Experience Builder


Terraform

< Back

Repository
Azure / caf-terraform-landingzones
Description

Azure Terraform SRE framework

Stars

 709

Failed Checks
  •  Security Scanning
     Linting

  • Scan Date

    2023-10-30 17:57:40

    Security Scanning

    This repository failed the Experience Builder Terraform Module's Security Scanning validation. This means that a security scanning tool was not found to be implemented in any of the CICD tool configuration files in the repository.

    There is an opportunity to:

    Checkov Output
                    
                      2023-10-05 14:44:49,500 [MainThread  ] [WARNI]  Failed to download module aztfmod/caf/azurerm:5.7.5 (for external modules, the --download-external-modules flag is required)
    2023-10-05 14:44:49,501 [MainThread  ] [WARNI]  Failed to download module aztfmod/caf/azurerm//modules/security/dynamic_keyvault_secrets:5.7.5 (for external modules, the --download-external-modules flag is required)
    2023-10-05 14:44:49,501 [MainThread  ] [WARNI]  Failed to download module aztfmod/caf/azurerm:~>5.6.8 (for external modules, the --download-external-modules flag is required)
    2023-10-05 14:44:49,501 [MainThread  ] [WARNI]  Failed to download module aztfmod/caf/azurerm//modules/security/dynamic_keyvault_secrets:~>5.6.8 (for external modules, the --download-external-modules flag is required)
    2023-10-05 14:44:49,501 [MainThread  ] [WARNI]  Failed to download module aztfmod/caf/azurerm:~>5.3.0 (for external modules, the --download-external-modules flag is required)
    2023-10-05 14:44:49,502 [MainThread  ] [WARNI]  Failed to download module Azure/caf-enterprise-scale/azurerm:4.2.0 (for external modules, the --download-external-modules flag is required)
    terraform scan results:
    
    Passed checks: 6, Failed checks: 0, Skipped checks: 0
    
    kubernetes scan results:
    
    Passed checks: 136, Failed checks: 39, Skipped checks: 0
    
    Check: CKV_K8S_21: "The default namespace should not be used"
    	FAILED for resource: Secret.default.azdopat-secret
    	File: /caf_solution/add-ons/aks_azure_devops_agents/yamls/azdopat-secret.yaml:1-6
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-20.html
    
    		1 | apiVersion: v1
    		2 | kind: Secret
    		3 | metadata:
    		4 |   name: azdopat-secret
    		5 | data:
    		6 |   personalAccessToken: ${pat}
    Check: CKV_K8S_11: "CPU limits should be set"
    	FAILED for resource: Job.default.placeholder-agent
    	File: /caf_solution/add-ons/aks_azure_devops_agents/yamls/placeholderjob.yaml:1-38
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-10.html
    
    		1  | apiVersion: batch/v1
    		2  | kind: Job
    		3  | metadata:
    		4  |   name: placeholder-agent
    		5  |   labels:
    		6  |     app: placeholder-agent
    		7  | spec:
    		8  |   activeDeadlineSeconds: 180
    		9  |   template:
    		10 |     metadata:
    		11 |       labels:
    		12 |         aadpodidbinding: ${podmi}
    		13 |         app: placeholder-agent
    		14 |     spec:
    		15 |       containers:
    		16 |       - name: azdevops-agent-job
    		17 |         image: ${image}
    		18 |         imagePullPolicy: Always
    		19 |         env:
    		20 |           - name: VSTS_AGENT_INPUT_URL
    		21 |             value: ${VSTS_AGENT_INPUT_URL}
    		22 |           - name: VSTS_AGENT_INPUT_TOKEN
    		23 |             valueFrom:
    		24 |                 secretKeyRef:
    		25 |                   name: pat-secret-sync
    		26 |                   key: personalAccessToken
    		27 |           - name: VSTS_AGENT_INPUT_POOL
    		28 |             value: ${VSTS_AGENT_INPUT_POOL}
    		29 |           - name: VSTS_AGENT_INPUT_AUTH
    		30 |             value: "pat"
    		31 |           - name: VSTS_AGENT_INPUT_RUN_ARGS
    		32 |             value: "--once"
    		33 |         # lifecycle:
    		34 |         #   preStop:
    		35 |         #     exec:
    		36 |         #       # SIGTERM triggers a quick exit; gracefully terminate instead
    		37 |         #       command: ["/home/vscode/agent/config.sh","remove","--unattended"]
    		38 |       restartPolicy: Never
    Check: CKV_K8S_31: "Ensure that the seccomp profile is set to docker/default or runtime/default"
    	FAILED for resource: Job.default.placeholder-agent
    	File: /caf_solution/add-ons/aks_azure_devops_agents/yamls/placeholderjob.yaml:1-38
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-29.html
    
