kics icon indicating copy to clipboard operation
kics copied to clipboard
verified publisher icon Checkmarx

Potentially wrong queries

Open giladshahar opened this issue 2 years ago • 3 comments

there are existing queries that point out non-issues. specifically, having requests.memory/cpu != limits.memory/cpu is not an issue (but a best practice). resource limits are supposed to help users avoid OOM/throttling, while resource requests make sure resources are actually allocated for the containers.

even in the [https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/](link attached) as help for these queries, the example shows limits>requests.

Expected Behavior

containers having requests.memory/cpu != limits.memory/cpu will not trigger an issue.

queries:

aafa7d94-62de-4fbf-8838-b69ee217b0e6 9d43040e-e703-4e16-8bfe-8d4da10fa7e6 aee3c7d2-a811-4201-90c7-11c028be9a46

should be removed

Actual Behavior

containers having requests.memory/cpu != limits.memory/cpu trigger an issue.

giladshahar avatar Mar 14 '23 14:03 giladshahar

Do you suggest to to remove these queries or change their severity (e.g. informational) ?

kaplanlior avatar Mar 16 '23 20:03 kaplanlior

well I'd remove them

giladshahar avatar Mar 23 '23 08:03 giladshahar

Hi @giladshahar ,

Thank you for your inputs on this. We asked our AppSec team to have a look on this. We will update you asap.

(APPSEC-2347)

gabriel-cx avatar Mar 05 '24 11:03 gabriel-cx