Snyk - Open Source Security

Snyk test report

September 28th 2025, 12:24:25 am (UTC+00:00)

Scanned the following path:
  • /argo-cd/manifests/install.yaml (Kubernetes)
44 total issues
Project manifests/install.yaml
Path /argo-cd/manifests/install.yaml
Project Type Kubernetes

Role or ClusterRole with dangerous permissions

high severity
  • Public ID: SNYK-CC-K8S-47
  • Introduced through: [DocId: 17] rules[4] resources
  • Line number: 24510

Impact

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

Remediation

Consider removing these permissions

More about this issue

Role or ClusterRole with dangerous permissions

medium severity
  • Public ID: SNYK-CC-K8S-47
  • Introduced through: [DocId: 10] rules[0] resources
  • Line number: 24195

Impact

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

Remediation

Consider removing these permissions

More about this issue

Role or ClusterRole with dangerous permissions

medium severity
  • Public ID: SNYK-CC-K8S-47
  • Introduced through: [DocId: 11] rules[4] resources
  • Line number: 24283

Impact

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

Remediation

Consider removing these permissions

More about this issue

Role or ClusterRole with dangerous permissions

medium severity
  • Public ID: SNYK-CC-K8S-47
  • Introduced through: [DocId: 12] rules[0] resources
  • Line number: 24318

Impact

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

Remediation

Consider removing these permissions

More about this issue

Role or ClusterRole with dangerous permissions

medium severity
  • Public ID: SNYK-CC-K8S-47
  • Introduced through: [DocId: 13] rules[1] resources
  • Line number: 24348

Impact

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

Remediation

Consider removing these permissions

More about this issue

Role or ClusterRole with dangerous permissions

medium severity
  • Public ID: SNYK-CC-K8S-47
  • Introduced through: [DocId: 13] rules[3] resources
  • Line number: 24366

Impact

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

Remediation

Consider removing these permissions

More about this issue

Role or ClusterRole with dangerous permissions

medium severity
  • Public ID: SNYK-CC-K8S-47
  • Introduced through: [DocId: 14] rules[0] resources
  • Line number: 24384

Impact

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

Remediation

Consider removing these permissions

More about this issue

Role or ClusterRole with dangerous permissions

medium severity
  • Public ID: SNYK-CC-K8S-47
  • Introduced through: [DocId: 15] rules[0] resources
  • Line number: 24406

Impact

Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

Remediation

Consider removing these permissions

More about this issue

Container could be running with outdated image

low severity
  • Public ID: SNYK-CC-K8S-42
  • Introduced through: [DocId: 48] spec template spec initContainers[secret-init] imagePullPolicy
  • Line number: 25604

Impact

The container may run with outdated or unauthorized image

Remediation

Set `imagePullPolicy` attribute to `Always`

More about this issue

Container could be running with outdated image

low severity
  • Public ID: SNYK-CC-K8S-42
  • Introduced through: [DocId: 49] spec template spec initContainers[copyutil] imagePullPolicy
  • Line number: 25941

Impact

The container may run with outdated or unauthorized image

Remediation

Set `imagePullPolicy` attribute to `Always`

More about this issue

Container has no CPU limit

low severity
  • Public ID: SNYK-CC-K8S-5
  • Introduced through: [DocId: 45] input spec template spec containers[argocd-applicationset-controller] resources limits cpu
  • Line number: 25093

Impact

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

Remediation

Add `resources.limits.cpu` field with required CPU limit value

More about this issue

Container has no CPU limit

low severity
  • Public ID: SNYK-CC-K8S-5
  • Introduced through: [DocId: 46] input spec template spec initContainers[copyutil] resources limits cpu
  • Line number: 25400

Impact

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

Remediation

Add `resources.limits.cpu` field with required CPU limit value

More about this issue

Container has no CPU limit

low severity
  • Public ID: SNYK-CC-K8S-5
  • Introduced through: [DocId: 46] input spec template spec containers[dex] resources limits cpu
  • Line number: 25348

Impact

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

Remediation

Add `resources.limits.cpu` field with required CPU limit value

More about this issue

Container has no CPU limit

low severity
  • Public ID: SNYK-CC-K8S-5
  • Introduced through: [DocId: 47] input spec template spec containers[argocd-notifications-controller] resources limits cpu
  • Line number: 25462

Impact

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

Remediation

Add `resources.limits.cpu` field with required CPU limit value

More about this issue

Container has no CPU limit

low severity
  • Public ID: SNYK-CC-K8S-5
  • Introduced through: [DocId: 48] input spec template spec containers[redis] resources limits cpu
  • Line number: 25575