    		1  | apiVersion: batch/v1
    		2  | kind: Job
    		3  | metadata:
    		4  |   name: placeholder-agent
    		5  |   labels:
    		6  |     app: placeholder-agent
    		7  | spec:
    		8  |   activeDeadlineSeconds: 180
    		9  |   template:
    		10 |     metadata:
    		11 |       labels:
    		12 |         aadpodidbinding: ${podmi}
    		13 |         app: placeholder-agent
    		14 |     spec:
    		15 |       containers:
    		16 |       - name: azdevops-agent-job
    		17 |         image: ${image}
    		18 |         imagePullPolicy: Always
    		19 |         env:
    		20 |           - name: VSTS_AGENT_INPUT_URL
    		21 |             value: ${VSTS_AGENT_INPUT_URL}
    		22 |           - name: VSTS_AGENT_INPUT_TOKEN
    		23 |             valueFrom:
    		24 |                 secretKeyRef:
    		25 |                   name: pat-secret-sync
    		26 |                   key: personalAccessToken
    		27 |           - name: VSTS_AGENT_INPUT_POOL
    		28 |             value: ${VSTS_AGENT_INPUT_POOL}
    		29 |           - name: VSTS_AGENT_INPUT_AUTH
    		30 |             value: "pat"
    		31 |           - name: VSTS_AGENT_INPUT_RUN_ARGS
    		32 |             value: "--once"
    		33 |         # lifecycle:
    		34 |         #   preStop:
    		35 |         #     exec:
    		36 |         #       # SIGTERM triggers a quick exit; gracefully terminate instead
    		37 |         #       command: ["/home/vscode/agent/config.sh","remove","--unattended"]
    		38 |       restartPolicy: Never
    Check: CKV_K8S_10: "CPU requests should be set"
    	FAILED for resource: Job.default.placeholder-agent
    	File: /caf_solution/add-ons/aks_azure_devops_agents/yamls/placeholderjob.yaml:1-38
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-9.html
    
    		1  | apiVersion: batch/v1
    		2  | kind: Job
    		3  | metadata:
    		4  |   name: placeholder-agent
    		5  |   labels:
    		6  |     app: placeholder-agent
    		7  | spec:
    		8  |   activeDeadlineSeconds: 180
    		9  |   template:
    		10 |     metadata:
    		11 |       labels:
    		12 |         aadpodidbinding: ${podmi}
    		13 |         app: placeholder-agent
    		14 |     spec:
    		15 |       containers:
    		16 |       - name: azdevops-agent-job
    		17 |         image: ${image}
    		18 |         imagePullPolicy: Always
    		19 |         env:
    		20 |           - name: VSTS_AGENT_INPUT_URL
    		21 |             value: ${VSTS_AGENT_INPUT_URL}
    		22 |           - name: VSTS_AGENT_INPUT_TOKEN
    		23 |             valueFrom:
    		24 |                 secretKeyRef:
    		25 |                   name: pat-secret-sync
    		26 |                   key: personalAccessToken
    		27 |           - name: VSTS_AGENT_INPUT_POOL
    		28 |             value: ${VSTS_AGENT_INPUT_POOL}
    		29 |           - name: VSTS_AGENT_INPUT_AUTH
    		30 |             value: "pat"
    		31 |           - name: VSTS_AGENT_INPUT_RUN_ARGS
    		32 |             value: "--once"
    		33 |         # lifecycle:
    		34 |         #   preStop:
    		35 |         #     exec:
    		36 |         #       # SIGTERM triggers a quick exit; gracefully terminate instead
    		37 |         #       command: ["/home/vscode/agent/config.sh","remove","--unattended"]
    		38 |       restartPolicy: Never
    Check: CKV_K8S_21: "The default namespace should not be used"
    	FAILED for resource: Job.default.placeholder-agent
    	File: /caf_solution/add-ons/aks_azure_devops_agents/yamls/placeholderjob.yaml:1-38
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-20.html
    
    		1  | apiVersion: batch/v1
    		2  | kind: Job
    		3  | metadata:
    		4  |   name: placeholder-agent
    		5  |   labels:
    		6  |     app: placeholder-agent
    		7  | spec:
    		8  |   activeDeadlineSeconds: 180
    		9  |   template:
    		10 |     metadata:
    		11 |       labels:
    		12 |         aadpodidbinding: ${podmi}
    		13 |         app: placeholder-agent
    		14 |     spec:
    		15 |       containers:
    		16 |       - name: azdevops-agent-job
    		17 |         image: ${image}
    		18 |         imagePullPolicy: Always
    		19 |         env:
    		20 |           - name: VSTS_AGENT_INPUT_URL
    		21 |             value: ${VSTS_AGENT_INPUT_URL}
    		22 |           - name: VSTS_AGENT_INPUT_TOKEN
    		23 |             valueFrom:
    		24 |                 secretKeyRef:
    		25 |                   name: pat-secret-sync
    		26 |                   key: personalAccessToken
    		27 |           - name: VSTS_AGENT_INPUT_POOL
    		28 |             value: ${VSTS_AGENT_INPUT_POOL}
    		29 |           - name: VSTS_AGENT_INPUT_AUTH
    		30 |             value: "pat"
    		31 |           - name: VSTS_AGENT_INPUT_RUN_ARGS
    		32 |             value: "--once"
    		33 |         # lifecycle:
    		34 |         #   preStop:
    		35 |         #     exec:
    		36 |         #       # SIGTERM triggers a quick exit; gracefully terminate instead
    		37 |         #       command: ["/home/vscode/agent/config.sh","remove","--unattended"]
    		38 |       restartPolicy: Never
    Check: CKV_K8S_30: "Apply security context to your containers"
    	FAILED for resource: Job.default.placeholder-agent
    	File: /caf_solution/add-ons/aks_azure_devops_agents/yamls/placeholderjob.yaml:1-38
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-28.html
    
