1 Service Accounts
1 Workloads
36 Bindings
1 High
35 Low
Description
Helm chart for the deployment of JFrog Runtime Security Agents within a Kubernetes environment.
Overview
| Identity | Namespace | Automount | Secrets | Permissions | Workloads | Risk |
|---|---|---|---|---|---|---|
runtimesa | default | ❌ | — | 36 | 1 | High |
Numbers in the last two columns indicate how many bindings or workloads involve each ServiceAccount.
Identities
🤖 runtimesa
Namespace: default | Automount: ❌
🔑 Permissions (36)
| Role | Resource | Verbs | Risk | Tags |
|---|---|---|---|---|
ClusterRole runtime-view | core/configmaps | get · list · update · watch | High | ConfigMapAccess DataExposure InformationDisclosure |
ClusterRole runtime-view | apps/configmaps | get · list · update · watch | Low | |
Role configmap-creator | core/configmaps | create · update | Low | |
ClusterRole runtime-view | deployments/configmaps | get · list · update · watch | Low | |
ClusterRole runtime-view | extensions/configmaps | get · list · update · watch | Low | |
ClusterRole runtime-view | nodes/configmaps | get · list · update · watch | Low | |
ClusterRole runtime-view | pods/configmaps | get · list · update · watch | Low | |
ClusterRole runtime-view | v1/configmaps | get · list · update · watch | Low | |
ClusterRole runtime-view | apps/deployments | get · list · update · watch | Low | |
ClusterRole runtime-view | core/deployments | get · list · update · watch | Low | |
ClusterRole runtime-view | deployments/deployments | get · list · update · watch | Low | |
ClusterRole runtime-view | extensions/deployments | get · list · update · watch | Low | |
ClusterRole runtime-view | nodes/deployments | get · list · update · watch | Low | |
ClusterRole runtime-view | pods/deployments | get · list · update · watch | Low | |
ClusterRole runtime-view | v1/deployments | get · list · update · watch | Low | |
ClusterRole runtime-view | apps/nodes | get · list · update · watch | Low | |
ClusterRole runtime-view | core/nodes | get · list · update · watch | Low | |
ClusterRole runtime-view | deployments/nodes | get · list · update · watch | Low | |
ClusterRole runtime-view | extensions/nodes | get · list · update · watch | Low | |
ClusterRole runtime-view | nodes/nodes | get · list · update · watch | Low | |
ClusterRole runtime-view | pods/nodes | get · list · update · watch | Low | |
ClusterRole runtime-view | v1/nodes | get · list · update · watch | Low | |
ClusterRole runtime-view | apps/pods | get · list · update · watch | Low | |
ClusterRole runtime-view | core/pods | get · list · update · watch | Low | |
ClusterRole runtime-view | deployments/pods | get · list · update · watch | Low | |
ClusterRole runtime-view | extensions/pods | get · list · update · watch | Low | |
ClusterRole runtime-view | nodes/pods | get · list · update · watch | Low | |
ClusterRole runtime-view | pods/pods | get · list · update · watch | Low | |
ClusterRole runtime-view | v1/pods | get · list · update · watch | Low | |
ClusterRole runtime-view | apps/replicationcontrollers | get · list · update · watch | Low | |
ClusterRole runtime-view | core/replicationcontrollers | get · list · update · watch | Low | |
ClusterRole runtime-view | deployments/replicationcontrollers | get · list · update · watch | Low | |
ClusterRole runtime-view | extensions/replicationcontrollers | get · list · update · watch | Low | |
ClusterRole runtime-view | nodes/replicationcontrollers | get · list · update · watch | Low | |
ClusterRole runtime-view | pods/replicationcontrollers | get · list · update · watch | Low | |
ClusterRole runtime-view | v1/replicationcontrollers | get · list · update · watch | Low |
⚠️ Potential Abuse (3)
The following security risks were found based on the above permissions:
📦 Workloads (1)
| Kind | Name | Container | Image |
|---|---|---|---|
| Deployment | jfs-runtime-controller | jfs-runtime-controller | releases-docker.jfrog.io/jfrog/runtime-k8s-controller:0.28.0 |