Impact

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

Remediation

Add `resources.limits.cpu` field with required CPU limit value

More about this issue

Container has no CPU limit

low severity
  • Public ID: SNYK-CC-K8S-5
  • Introduced through: [DocId: 48] input spec template spec initContainers[secret-init] resources limits cpu
  • Line number: 25599

Impact

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

Remediation

Add `resources.limits.cpu` field with required CPU limit value

More about this issue

Container has no CPU limit

low severity
  • Public ID: SNYK-CC-K8S-5
  • Introduced through: [DocId: 49] input spec template spec initContainers[copyutil] resources limits cpu
  • Line number: 25941

Impact

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

Remediation

Add `resources.limits.cpu` field with required CPU limit value

More about this issue

Container has no CPU limit

low severity
  • Public ID: SNYK-CC-K8S-5
  • Introduced through: [DocId: 49] input spec template spec containers[argocd-repo-server] resources limits cpu
  • Line number: 25658

Impact

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

Remediation

Add `resources.limits.cpu` field with required CPU limit value

More about this issue

Container has no CPU limit

low severity
  • Public ID: SNYK-CC-K8S-5
  • Introduced through: [DocId: 50] input spec template spec containers[argocd-server] resources limits cpu
  • Line number: 26029

Impact

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

Remediation

Add `resources.limits.cpu` field with required CPU limit value

More about this issue

Container has no CPU limit

low severity
  • Public ID: SNYK-CC-K8S-5
  • Introduced through: [DocId: 51] input spec template spec containers[argocd-application-controller] resources limits cpu
  • Line number: 26439

Impact

CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

Remediation

Add `resources.limits.cpu` field with required CPU limit value

More about this issue

Container is running with multiple open ports

low severity
  • Public ID: SNYK-CC-K8S-36
  • Introduced through: [DocId: 46] spec template spec containers[dex] ports
  • Line number: 25380

Impact

Increases the attack surface of the application and the container.

Remediation

Reduce `ports` count to 2

More about this issue

Container is running without liveness probe

low severity
  • Public ID: SNYK-CC-K8S-41
  • Introduced through: [DocId: 45] spec template spec containers[argocd-applicationset-controller] livenessProbe
  • Line number: 25093

Impact

Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

Remediation

Add `livenessProbe` attribute

More about this issue

Container is running without liveness probe

low severity
  • Public ID: SNYK-CC-K8S-41
  • Introduced through: [DocId: 46] spec template spec containers[dex] livenessProbe
  • Line number: 25348

Impact

Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

Remediation

Add `livenessProbe` attribute

More about this issue

Container is running without liveness probe

low severity
  • Public ID: SNYK-CC-K8S-41
  • Introduced through: [DocId: 48] spec template spec containers[redis] livenessProbe
  • Line number: 25575

Impact

Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

Remediation

Add `livenessProbe` attribute

More about this issue

Container is running without memory limit

low severity
  • Public ID: SNYK-CC-K8S-4
  • Introduced through: [DocId: 45] input spec template spec containers[argocd-applicationset-controller] resources limits memory
  • Line number: 25093

Impact

Containers without memory limits are more likely to be terminated when the node runs out of memory

Remediation

Set `resources.limits.memory` value

More about this issue

Container is running without memory limit

low severity
  • Public ID: SNYK-CC-K8S-4
  • Introduced through: [DocId: 46] input spec template spec containers[dex] resources limits memory
  • Line number: 25348

Impact

Containers without memory limits are more likely to be terminated when the node runs out of memory

Remediation

Set `resources.limits.memory` value

More about this issue

Container is running without memory limit

low severity
  • Public ID: SNYK-CC-K8S-4
  • Introduced through: [DocId: 46] input spec template spec initContainers[copyutil] resources limits memory
  • Line number: 25400

Impact

Containers without memory limits are more likely to be terminated when the node runs out of memory

Remediation

Set `resources.limits.memory` value

More about this issue

Container is running without memory limit

low severity
  • Public ID: SNYK-CC-K8S-4
  • Introduced through: [DocId: 47] input spec template spec containers[argocd-notifications-controller] resources limits memory
  • Line number: 25462

Impact

Containers without memory limits are more likely to be terminated when the node runs out of memory

Remediation

Set `resources.limits.memory` value

More about this issue

Container is running without memory limit

low severity
  • Public ID: SNYK-CC-K8S-4
  • Introduced through: [DocId: 48] input spec template spec containers[redis] resources limits memory
  • Line number: 25575

Impact

Containers without memory limits are more likely to be terminated when the node runs out of memory