    		1  | apiVersion: batch/v1
    		2  | kind: Job
    		3  | metadata:
    		4  |   name: placeholder-agent
    		5  |   labels:
    		6  |     app: placeholder-agent
    		7  | spec:
    		8  |   activeDeadlineSeconds: 180
    		9  |   template:
    		10 |     metadata:
    		11 |       labels:
    		12 |         aadpodidbinding: ${podmi}
    		13 |         app: placeholder-agent
    		14 |     spec:
    		15 |       containers:
    		16 |       - name: azdevops-agent-job
    		17 |         image: ${image}
    		18 |         imagePullPolicy: Always
    		19 |         env:
    		20 |           - name: VSTS_AGENT_INPUT_URL
    		21 |             value: ${VSTS_AGENT_INPUT_URL}
    		22 |           - name: VSTS_AGENT_INPUT_TOKEN
    		23 |             valueFrom:
    		24 |                 secretKeyRef:
    		25 |                   name: pat-secret-sync
    		26 |                   key: personalAccessToken
    		27 |           - name: VSTS_AGENT_INPUT_POOL
    		28 |             value: ${VSTS_AGENT_INPUT_POOL}
    		29 |           - name: VSTS_AGENT_INPUT_AUTH
    		30 |             value: "pat"
    		31 |           - name: VSTS_AGENT_INPUT_RUN_ARGS
    		32 |             value: "--once"
    		33 |         # lifecycle:
    		34 |         #   preStop:
    		35 |         #     exec:
    		36 |         #       # SIGTERM triggers a quick exit; gracefully terminate instead
    		37 |         #       command: ["/home/vscode/agent/config.sh","remove","--unattended"]
    		38 |       restartPolicy: Never
    Check: CKV_K8S_29: "Apply security context to your pods and containers"
    	FAILED for resource: Job.default.placeholder-agent
    	File: /caf_solution/add-ons/aks_azure_devops_agents/yamls/placeholderjob.yaml:1-38
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-securitycontext-is-applied-to-pods-and-containers.html
    
    		1  | apiVersion: batch/v1
    		2  | kind: Job
    		3  | metadata:
    		4  |   name: placeholder-agent
    		5  |   labels:
    		6  |     app: placeholder-agent
    		7  | spec:
    		8  |   activeDeadlineSeconds: 180
    		9  |   template:
    		10 |     metadata:
    		11 |       labels:
    		12 |         aadpodidbinding: ${podmi}
    		13 |         app: placeholder-agent
    		14 |     spec:
    		15 |       containers:
    		16 |       - name: azdevops-agent-job
    		17 |         image: ${image}
    		18 |         imagePullPolicy: Always
    		19 |         env:
    		20 |           - name: VSTS_AGENT_INPUT_URL
    		21 |             value: ${VSTS_AGENT_INPUT_URL}
    		22 |           - name: VSTS_AGENT_INPUT_TOKEN
    		23 |             valueFrom:
    		24 |                 secretKeyRef:
    		25 |                   name: pat-secret-sync
    		26 |                   key: personalAccessToken
    		27 |           - name: VSTS_AGENT_INPUT_POOL
    		28 |             value: ${VSTS_AGENT_INPUT_POOL}
    		29 |           - name: VSTS_AGENT_INPUT_AUTH
    		30 |             value: "pat"
    		31 |           - name: VSTS_AGENT_INPUT_RUN_ARGS
    		32 |             value: "--once"
    		33 |         # lifecycle:
    		34 |         #   preStop:
    		35 |         #     exec:
    		36 |         #       # SIGTERM triggers a quick exit; gracefully terminate instead
    		37 |         #       command: ["/home/vscode/agent/config.sh","remove","--unattended"]
    		38 |       restartPolicy: Never
    Check: CKV_K8S_22: "Use read-only filesystem for containers where possible"
    	FAILED for resource: Job.default.placeholder-agent
    	File: /caf_solution/add-ons/aks_azure_devops_agents/yamls/placeholderjob.yaml:1-38
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-21.html
    
    		1  | apiVersion: batch/v1
    		2  | kind: Job
    		3  | metadata:
    		4  |   name: placeholder-agent
    		5  |   labels:
    		6  |     app: placeholder-agent
    		7  | spec:
    		8  |   activeDeadlineSeconds: 180
    		9  |   template:
    		10 |     metadata:
    		11 |       labels:
    		12 |         aadpodidbinding: ${podmi}
    		13 |         app: placeholder-agent
    		14 |     spec:
    		15 |       containers:
    		16 |       - name: azdevops-agent-job
    		17 |         image: ${image}
    		18 |         imagePullPolicy: Always
    		19 |         env:
    		20 |           - name: VSTS_AGENT_INPUT_URL
    		21 |             value: ${VSTS_AGENT_INPUT_URL}
    		22 |           - name: VSTS_AGENT_INPUT_TOKEN
    		23 |             valueFrom:
    		24 |                 secretKeyRef:
    		25 |                   name: pat-secret-sync
    		26 |                   key: personalAccessToken
    		27 |           - name: VSTS_AGENT_INPUT_POOL
    		28 |             value: ${VSTS_AGENT_INPUT_POOL}
    		29 |           - name: VSTS_AGENT_INPUT_AUTH
    		30 |             value: "pat"
    		31 |           - name: VSTS_AGENT_INPUT_RUN_ARGS
    		32 |             value: "--once"
    		33 |         # lifecycle:
    		34 |         #   preStop:
    		35 |         #     exec:
    		36 |         #       # SIGTERM triggers a quick exit; gracefully terminate instead
    		37 |         #       command: ["/home/vscode/agent/config.sh","remove","--unattended"]
    		38 |       restartPolicy: Never
    Check: CKV_K8S_43: "Image should use digest"
    	FAILED for resource: Job.default.placeholder-agent
    	File: /caf_solution/add-ons/aks_azure_devops_agents/yamls/placeholderjob.yaml:1-38
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-39.html
    
