Test Report : datree_test_junit.xml

Test Suite: /Users/royhadad/Desktop/datree-repos/datree/internal/fixtures/kube/skipRule/k8s-demo-skip-two.yaml

Results

Duration0.0 sec
Tests34
Failures6

Tests

PODDISRUPTIONBUDGET_DENY_ZERO_VOLUNTARY_DISRUPTION

Test case:Allows pods to undergo least voluntary disruption
Outcome:Passed
Duration:0.0 sec
FailedNone
None

CONTAINER_CVE2021_25741_INCORRECT_SUBPATH_KEY

Test case:Prevent container security vulnerability (CVE-2021-25741)
Outcome:Passed
Duration:0.0 sec
FailedNone
None

CONTAINERS_MISSING_IMAGE_VALUE_VERSION

Test case:Ensure each container image has a pinned (tag) version
Outcome:Failed
Duration:0.0 sec
FailedIncorrect value for key `image` - specify an image version to avoid unpleasant "version surprises" in the future
1 occurrences
- metadata.name: rss-site (kind: Deployment)
0 skipped

CONTAINERS_MISSING_MEMORY_REQUEST_KEY

Test case:Ensure each container has a configured memory request
Outcome:Passed
Duration:0.0 sec
FailedNone
None

CONTAINERS_MISSING_CPU_REQUEST_KEY

Test case:Ensure each container has a configured CPU request
Outcome:Passed
Duration:0.0 sec
FailedNone
None

CONTAINERS_MISSING_MEMORY_LIMIT_KEY

Test case:Ensure each container has a configured memory limit
Outcome:Failed
Duration:0.0 sec
FailedMissing property object `limits.memory` - value should be within the accepted boundaries recommended by the organization
1 occurrences
- metadata.name: rss-site (kind: Deployment)
0 skipped

CONTAINERS_MISSING_CPU_LIMIT_KEY

Test case:Ensure each container has a configured CPU limit
Outcome:Passed
Duration:0.0 sec
FailedNone
None

INGRESS_INCORRECT_HOST_VALUE_PERMISSIVE

Test case:Prevent Ingress from forwarding all traffic to a single container
Outcome:Passed
Duration:0.0 sec
FailedNone
None

SERVICE_INCORRECT_TYPE_VALUE_NODEPORT

Test case:Prevent Service from exposing node port
Outcome:Passed
Duration:0.0 sec
FailedNone
None

CRONJOB_INVALID_SCHEDULE_VALUE

Test case:Ensure CronJob scheduler is valid
Outcome:Passed
Duration:0.0 sec
FailedNone
None

WORKLOAD_INVALID_LABELS_VALUE

Test case:Ensure workload has valid label values
Outcome:Skipped
Duration:0.0 sec
FailedIncorrect value for key(s) under `labels` - the vales syntax is not valid so the Kubernetes engine will not accept it
SkippedAll failing configs skipped
1 occurrences
- metadata.name: rss-site (kind: Deployment)
1 skipped
- metadata.name: rss-site (kind: Deployment)

skipped

WORKLOAD_INCORRECT_RESTARTPOLICY_VALUE_ALWAYS

Test case:Ensure deployment-like resource is using a valid restart policy
Outcome:Passed
Duration:0.0 sec
FailedNone
None

CONTAINERS_MISSING_LIVENESSPROBE_KEY

Test case:Ensure each container has a configured liveness probe
Outcome:Skipped
Duration:0.0 sec
FailedMissing property object `livenessProbe` - add a properly configured livenessProbe to catch possible deadlocks
SkippedAll failing configs skipped
1 occurrences
- metadata.name: rss-site (kind: Deployment)
1 skipped
- metadata.name: rss-site (kind: Deployment)

skipped

CONTAINERS_MISSING_READINESSPROBE_KEY

Test case:Ensure each container has a configured readiness probe
Outcome:Passed
Duration:0.0 sec
FailedNone
None

HPA_MISSING_MINREPLICAS_KEY

Test case:Ensure HPA has minimum replicas configured
Outcome:Passed
Duration:0.0 sec
FailedNone
None

HPA_MISSING_MAXREPLICAS_KEY

Test case:Ensure HPA has maximum replicas configured
Outcome:Passed
Duration:0.0 sec
FailedNone
None

WORKLOAD_INCORRECT_NAMESPACE_VALUE_DEFAULT

Test case:Prevent workload from using the default namespace
Outcome:Passed
Duration:0.0 sec
FailedNone
None