Remediation

Set `resources.limits.memory` value

More about this issue

Container is running without memory limit

low severity
  • Public ID: SNYK-CC-K8S-4
  • Introduced through: [DocId: 48] input spec template spec initContainers[secret-init] resources limits memory
  • Line number: 25599

Impact

Containers without memory limits are more likely to be terminated when the node runs out of memory

Remediation

Set `resources.limits.memory` value

More about this issue

Container is running without memory limit

low severity
  • Public ID: SNYK-CC-K8S-4
  • Introduced through: [DocId: 49] input spec template spec initContainers[copyutil] resources limits memory
  • Line number: 25941

Impact

Containers without memory limits are more likely to be terminated when the node runs out of memory

Remediation

Set `resources.limits.memory` value

More about this issue

Container is running without memory limit

low severity
  • Public ID: SNYK-CC-K8S-4
  • Introduced through: [DocId: 49] input spec template spec containers[argocd-repo-server] resources limits memory
  • Line number: 25658

Impact

Containers without memory limits are more likely to be terminated when the node runs out of memory

Remediation

Set `resources.limits.memory` value

More about this issue

Container is running without memory limit

low severity
  • Public ID: SNYK-CC-K8S-4
  • Introduced through: [DocId: 50] input spec template spec containers[argocd-server] resources limits memory
  • Line number: 26029

Impact

Containers without memory limits are more likely to be terminated when the node runs out of memory

Remediation

Set `resources.limits.memory` value

More about this issue

Container is running without memory limit

low severity
  • Public ID: SNYK-CC-K8S-4
  • Introduced through: [DocId: 51] input spec template spec containers[argocd-application-controller] resources limits memory
  • Line number: 26439

Impact

Containers without memory limits are more likely to be terminated when the node runs out of memory

Remediation

Set `resources.limits.memory` value

More about this issue

Container's or Pod's UID could clash with host's UID

low severity
  • Public ID: SNYK-CC-K8S-11
  • Introduced through: [DocId: 45] input spec template spec containers[argocd-applicationset-controller] securityContext runAsUser
  • Line number: 25270

Impact

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

Remediation

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

More about this issue

Container's or Pod's UID could clash with host's UID

low severity
  • Public ID: SNYK-CC-K8S-11
  • Introduced through: [DocId: 46] input spec template spec initContainers[copyutil] securityContext runAsUser
  • Line number: 25408

Impact

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

Remediation

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

More about this issue

Container's or Pod's UID could clash with host's UID

low severity
  • Public ID: SNYK-CC-K8S-11
  • Introduced through: [DocId: 46] input spec template spec containers[dex] securityContext runAsUser
  • Line number: 25383

Impact

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

Remediation

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

More about this issue

Container's or Pod's UID could clash with host's UID

low severity
  • Public ID: SNYK-CC-K8S-11
  • Introduced through: [DocId: 47] input spec template spec containers[argocd-notifications-controller] securityContext runAsUser
  • Line number: 25507

Impact

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

Remediation

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

More about this issue

Container's or Pod's UID could clash with host's UID

low severity
  • Public ID: SNYK-CC-K8S-11
  • Introduced through: [DocId: 48] input spec template spec containers[redis] securityContext runAsUser
  • Line number: 25592

Impact

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

Remediation

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

More about this issue

Container's or Pod's UID could clash with host's UID

low severity
  • Public ID: SNYK-CC-K8S-11
  • Introduced through: [DocId: 48] input spec template spec initContainers[secret-init] securityContext runAsUser
  • Line number: 25606

Impact

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

Remediation

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

More about this issue

Container's or Pod's UID could clash with host's UID

low severity
  • Public ID: SNYK-CC-K8S-11
  • Introduced through: [DocId: 49] input spec template spec initContainers[copyutil] securityContext runAsUser
  • Line number: 25949

Impact

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

Remediation

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

More about this issue

Container's or Pod's UID could clash with host's UID

low severity
  • Public ID: SNYK-CC-K8S-11
  • Introduced through: [DocId: 49] input spec template spec containers[argocd-repo-server] securityContext runAsUser
  • Line number: 25914

Impact

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

Remediation

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

More about this issue

Container's or Pod's UID could clash with host's UID

low severity
  • Public ID: SNYK-CC-K8S-11
  • Introduced through: [DocId: 50] input spec template spec containers[argocd-server] securityContext runAsUser
  • Line number: 26338

Impact

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

Remediation

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

More about this issue

Container's or Pod's UID could clash with host's UID

low severity
  • Public ID: SNYK-CC-K8S-11
  • Introduced through: [DocId: 51] input spec template spec containers[argocd-application-controller] securityContext runAsUser
  • Line number: 26714

Impact

UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

Remediation

Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

More about this issue