    		1  | apiVersion: batch/v1
    		2  | kind: Job
    		3  | metadata:
    		4  |   name: placeholder-agent
    		5  |   labels:
    		6  |     app: placeholder-agent
    		7  | spec:
    		8  |   activeDeadlineSeconds: 180
    		9  |   template:
    		10 |     metadata:
    		11 |       labels:
    		12 |         aadpodidbinding: ${podmi}
    		13 |         app: placeholder-agent
    		14 |     spec:
    		15 |       containers:
    		16 |       - name: azdevops-agent-job
    		17 |         image: ${image}
    		18 |         imagePullPolicy: Always
    		19 |         env:
    		20 |           - name: VSTS_AGENT_INPUT_URL
    		21 |             value: ${VSTS_AGENT_INPUT_URL}
    		22 |           - name: VSTS_AGENT_INPUT_TOKEN
    		23 |             valueFrom:
    		24 |                 secretKeyRef:
    		25 |                   name: pat-secret-sync
    		26 |                   key: personalAccessToken
    		27 |           - name: VSTS_AGENT_INPUT_POOL
    		28 |             value: ${VSTS_AGENT_INPUT_POOL}
    		29 |           - name: VSTS_AGENT_INPUT_AUTH
    		30 |             value: "pat"
    		31 |           - name: VSTS_AGENT_INPUT_RUN_ARGS
    		32 |             value: "--once"
    		33 |         # lifecycle:
    		34 |         #   preStop:
    		35 |         #     exec:
    		36 |         #       # SIGTERM triggers a quick exit; gracefully terminate instead
    		37 |         #       command: ["/home/vscode/agent/config.sh","remove","--unattended"]
    		38 |       restartPolicy: Never
    Check: CKV_K8S_23: "Minimize the admission of root containers"
    	FAILED for resource: Job.default.placeholder-agent
    	File: /caf_solution/add-ons/aks_azure_devops_agents/yamls/placeholderjob.yaml:1-38
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-22.html
    
    		1  | apiVersion: batch/v1
    		2  | kind: Job
    		3  | metadata:
    		4  |   name: placeholder-agent
    		5  |   labels:
    		6  |     app: placeholder-agent
    		7  | spec:
    		8  |   activeDeadlineSeconds: 180
    		9  |   template:
    		10 |     metadata:
    		11 |       labels:
    		12 |         aadpodidbinding: ${podmi}
    		13 |         app: placeholder-agent
    		14 |     spec:
    		15 |       containers:
    		16 |       - name: azdevops-agent-job
    		17 |         image: ${image}
    		18 |         imagePullPolicy: Always
    		19 |         env:
    		20 |           - name: VSTS_AGENT_INPUT_URL
    		21 |             value: ${VSTS_AGENT_INPUT_URL}
    		22 |           - name: VSTS_AGENT_INPUT_TOKEN
    		23 |             valueFrom:
    		24 |                 secretKeyRef:
    		25 |                   name: pat-secret-sync
    		26 |                   key: personalAccessToken
    		27 |           - name: VSTS_AGENT_INPUT_POOL
    		28 |             value: ${VSTS_AGENT_INPUT_POOL}
    		29 |           - name: VSTS_AGENT_INPUT_AUTH
    		30 |             value: "pat"
    		31 |           - name: VSTS_AGENT_INPUT_RUN_ARGS
    		32 |             value: "--once"
    		33 |         # lifecycle:
    		34 |         #   preStop:
    		35 |         #     exec:
    		36 |         #       # SIGTERM triggers a quick exit; gracefully terminate instead
    		37 |         #       command: ["/home/vscode/agent/config.sh","remove","--unattended"]
    		38 |       restartPolicy: Never
    Check: CKV_K8S_40: "Containers should run as a high UID to avoid host conflict"
    	FAILED for resource: Job.default.placeholder-agent
    	File: /caf_solution/add-ons/aks_azure_devops_agents/yamls/placeholderjob.yaml:1-38
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-37.html
    
    		1  | apiVersion: batch/v1
    		2  | kind: Job
    		3  | metadata:
    		4  |   name: placeholder-agent
    		5  |   labels:
    		6  |     app: placeholder-agent
    		7  | spec:
    		8  |   activeDeadlineSeconds: 180
    		9  |   template:
    		10 |     metadata:
    		11 |       labels:
    		12 |         aadpodidbinding: ${podmi}
    		13 |         app: placeholder-agent
    		14 |     spec:
    		15 |       containers:
    		16 |       - name: azdevops-agent-job
    		17 |         image: ${image}
    		18 |         imagePullPolicy: Always
    		19 |         env:
    		20 |           - name: VSTS_AGENT_INPUT_URL
    		21 |             value: ${VSTS_AGENT_INPUT_URL}
    		22 |           - name: VSTS_AGENT_INPUT_TOKEN
    		23 |             valueFrom:
    		24 |                 secretKeyRef:
    		25 |                   name: pat-secret-sync
    		26 |                   key: personalAccessToken
    		27 |           - name: VSTS_AGENT_INPUT_POOL
    		28 |             value: ${VSTS_AGENT_INPUT_POOL}
    		29 |           - name: VSTS_AGENT_INPUT_AUTH
    		30 |             value: "pat"
    		31 |           - name: VSTS_AGENT_INPUT_RUN_ARGS
    		32 |             value: "--once"
    		33 |         # lifecycle:
    		34 |         #   preStop:
    		35 |         #     exec:
    		36 |         #       # SIGTERM triggers a quick exit; gracefully terminate instead
    		37 |         #       command: ["/home/vscode/agent/config.sh","remove","--unattended"]
    		38 |       restartPolicy: Never
    Check: CKV_K8S_35: "Prefer using secrets as files over secrets as environment variables"
    	FAILED for resource: Job.default.placeholder-agent
    	File: /caf_solution/add-ons/aks_azure_devops_agents/yamls/placeholderjob.yaml:1-38
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-33.html
    
