Skip to content

fix: clamav volumeClaimTemplates use matchLabels #522

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 16 commits into
base: master
Choose a base branch
from
Open

fix: clamav volumeClaimTemplates use matchLabels #522

wants to merge 16 commits into from

Conversation

@DrPsychick
Copy link
Collaborator

@DrPsychick DrPsychick commented Nov 16, 2025
edited
Loading

fixes #513

@DrPsychick
fix: clamav volumeClaimTemplates use matchLabels
40b36eb 
replace bitnami common templates
@github-actions github-actions bot added the area/charts Changes made in the charts directory label Nov 16, 2025
@DrPsychick DrPsychick marked this pull request as draft November 16, 2025 18:13
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 16, 2025
View reviewed changes
charts/mailu/templates/postfix/deployment.yaml Outdated

Check failure

Code scanning / Trivy

Root file system is not read-only High

Artifact: charts/mailu/templates/postfix/deployment.yaml
Type: helm
Vulnerability KSV014
Severity: HIGH
Message: Container 'postfix' of Deployment 'mailu-postfix' should set 'securityContext.readOnlyRootFilesystem' to true
Link: KSV014
charts/mailu/templates/postfix/deployment.yaml Outdated

Check failure

Code scanning / Trivy

Default security context configured High

Artifact: charts/mailu/templates/postfix/deployment.yaml
Type: helm
Vulnerability KSV118
Severity: HIGH
Message: container mailu-postfix in namespace is using the default security context
Link: KSV118
charts/mailu/templates/postfix/deployment.yaml Outdated

Check warning

Code scanning / Trivy

Can elevate its own privileges Medium

Artifact: charts/mailu/templates/postfix/deployment.yaml
Type: helm
Vulnerability KSV001
Severity: MEDIUM
Message: Container 'postfix' of Deployment 'mailu-postfix' should set 'securityContext.allowPrivilegeEscalation' to false
Link: KSV001
charts/mailu/templates/postfix/deployment.yaml Outdated

Check warning

Code scanning / Trivy

Runs as root user Medium

Artifact: charts/mailu/templates/postfix/deployment.yaml
Type: helm
Vulnerability KSV012
Severity: MEDIUM
Message: Container 'postfix' of Deployment 'mailu-postfix' should set 'securityContext.runAsNonRoot' to true
Link: KSV012
charts/mailu/templates/postfix/deployment.yaml Outdated

Check warning

Code scanning / Trivy

Seccomp policies disabled Medium

Artifact: charts/mailu/templates/postfix/deployment.yaml
Type: helm
Vulnerability KSV104
Severity: MEDIUM
Message: container "postfix" of deployment "mailu-postfix" in "" namespace should specify a seccomp profile
Link: KSV104
charts/mailu/templates/postfix/deployment.yaml Outdated

Check notice

Code scanning / Trivy

Runtime/Default Seccomp profile not set Low

Artifact: charts/mailu/templates/postfix/deployment.yaml
Type: helm
Vulnerability KSV030
Severity: LOW
Message: Either Pod or Container should set 'securityContext.seccompProfile.type' to 'RuntimeDefault'
Link: KSV030
charts/mailu/templates/postfix/deployment.yaml Outdated

Check notice

Code scanning / Trivy

Runs with GID <= 10000 Low

Artifact: charts/mailu/templates/postfix/deployment.yaml
Type: helm
Vulnerability KSV021
Severity: LOW
Message: Container 'postfix' of Deployment 'mailu-postfix' should set 'securityContext.runAsGroup' > 10000
Link: KSV021
charts/mailu/templates/postfix/deployment.yaml Outdated

Check notice

Code scanning / Trivy

Runs with UID <= 10000 Low

Artifact: charts/mailu/templates/postfix/deployment.yaml
Type: helm
Vulnerability KSV020
Severity: LOW
Message: Container 'postfix' of Deployment 'mailu-postfix' should set 'securityContext.runAsUser' > 10000
Link: KSV020
charts/mailu/templates/postfix/deployment.yaml Outdated

Check notice

Code scanning / Trivy

Default capabilities: some containers do not drop any Low

Artifact: charts/mailu/templates/postfix/deployment.yaml
Type: helm
Vulnerability KSV004
Severity: LOW
Message: Container 'postfix' of 'deployment' 'mailu-postfix' in '' namespace should set securityContext.capabilities.drop
Link: KSV004
charts/mailu/templates/postfix/deployment.yaml Outdated

Check notice

Code scanning / Trivy

Default capabilities: some containers do not drop all Low

Artifact: charts/mailu/templates/postfix/deployment.yaml
Type: helm
Vulnerability KSV003
Severity: LOW
Message: Container 'postfix' of Deployment 'mailu-postfix' should add 'ALL' to 'securityContext.capabilities.drop'
Link: KSV003
@DrPsychick DrPsychick marked this pull request as ready for review November 16, 2025 19:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

area/charts Changes made in the charts directory

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[BUG] Statefulset volumeClaimTemplate include versioned labels

1 participant

@DrPsychick