In the table below, you can view all checks present on Marvin. Click on the #ID column item for more details about each check.
| Framework | #ID | Severity | Message |
|---|---|---|---|
| CIS Benchmarks | M-500 | Medium | Workloads in default namespace |
| General | M-400 | Medium | Image tagged latest |
| M-401 | Low | Unmanaged Pod | |
| M-402 | Medium | Readiness and startup probe not configured | |
| M-403 | Medium | Liveness probe not configured | |
| M-404 | Medium | Memory requests not specified | |
| M-405 | Medium | CPU requests not specified | |
| M-406 | Medium | Memory not limited | |
| M-407 | Medium | CPU not limited | |
| M-408 | Medium | Sudo in container entrypoint | |
| M-409 | Medium | Deprecated image registry | |
| M-410 | Medium | Resource is using an invalid restartPolicy | |
| M-411 | Medium | Role Binding referencing anonymous user or unauthenticated group | |
| NSA-CISA | M-300 | Low | Root filesystem write allowed |
| MITRE ATT&CK | M-200 | Medium | Image registry not allowed |
| M-201 | High | Application credentials stored in configuration files | |
| M-202 | Low | Automounted service account token | |
| M-203 | Low | SSH server running inside container | |
| PSS - Baseline | M-100 | High | Privileged access to the Windows node |
| M-101 | High | Host namespaces | |
| M-102 | High | Privileged container | |
| M-103 | High | Insecure capabilities | |
| M-104 | High | HostPath volume | |
| M-105 | High | Not allowed hostPort | |
| M-106 | Medium | Forbidden AppArmor profile | |
| M-107 | Medium | Forbidden SELinux options | |
| M-108 | Medium | Forbidden proc mount type | |
| M-109 | Medium | Forbidden seccomp profile | |
| M-110 | Medium | Unsafe sysctls | |
| PSS - Restricted | M-111 | Low | Not allowed volume type |
| M-112 | Medium | Allowed privilege escalation | |
| M-113 | Medium | Container could be running as root user | |
| M-114 | Medium | Container running as root UID | |
| M-115 | Low | Not allowed seccomp profile | |
| M-116 | Low | Not allowed added/dropped capabilities |