    		1  | apiVersion: batch/v1
    		2  | kind: Job
    		3  | metadata:
    		4  |   name: placeholder-agent
    		5  |   labels:
    		6  |     app: placeholder-agent
    		7  | spec:
    		8  |   activeDeadlineSeconds: 180
    		9  |   template:
    		10 |     metadata:
    		11 |       labels:
    		12 |         aadpodidbinding: ${podmi}
    		13 |         app: placeholder-agent
    		14 |     spec:
    		15 |       containers:
    		16 |       - name: azdevops-agent-job
    		17 |         image: ${image}
    		18 |         imagePullPolicy: Always
    		19 |         env:
    		20 |           - name: VSTS_AGENT_INPUT_URL
    		21 |             value: ${VSTS_AGENT_INPUT_URL}
    		22 |           - name: VSTS_AGENT_INPUT_TOKEN
    		23 |             valueFrom:
    		24 |                 secretKeyRef:
    		25 |                   name: pat-secret-sync
    		26 |                   key: personalAccessToken
    		27 |           - name: VSTS_AGENT_INPUT_POOL
    		28 |             value: ${VSTS_AGENT_INPUT_POOL}
    		29 |           - name: VSTS_AGENT_INPUT_AUTH
    		30 |             value: "pat"
    		31 |           - name: VSTS_AGENT_INPUT_RUN_ARGS
    		32 |             value: "--once"
    		33 |         # lifecycle:
    		34 |         #   preStop:
    		35 |         #     exec:
    		36 |         #       # SIGTERM triggers a quick exit; gracefully terminate instead
    		37 |         #       command: ["/home/vscode/agent/config.sh","remove","--unattended"]
    		38 |       restartPolicy: Never
    Check: CKV_K8S_13: "Memory limits should be set"
    	FAILED for resource: Job.default.placeholder-agent
    	File: /caf_solution/add-ons/aks_azure_devops_agents/yamls/placeholderjob.yaml:1-38
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-12.html
    
    		1  | apiVersion: batch/v1
    		2  | kind: Job
    		3  | metadata:
    		4  |   name: placeholder-agent
    		5  |   labels:
    		6  |     app: placeholder-agent
    		7  | spec:
    		8  |   activeDeadlineSeconds: 180
    		9  |   template:
    		10 |     metadata:
    		11 |       labels:
    		12 |         aadpodidbinding: ${podmi}
    		13 |         app: placeholder-agent
    		14 |     spec:
    		15 |       containers:
    		16 |       - name: azdevops-agent-job
    		17 |         image: ${image}
    		18 |         imagePullPolicy: Always
    		19 |         env:
    		20 |           - name: VSTS_AGENT_INPUT_URL
    		21 |             value: ${VSTS_AGENT_INPUT_URL}
    		22 |           - name: VSTS_AGENT_INPUT_TOKEN
    		23 |             valueFrom:
    		24 |                 secretKeyRef:
    		25 |                   name: pat-secret-sync
    		26 |                   key: personalAccessToken
    		27 |           - name: VSTS_AGENT_INPUT_POOL
    		28 |             value: ${VSTS_AGENT_INPUT_POOL}
    		29 |           - name: VSTS_AGENT_INPUT_AUTH
    		30 |             value: "pat"
    		31 |           - name: VSTS_AGENT_INPUT_RUN_ARGS
    		32 |             value: "--once"
    		33 |         # lifecycle:
    		34 |         #   preStop:
    		35 |         #     exec:
    		36 |         #       # SIGTERM triggers a quick exit; gracefully terminate instead
    		37 |         #       command: ["/home/vscode/agent/config.sh","remove","--unattended"]
    		38 |       restartPolicy: Never
    Check: CKV_K8S_20: "Containers should not run with allowPrivilegeEscalation"
    	FAILED for resource: Job.default.placeholder-agent
    	File: /caf_solution/add-ons/aks_azure_devops_agents/yamls/placeholderjob.yaml:1-38
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-19.html
    
    		1  | apiVersion: batch/v1
    		2  | kind: Job
    		3  | metadata:
    		4  |   name: placeholder-agent
    		5  |   labels:
    		6  |     app: placeholder-agent
    		7  | spec:
    		8  |   activeDeadlineSeconds: 180
    		9  |   template:
    		10 |     metadata:
    		11 |       labels:
    		12 |         aadpodidbinding: ${podmi}
    		13 |         app: placeholder-agent
    		14 |     spec:
    		15 |       containers:
    		16 |       - name: azdevops-agent-job
    		17 |         image: ${image}
    		18 |         imagePullPolicy: Always
    		19 |         env:
    		20 |           - name: VSTS_AGENT_INPUT_URL
    		21 |             value: ${VSTS_AGENT_INPUT_URL}
    		22 |           - name: VSTS_AGENT_INPUT_TOKEN
    		23 |             valueFrom:
    		24 |                 secretKeyRef:
    		25 |                   name: pat-secret-sync
    		26 |                   key: personalAccessToken
    		27 |           - name: VSTS_AGENT_INPUT_POOL
    		28 |             value: ${VSTS_AGENT_INPUT_POOL}
    		29 |           - name: VSTS_AGENT_INPUT_AUTH
    		30 |             value: "pat"
    		31 |           - name: VSTS_AGENT_INPUT_RUN_ARGS
    		32 |             value: "--once"
    		33 |         # lifecycle:
    		34 |         #   preStop:
    		35 |         #     exec:
    		36 |         #       # SIGTERM triggers a quick exit; gracefully terminate instead
    		37 |         #       command: ["/home/vscode/agent/config.sh","remove","--unattended"]
    		38 |       restartPolicy: Never
    Check: CKV_K8S_28: "Minimize the admission of containers with the NET_RAW capability"
    	FAILED for resource: Job.default.placeholder-agent
    	File: /caf_solution/add-ons/aks_azure_devops_agents/yamls/placeholderjob.yaml:1-38
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-27.html
    
