx-ingress`	core/events	create · patch	Low
ClusterRole `gitlab-nginx-ingress`	networking.k8s.io/ingressclasses	get · list · watch	Low
Role `gitlab-nginx-ingress`	networking.k8s.io/ingressclasses	get · list · watch	Low
ClusterRole `gitlab-nginx-ingress`	networking.k8s.io/ingresses	get · list · watch	Low
Role `gitlab-nginx-ingress`	networking.k8s.io/ingresses	get · list · watch	Low
ClusterRole `gitlab-nginx-ingress`	networking.k8s.io/ingresses/status	update	Low
Role `gitlab-nginx-ingress`	networking.k8s.io/ingresses/status	update	Low
ClusterRole `gitlab-nginx-ingress`	coordination.k8s.io/leases	list · watch	Low
Role `gitlab-nginx-ingress`	coordination.k8s.io/leases	create	Low
Role `gitlab-nginx-ingress`	core/namespaces	get	Low
ClusterRole `gitlab-nginx-ingress`	core/nodes	get · list · watch	Low
ClusterRole `gitlab-nginx-ingress`	core/pods	list · watch	Low
Role `gitlab-nginx-ingress`	core/pods	get · list · watch	Low
ClusterRole `gitlab-nginx-ingress`	core/secrets	list · watch	Low
ClusterRole `gitlab-nginx-ingress`	core/services	get · list · watch	Low
Role `gitlab-nginx-ingress`	core/services	get · list · watch	Low
Role `gitlab-nginx-ingress`	coordination.k8s.io/leases (restricted to: ingress-controller-leader)	get · update	Low	ResourceNameRestricted
Role `gitlab-nginx-ingress`	coordination.k8s.io/leases (restricted to: ingress-controller-leader-geo)	get · update	Low	ResourceNameRestricted

⚠️ Potential Abuse (3)

The following security risks were found based on the above permissions:

📦 Workloads (0)

No workloads use this ServiceAccount.

🤖 `gitlab-operator-cert-manager-cainjector`

Namespace: default | Automount: ✅

🔑 Permissions (14)

Role	Resource	Verbs	Risk	Tags
ClusterRole `gitlab-operator-cert-manager-cainjector`	core/secrets	get · list · watch	Critical	ClusterWideSecretAccess CredentialAccess DataExposure InformationDisclosure SecretAccess
ClusterRole `gitlab-operator-cert-manager-cainjector`	admissionregistration.k8s.io/mutatingwebhookconfigurations	get · list · update · watch	Medium	InformationDisclosure Reconnaissance WebhookReconnaissance
ClusterRole `gitlab-operator-cert-manager-cainjector`	admissionregistration.k8s.io/validatingwebhookconfigurations	get · list · update · watch	Medium	InformationDisclosure Reconnaissance WebhookReconnaissance
ClusterRole `gitlab-operator-cert-manager-cainjector`	apiregistration.k8s.io/apiservices	get · list · update · watch	Low
ClusterRole `gitlab-operator-cert-manager-cainjector`	auditregistration.k8s.io/auditsinks	get · list · update · watch	Low
ClusterRole `gitlab-operator-cert-manager-cainjector`	cert-manager.io/certificates	get · list · watch	Low
Role `gitlab-operator-cert-manager-cainjector:leaderelection`	core/configmaps	create	Low
ClusterRole `gitlab-operator-cert-manager-cainjector`	apiextensions.k8s.io/customresourcedefinitions	get · list · update · watch	Low
ClusterRole `gitlab-operator-cert-manager-cainjector`	core/events	create · get · patch · update	Low
Role `gitlab-operator-cert-manager-cainjector:leaderelection`	coordination.k8s.io/leases	create	Low
Role `gitlab-operator-cert-manager-cainjector:leaderelection`	core/configmaps (restricted to: cert-manager-cainjector-leader-election)	get · patch · update	Low	ResourceNameRestricted
Role `gitlab-operator-cert-manager-cainjector:leaderelection`	coordination.k8s.io/leases (restricted to: cert-manager-cainjector-leader-election)	get · patch · update	Low	ResourceNameRestricted
Role `gitlab-operator-cert-manager-cainjector:leaderelection`	core/configmaps (restricted to: cert-manager-cainjector-leader-election-core)	get · patch · update	Low	ResourceNameRestricted
Role `gitlab-operator-cert-manager-cainjector:leaderelection`	coordination.k8s.io/leases (restricted to: cert-manager-cainjector-leader-election-core)	get · patch · update	Low	ResourceNameRestricted

⚠️ Potential Abuse (5)

The following security risks were found based on the above permissions:

📦 Workloads (1)

Kind	Name	Container	Image
Deployment	gitlab-operator-cert-manager-cainjector	cert-manager	quay.io/jetstack/cert-manager-cainjector:v1.6.1

🤖 `gitlab-prometheus-server`

Namespace: default | Automount: ❌

🔑 Permissions (12)

