[WARNING] 
[WARNING] Some problems were encountered while building the effective model for gke-auditor:gke-auditor:jar:1.0-SNAPSHOT
[WARNING] 'dependencies.dependency.version' for org.junit.jupiter:junit-jupiter:jar is either LATEST or RELEASE (both of them are being deprecated) @ line 129, column 16
[WARNING] 'dependencies.dependency.scope' for org.junit:junit-bom:pom must be one of [provided, compile, runtime, test, system] but is 'import'. @ line 99, column 14
[WARNING] 
[WARNING] It is highly recommended to fix these problems because they threaten the stability of your build.
[WARNING] 
[WARNING] For this reason, future Maven versions might no longer support building such malformed projects.
[WARNING] 

[ERROR] Failed to execute goal org.apache.maven.plugins:maven-surefire-plugin:3.0.0-M4:test (default-test) on project gke-auditor: There are test failures.
[ERROR] 
[ERROR] Please refer to /home/mikejones/appsec/gke-auditor/target/surefire-reports for the individual test results.
[ERROR] Please refer to dump files (if any exist) [date].dump, [date]-jvmRun[N].dump and [date].dumpstream.
[ERROR] The forked VM terminated without properly saying goodbye. VM crash or System.exit called?
[ERROR] Command was /bin/sh -c cd /home/mikejones/appsec/gke-auditor && /usr/lib/jvm/java-11-openjdk-amd64/bin/java -jar /home/mikejones/appsec/gke-auditor/target/surefire/surefirebooter17948487640006596760.jar /home/mikejones/appsec/gke-auditor/target/surefire 2020-10-22T10-26-36_719-jvmRun1 surefire16552605127534103655tmp surefire_014708953282045072273tmp
[ERROR] Process Exit Code: 0
[ERROR] Crashed tests:
[ERROR] com.google.gke.auditor.system.AssetServiceTest
[ERROR] org.apache.maven.surefire.booter.SurefireBooterForkException: The forked VM terminated without properly saying goodbye. VM crash or System.exit called?
[ERROR] Command was /bin/sh -c cd /home/mikejones/appsec/gke-auditor && /usr/lib/jvm/java-11-openjdk-amd64/bin/java -jar /home/mikejones/appsec/gke-auditor/target/surefire/surefirebooter17948487640006596760.jar /home/mikejones/appsec/gke-auditor/target/surefire 2020-10-22T10-26-36_719-jvmRun1 surefire16552605127534103655tmp surefire_014708953282045072273tmp
[ERROR] Process Exit Code: 0
[ERROR] Crashed tests:
[ERROR] com.google.gke.auditor.system.AssetServiceTest
[ERROR] 	at org.apache.maven.plugin.surefire.booterclient.ForkStarter.fork(ForkStarter.java:690)
[ERROR] 	at org.apache.maven.plugin.surefire.booterclient.ForkStarter.run(ForkStarter.java:285)
[ERROR] 	at org.apache.maven.plugin.surefire.booterclient.ForkStarter.run(ForkStarter.java:248)
[ERROR] 	at org.apache.maven.plugin.surefire.AbstractSurefireMojo.executeProvider(AbstractSurefireMojo.java:1217)
[ERROR] 	at org.apache.maven.plugin.surefire.AbstractSurefireMojo.executeAfterPreconditionsChecked(AbstractSurefireMojo.java:1063)
[ERROR] 	at org.apache.maven.plugin.surefire.AbstractSurefireMojo.execute(AbstractSurefireMojo.java:889)
[ERROR] 	at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:137)
[ERROR] 	at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:210)
[ERROR] 	at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:156)
[ERROR] 	at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:148)
[ERROR] 	at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:117)
[ERROR] 	at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:81)
[ERROR] 	at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build(SingleThreadedBuilder.java:56)
[ERROR] 	at org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:128)
[ERROR] 	at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:305)
[ERROR] 	at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:192)
[ERROR] 	at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:105)
[ERROR] 	at org.apache.maven.cli.MavenCli.execute(MavenCli.java:957)
[ERROR] 	at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:289)
[ERROR] 	at org.apache.maven.cli.MavenCli.main(MavenCli.java:193)
[ERROR] 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[ERROR] 	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
[ERROR] 	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[ERROR] 	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
[ERROR] 	at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:282)
[ERROR] 	at org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:225)
[ERROR] 	at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:406)
[ERROR] 	at org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:347)
[ERROR] 
[ERROR] -> [Help 1]
[ERROR] 
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR] 
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException

$ ./auditor.sh
...
Detector: AUTOMOUNT_SERVICE_ACCOUNT_TOKENS_ENABLED
        Explanation: Service accounts tokens should not be mounted in pods except where the workload running in the pod explicitly needs to communicate wit
h the API server. Mounting service account tokens inside pods can provide an avenue for privilege escalation attacks where an attacker is able to compromis
e a single pod in the cluster. Avoiding mounting these tokens removes this attack avenue.
        Remediation: Modify the definition of pods and service accounts which do not need to mount service account tokens to disable it.
        Useful links: [https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/]
        Level: VULNERABILITY
        Severity: MEDIUM
Potential vulnerabilities: 0
Exception in thread "main" java.lang.NullPointerException
        at com.google.gke.auditor.models.Dependency.getAssetName(Dependency.java:145)
        at com.google.gke.auditor.system.AssetService.lambda$retrieveAndFilterDefaults$1(AssetService.java:401)
        at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:176)
        at java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1655)
        at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484)
        at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474)
        at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:913)
        at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
        at java.base/java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:578)
        at com.google.gke.auditor.system.AssetService.retrieveAndFilterDefaults(AssetService.java:402)
        at com.google.gke.auditor.system.AssetService.getAssets(AssetService.java:390)
        at com.google.gke.auditor.system.AssetService.getAssets(AssetService.java:412)
        at com.google.gke.auditor.system.DetectorRunner.runDetector(DetectorRunner.java:68)
        at com.google.gke.auditor.system.DetectorRunner.runDetectors(DetectorRunner.java:55)
        at com.google.gke.auditor.system.DetectorRunner.run(DetectorRunner.java:41)
        at com.google.gke.auditor.Main.main(Main.java:59)