    		1  | apiVersion: batch/v1
    		2  | kind: Job
    		3  | metadata:
    		4  |   name: placeholder-agent
    		5  |   labels:
    		6  |     app: placeholder-agent
    		7  | spec:
    		8  |   activeDeadlineSeconds: 180
    		9  |   template:
    		10 |     metadata:
    		11 |       labels:
    		12 |         aadpodidbinding: ${podmi}
    		13 |         app: placeholder-agent
    		14 |     spec:
    		15 |       containers:
    		16 |       - name: azdevops-agent-job
    		17 |         image: ${image}
    		18 |         imagePullPolicy: Always
    		19 |         env:
    		20 |           - name: VSTS_AGENT_INPUT_URL
    		21 |             value: ${VSTS_AGENT_INPUT_URL}
    		22 |           - name: VSTS_AGENT_INPUT_TOKEN
    		23 |             valueFrom:
    		24 |                 secretKeyRef:
    		25 |                   name: pat-secret-sync
    		26 |                   key: personalAccessToken
    		27 |           - name: VSTS_AGENT_INPUT_POOL
    		28 |             value: ${VSTS_AGENT_INPUT_POOL}
    		29 |           - name: VSTS_AGENT_INPUT_AUTH
    		30 |             value: "pat"
    		31 |           - name: VSTS_AGENT_INPUT_RUN_ARGS
    		32 |             value: "--once"
    		33 |         # lifecycle:
    		34 |         #   preStop:
    		35 |         #     exec:
    		36 |         #       # SIGTERM triggers a quick exit; gracefully terminate instead
    		37 |         #       command: ["/home/vscode/agent/config.sh","remove","--unattended"]
    		38 |       restartPolicy: Never
    Check: CKV_K8S_37: "Minimize the admission of containers with capabilities assigned"
    	FAILED for resource: Job.default.placeholder-agent
    	File: /caf_solution/add-ons/aks_azure_devops_agents/yamls/placeholderjob.yaml:1-38
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-34.html
    
    		1  | apiVersion: batch/v1
    		2  | kind: Job
    		3  | metadata:
    		4  |   name: placeholder-agent
    		5  |   labels:
    		6  |     app: placeholder-agent
    		7  | spec:
    		8  |   activeDeadlineSeconds: 180
    		9  |   template:
    		10 |     metadata:
    		11 |       labels:
    		12 |         aadpodidbinding: ${podmi}
    		13 |         app: placeholder-agent
    		14 |     spec:
    		15 |       containers:
    		16 |       - name: azdevops-agent-job
    		17 |         image: ${image}
    		18 |         imagePullPolicy: Always
    		19 |         env:
    		20 |           - name: VSTS_AGENT_INPUT_URL
    		21 |             value: ${VSTS_AGENT_INPUT_URL}
    		22 |           - name: VSTS_AGENT_INPUT_TOKEN
    		23 |             valueFrom:
    		24 |                 secretKeyRef:
    		25 |                   name: pat-secret-sync
    		26 |                   key: personalAccessToken
    		27 |           - name: VSTS_AGENT_INPUT_POOL
    		28 |             value: ${VSTS_AGENT_INPUT_POOL}
    		29 |           - name: VSTS_AGENT_INPUT_AUTH
    		30 |             value: "pat"
    		31 |           - name: VSTS_AGENT_INPUT_RUN_ARGS
    		32 |             value: "--once"
    		33 |         # lifecycle:
    		34 |         #   preStop:
    		35 |         #     exec:
    		36 |         #       # SIGTERM triggers a quick exit; gracefully terminate instead
    		37 |         #       command: ["/home/vscode/agent/config.sh","remove","--unattended"]
    		38 |       restartPolicy: Never
    Check: CKV_K8S_12: "Memory requests should be set"
    	FAILED for resource: Job.default.placeholder-agent
    	File: /caf_solution/add-ons/aks_azure_devops_agents/yamls/placeholderjob.yaml:1-38
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-11.html
    
    		1  | apiVersion: batch/v1
    		2  | kind: Job
    		3  | metadata:
    		4  |   name: placeholder-agent
    		5  |   labels:
    		6  |     app: placeholder-agent
    		7  | spec:
    		8  |   activeDeadlineSeconds: 180
    		9  |   template:
    		10 |     metadata:
    		11 |       labels:
    		12 |         aadpodidbinding: ${podmi}
    		13 |         app: placeholder-agent
    		14 |     spec:
    		15 |       containers:
    		16 |       - name: azdevops-agent-job
    		17 |         image: ${image}
    		18 |         imagePullPolicy: Always
    		19 |         env:
    		20 |           - name: VSTS_AGENT_INPUT_URL
    		21 |             value: ${VSTS_AGENT_INPUT_URL}
    		22 |           - name: VSTS_AGENT_INPUT_TOKEN
    		23 |             valueFrom:
    		24 |                 secretKeyRef:
    		25 |                   name: pat-secret-sync
    		26 |                   key: personalAccessToken
    		27 |           - name: VSTS_AGENT_INPUT_POOL
    		28 |             value: ${VSTS_AGENT_INPUT_POOL}
    		29 |           - name: VSTS_AGENT_INPUT_AUTH
    		30 |             value: "pat"
    		31 |           - name: VSTS_AGENT_INPUT_RUN_ARGS
    		32 |             value: "--once"
    		33 |         # lifecycle:
    		34 |         #   preStop:
    		35 |         #     exec:
    		36 |         #       # SIGTERM triggers a quick exit; gracefully terminate instead
    		37 |         #       command: ["/home/vscode/agent/config.sh","remove","--unattended"]
    		38 |       restartPolicy: Never
    Check: CKV_K8S_14: "Image Tag should be fixed - not latest or blank"
    	FAILED for resource: Job.default.placeholder-agent
    	File: /caf_solution/add-ons/aks_azure_devops_agents/yamls/placeholderjob.yaml:1-38
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-13.html
    