Role	Resource	Verbs	Risk	Tags
ClusterRole `gitlab-prometheus-server`	core/configmaps	get · list · watch	High	ConfigMapAccess DataExposure InformationDisclosure
ClusterRole `gitlab-prometheus-server`	core/endpoints	get · list · watch	Low
ClusterRole `gitlab-prometheus-server`	core/ingresses	get · list · watch	Low
ClusterRole `gitlab-prometheus-server`	extensions/ingresses	get · list · watch	Low
ClusterRole `gitlab-prometheus-server`	networking.k8s.io/ingresses	get · list · watch	Low
ClusterRole `gitlab-prometheus-server`	extensions/ingresses/status	get · list · watch	Low
ClusterRole `gitlab-prometheus-server`	networking.k8s.io/ingresses/status	get · list · watch	Low
ClusterRole `gitlab-prometheus-server`	core/nodes	get · list · watch	Low
ClusterRole `gitlab-prometheus-server`	core/nodes/metrics	get · list · watch	Low
ClusterRole `gitlab-prometheus-server`	core/nodes/proxy	get · list · watch	Low
ClusterRole `gitlab-prometheus-server`	core/pods	get · list · watch	Low
ClusterRole `gitlab-prometheus-server`	core/services	get · list · watch	Low

⚠️ Potential Abuse (3)

The following security risks were found based on the above permissions:

📦 Workloads (0)

No workloads use this ServiceAccount.

🤖 `gitlab-operator-cert-manager-webhook`

Namespace: default | Automount: ✅

🔑 Permissions (3)

Role	Resource	Verbs	Risk	Tags
ClusterRole `gitlab-operator-cert-manager-webhook:subjectaccessreviews`	authorization.k8s.io/subjectaccessreviews	create	Medium	InformationDisclosure RBACQuery
Role `gitlab-operator-cert-manager-webhook:dynamic-serving`	core/secrets	create	Low
Role `gitlab-operator-cert-manager-webhook:dynamic-serving`	core/secrets (restricted to: gitlab-operator-cert-manager-webhook-ca)	get · list · update · watch	Low	CredentialAccess DataExposure InformationDisclosure ResourceNameRestricted SecretAccess

⚠️ Potential Abuse (3)

The following security risks were found based on the above permissions:

📦 Workloads (1)

Kind	Name	Container	Image
Deployment	gitlab-operator-cert-manager-webhook	cert-manager	quay.io/jetstack/cert-manager-webhook:v1.6.1

🤖 `gitlab-app-nonroot`

Namespace: default | Automount: ❌

🔑 Permissions (1)

Role	Resource	Verbs	Risk	Tags
ClusterRole `gitlab-app-role-nonroot`	security.openshift.io/securitycontextconstraints (restricted to: nonroot-v2)	use	Low	ResourceNameRestricted

⚠️ Potential Abuse (1)

The following security risks were found based on the above permissions:

📦 Workloads (0)

No workloads use this ServiceAccount.

🤖 `gitlab-operator-cert-manager-startupapicheck`

Namespace: default | Automount: ✅

🔑 Permissions (1)

Role	Resource	Verbs	Risk	Tags
Role `gitlab-operator-cert-manager-startupapicheck:create-cert`	cert-manager.io/certificates	create	Low

⚠️ Potential Abuse (1)

The following security risks were found based on the above permissions:

📦 Workloads (1)

Kind	Name	Container	Image
Job	gitlab-operator-cert-manager-startupapicheck	cert-manager	quay.io/jetstack/cert-manager-ctl:v1.6.1

gitlab-operator

Description

Overview

Identities

🤖 gitlab-operator-cert-manager

🔑 Permissions (61)

⚠️ Potential Abuse (6)

📦 Workloads (1)

🤖 gitlab-manager

🔑 Permissions (31)

⚠️ Potential Abuse (32)

📦 Workloads (1)

🤖 gitlab-nginx-ingress

🔑 Permissions (25)

⚠️ Potential Abuse (3)

📦 Workloads (0)

🤖 gitlab-operator-cert-manager-cainjector

🔑 Permissions (14)

⚠️ Potential Abuse (5)

📦 Workloads (1)

🤖 gitlab-prometheus-server

🔑 Permissions (12)

⚠️ Potential Abuse (3)

📦 Workloads (0)

🤖 gitlab-operator-cert-manager-webhook

🔑 Permissions (3)

⚠️ Potential Abuse (3)

📦 Workloads (1)

🤖 gitlab-app-nonroot

🔑 Permissions (1)

⚠️ Potential Abuse (1)

📦 Workloads (0)

🤖 gitlab-operator-cert-manager-startupapicheck

🔑 Permissions (1)

⚠️ Potential Abuse (1)

📦 Workloads (1)

🤖 `gitlab-operator-cert-manager`

🤖 `gitlab-manager`

🤖 `gitlab-nginx-ingress`

🤖 `gitlab-operator-cert-manager-cainjector`

🤖 `gitlab-prometheus-server`

🤖 `gitlab-operator-cert-manager-webhook`

🤖 `gitlab-app-nonroot`

🤖 `gitlab-operator-cert-manager-startupapicheck`