Dear Colleague,
We are looking to find ways to help developers find security misconfigurations, i.e., Kubernetes manifest configurations that violate security best practices for Kubernetes manifests.
We have noticed hard-coded secrets, which are security misconfigurations, and violation of security best practices for Kubernetes manifests (reff: https://arxiv.org/pdf/2006.15275.pdf).
Location:
|
mongo-root-username: dXNlcm5hbWU= |
Please fix this misconfiguration by storing secrets in tools, such as Vault (https://www.vaultproject.io/). We would like to hear if you agree to fix this misconfiguration or have fixed the misconfiguration.