    		1  | apiVersion: batch/v1
    		2  | kind: Job
    		3  | metadata:
    		4  |   name: placeholder-agent
    		5  |   labels:
    		6  |     app: placeholder-agent
    		7  | spec:
    		8  |   activeDeadlineSeconds: 180
    		9  |   template:
    		10 |     metadata:
    		11 |       labels:
    		12 |         aadpodidbinding: ${podmi}
    		13 |         app: placeholder-agent
    		14 |     spec:
    		15 |       containers:
    		16 |       - name: azdevops-agent-job
    		17 |         image: ${image}
    		18 |         imagePullPolicy: Always
    		19 |         env:
    		20 |           - name: VSTS_AGENT_INPUT_URL
    		21 |             value: ${VSTS_AGENT_INPUT_URL}
    		22 |           - name: VSTS_AGENT_INPUT_TOKEN
    		23 |             valueFrom:
    		24 |                 secretKeyRef:
    		25 |                   name: pat-secret-sync
    		26 |                   key: personalAccessToken
    		27 |           - name: VSTS_AGENT_INPUT_POOL
    		28 |             value: ${VSTS_AGENT_INPUT_POOL}
    		29 |           - name: VSTS_AGENT_INPUT_AUTH
    		30 |             value: "pat"
    		31 |           - name: VSTS_AGENT_INPUT_RUN_ARGS
    		32 |             value: "--once"
    		33 |         # lifecycle:
    		34 |         #   preStop:
    		35 |         #     exec:
    		36 |         #       # SIGTERM triggers a quick exit; gracefully terminate instead
    		37 |         #       command: ["/home/vscode/agent/config.sh","remove","--unattended"]
    		38 |       restartPolicy: Never
    Check: CKV_K8S_38: "Ensure that Service Account Tokens are only mounted where necessary"
    	FAILED for resource: Job.default.placeholder-agent
    	File: /caf_solution/add-ons/aks_azure_devops_agents/yamls/placeholderjob.yaml:1-38
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-35.html
    