DEPLOYMENT_INCORRECT_REPLICAS_VALUE

Test case:Ensure Deployment has more than one replica configured
Outcome:Passed
Duration:0.0 sec
FailedNone
None

CRONJOB_MISSING_STARTINGDEADLINESECOND_KEY

Test case:Ensure CronJob has a configured deadline
Outcome:Passed
Duration:0.0 sec
FailedNone
None

K8S_DEPRECATED_APIVERSION_1.16

Test case:Prevent deprecated APIs in Kubernetes v1.16
Outcome:Passed
Duration:0.0 sec
FailedNone
None

K8S_DEPRECATED_APIVERSION_1.17

Test case:Prevent deprecated APIs in Kubernetes v1.17
Outcome:Passed
Duration:0.0 sec
FailedNone
None

CONTAINERS_INCORRECT_PRIVILEGED_VALUE_TRUE

Test case:Prevent containers from having root access capabilities
Outcome:Passed
Duration:0.0 sec
FailedNone
None

WORKLOAD_MISSING_LABEL_OWNER_VALUE

Test case:Ensure workload has a configured `owner` label
Outcome:Passed
Duration:0.0 sec
FailedNone
None

DEPLOYMENT_MISSING_LABEL_ENV_VALUE

Test case:Ensure Deployment has a configured `env` label
Outcome:Failed
Duration:0.0 sec
FailedMissing label object `env` - add a proper environment description (e.g. "prod", "testing", etc.) to the Deployment config
1 occurrences
- metadata.name: rss-site (kind: Deployment)
0 skipped

CONTAINERS_MISSING_IMAGE_VALUE_DIGEST

Test case:Ensure each container image has a digest tag
Outcome:Failed
Duration:0.0 sec
FailedIncorrect value for key `image` - add a digest tag (starts with `@sha256:`) to represent an immutable version of the image
1 occurrences
- metadata.name: rss-site (kind: Deployment)
0 skipped

CRONJOB_MISSING_CONCURRENCYPOLICY_KEY

Test case:Prevent CronJob from executing jobs concurrently
Outcome:Passed
Duration:0.0 sec
FailedNone
None

K8S_INCORRECT_KIND_VALUE_POD

Test case:Prevent deploying naked pods
Outcome:Passed
Duration:0.0 sec
FailedNone
None

CONTAINERS_INCORRECT_HOSTPID_VALUE_TRUE

Test case:Prevent containers from sharing the host's PID namespace
Outcome:Passed
Duration:0.0 sec
FailedNone
None

CONTAINERS_INCORRECT_HOSTIPC_VALUE_TRUE

Test case:Prevent containers from sharing the host`s IPC namespace
Outcome:Passed
Duration:0.0 sec
FailedNone
None

CONTAINERS_INCORRECT_HOSTNETWORK_VALUE_TRUE

Test case:Prevent containers from sharing the host's network namespace
Outcome:Passed
Duration:0.0 sec
FailedNone
None

CONTAINERS_INCORRECT_RUNASUSER_VALUE_LOWUID

Test case:Prevent containers from accessing host files by using high UIDs
Outcome:Passed
Duration:0.0 sec
FailedNone
None

CONTAINERS_INCORRECT_PATH_VALUE_DOCKERSOCKET

Test case:Prevent containers from mounting Docker socket
Outcome:Passed
Duration:0.0 sec
FailedNone
None

INGRESS_CVE2021_25742_INCORRECT_SERVER_SNIPPET_KEY

Test case:Prevent Ingress security vulnerability (CVE-2021-25742)
Outcome:Passed
Duration:0.0 sec
FailedNone
None

INGRESS_INCORRECT_DOMAIN_NAME

Test case:Deny invalid domain names in ingress hosts
Outcome:Passed
Duration:0.0 sec
FailedNone
None

Test Suite: policySummary

Suite Properties

policyNameDefault
totalRulesInPolicy34
totalSkippedRules2
totalRulesFailed4
totalPassedCount28

Results

Duration0.0 sec
Tests0
Failures0

Tests

Test Suite: evaluationSummary

Suite Properties

configsCount1
filesCount1
passedYamlValidationCount1
k8sValidation1/1
passedPolicyValidationCount0

Results

Duration0.0 sec
Tests0
Failures0

Tests

Generated by junit2html