Dumping audit reports with a sea of red on delivery teams for things largely low-risk in reality and out of their control rarely does any good.
I'm not up on EKS-ELB these days, but if the nodes only allow ingress to NodePorts from the ELB, then it seems like those findings should be suppressed in most orgs.
If the SecEng team was partnering with the delivery team they'd know that before sending the report.
I'm not up on EKS-ELB these days, but if the nodes only allow ingress to NodePorts from the ELB, then it seems like those findings should be suppressed in most orgs.
If the SecEng team was partnering with the delivery team they'd know that before sending the report.