    		1  | apiVersion: batch/v1
    		2  | kind: Job
    		3  | metadata:
    		4  |   name: placeholder-agent
    		5  |   labels:
    		6  |     app: placeholder-agent
    		7  | spec:
    		8  |   activeDeadlineSeconds: 180
    		9  |   template:
    		10 |     metadata:
    		11 |       labels:
    		12 |         aadpodidbinding: ${podmi}
    		13 |         app: placeholder-agent
    		14 |     spec:
    		15 |       containers:
    		16 |       - name: azdevops-agent-job
    		17 |         image: ${image}
    		18 |         imagePullPolicy: Always
    		19 |         env:
    		20 |           - name: VSTS_AGENT_INPUT_URL
    		21 |             value: ${VSTS_AGENT_INPUT_URL}
    		22 |           - name: VSTS_AGENT_INPUT_TOKEN
    		23 |             valueFrom:
    		24 |                 secretKeyRef:
    		25 |                   name: pat-secret-sync
    		26 |                   key: personalAccessToken
    		27 |           - name: VSTS_AGENT_INPUT_POOL
    		28 |             value: ${VSTS_AGENT_INPUT_POOL}
    		29 |           - name: VSTS_AGENT_INPUT_AUTH
    		30 |             value: "pat"
    		31 |           - name: VSTS_AGENT_INPUT_RUN_ARGS
    		32 |             value: "--once"
    		33 |         # lifecycle:
    		34 |         #   preStop:
    		35 |         #     exec:
    		36 |         #       # SIGTERM triggers a quick exit; gracefully terminate instead
    		37 |         #       command: ["/home/vscode/agent/config.sh","remove","--unattended"]
    		38 |       restartPolicy: Never
    Check: CKV_K8S_11: "CPU limits should be set"
    	FAILED for resource: Deployment.default.rover-deployment
    	File: /caf_solution/add-ons/aks_azure_devops_agents/yamls/placeholderagent.yaml:1-51
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-10.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_K8S_31: "Ensure that the seccomp profile is set to docker/default or runtime/default"
    	FAILED for resource: Deployment.default.rover-deployment
    	File: /caf_solution/add-ons/aks_azure_devops_agents/yamls/placeholderagent.yaml:1-51
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-29.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_K8S_10: "CPU requests should be set"
    	FAILED for resource: Deployment.default.rover-deployment
    	File: /caf_solution/add-ons/aks_azure_devops_agents/yamls/placeholderagent.yaml:1-51
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-9.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_K8S_21: "The default namespace should not be used"
    	FAILED for resource: Deployment.default.rover-deployment
    	File: /caf_solution/add-ons/aks_azure_devops_agents/yamls/placeholderagent.yaml:1-51
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-20.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_K8S_30: "Apply security context to your containers"
    	FAILED for resource: Deployment.default.rover-deployment
    	File: /caf_solution/add-ons/aks_azure_devops_agents/yamls/placeholderagent.yaml:1-51
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-28.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_K8S_29: "Apply security context to your pods and containers"
    	FAILED for resource: Deployment.default.rover-deployment
    	File: /caf_solution/add-ons/aks_azure_devops_agents/yamls/placeholderagent.yaml:1-51
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/ensure-securitycontext-is-applied-to-pods-and-containers.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_K8S_9: "Readiness Probe Should be Configured"
    	FAILED for resource: Deployment.default.rover-deployment
    	File: /caf_solution/add-ons/aks_azure_devops_agents/yamls/placeholderagent.yaml:1-51
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-8.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_K8S_22: "Use read-only filesystem for containers where possible"
    	FAILED for resource: Deployment.default.rover-deployment
    	File: /caf_solution/add-ons/aks_azure_devops_agents/yamls/placeholderagent.yaml:1-51
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-21.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_K8S_43: "Image should use digest"
    	FAILED for resource: Deployment.default.rover-deployment
    	File: /caf_solution/add-ons/aks_azure_devops_agents/yamls/placeholderagent.yaml:1-51
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-39.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_K8S_23: "Minimize the admission of root containers"
    	FAILED for resource: Deployment.default.rover-deployment
    	File: /caf_solution/add-ons/aks_azure_devops_agents/yamls/placeholderagent.yaml:1-51
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-22.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_K8S_8: "Liveness Probe Should be Configured"
    	FAILED for resource: Deployment.default.rover-deployment
    	File: /caf_solution/add-ons/aks_azure_devops_agents/yamls/placeholderagent.yaml:1-51
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-7.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_K8S_40: "Containers should run as a high UID to avoid host conflict"
    	FAILED for resource: Deployment.default.rover-deployment
    	File: /caf_solution/add-ons/aks_azure_devops_agents/yamls/placeholderagent.yaml:1-51
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-37.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_K8S_35: "Prefer using secrets as files over secrets as environment variables"
    	FAILED for resource: Deployment.default.rover-deployment
    	File: /caf_solution/add-ons/aks_azure_devops_agents/yamls/placeholderagent.yaml:1-51
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-33.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_K8S_13: "Memory limits should be set"
    	FAILED for resource: Deployment.default.rover-deployment
    	File: /caf_solution/add-ons/aks_azure_devops_agents/yamls/placeholderagent.yaml:1-51
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-12.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_K8S_20: "Containers should not run with allowPrivilegeEscalation"
    	FAILED for resource: Deployment.default.rover-deployment
    	File: /caf_solution/add-ons/aks_azure_devops_agents/yamls/placeholderagent.yaml:1-51
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-19.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_K8S_28: "Minimize the admission of containers with the NET_RAW capability"
    	FAILED for resource: Deployment.default.rover-deployment
    	File: /caf_solution/add-ons/aks_azure_devops_agents/yamls/placeholderagent.yaml:1-51
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-27.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_K8S_37: "Minimize the admission of containers with capabilities assigned"
    	FAILED for resource: Deployment.default.rover-deployment
    	File: /caf_solution/add-ons/aks_azure_devops_agents/yamls/placeholderagent.yaml:1-51
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-34.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_K8S_12: "Memory requests should be set"
    	FAILED for resource: Deployment.default.rover-deployment
    	File: /caf_solution/add-ons/aks_azure_devops_agents/yamls/placeholderagent.yaml:1-51
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-11.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_K8S_15: "Image Pull Policy should be Always"
    	FAILED for resource: Deployment.default.rover-deployment
    	File: /caf_solution/add-ons/aks_azure_devops_agents/yamls/placeholderagent.yaml:1-51
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-14.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_K8S_38: "Ensure that Service Account Tokens are only mounted where necessary"
    	FAILED for resource: Deployment.default.rover-deployment
    	File: /caf_solution/add-ons/aks_azure_devops_agents/yamls/placeholderagent.yaml:1-51
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-35.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    secrets scan results:
    
    Passed checks: 0, Failed checks: 2, Skipped checks: 0
    
    Check: CKV_SECRET_6: "Base64 High Entropy String"
    	FAILED for resource: 5c7728b39a9544057a72ebdcd71bea6be7e6032f
    	File: /caf_solution/add-ons/aks_azure_devops_agents/yamls/placeholderagent.yaml:51-52
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/secrets-policies/secrets-policy-index/git-secrets-6.html
    
    		51 |               secretProviderClass: "az********"
    
    Check: CKV_SECRET_6: "Base64 High Entropy String"
    	FAILED for resource: dcf45a655d7e5546b436e6acbe294381a9b406f5
    	File: /caf_solution/add-ons/aks_azure_devops_agents/yamls/roverjob.yaml:48-49
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/secrets-policies/secrets-policy-index/git-secrets-6.html
    
    		48 |       personalAccessTokenFromEnv: "VSTS_*****************"
    
    github_actions scan results:
    
    Passed checks: 138, Failed checks: 2, Skipped checks: 0
    
    Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
    	FAILED for resource: on(landingzones-tf100)
    	File: /.github/workflows/landingzones-tf100.yml:55-56
    Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
    	FAILED for resource: on(Release Drafter)
    	File: /.github/workflows/release-drafter.yml:0-1
    
    
                    
                  

    Linting

    This repository failed the Experience Builder Terraform Module's Linting validation. This means that a linting tool was not found to be implemented in any of the CICD tool configuration files in the repository.

    There is an opportunity to: