Kubernetes participant should not allow installation of helm charts from unauthorized helm repos. A validation mechanism needs to be implemented to authenticate helm repos or helm charts before proceeding for deployment.

Solution agreed with SECCOM:

• K8s participant should be restricted to use only ‘https’ enabled repositories to consume the charts.
• K8s participant should verify a list of approved helm repos (whitelist) provided from a trusted input to validate before the deployment.
• REST endpoints on k8s participants should be removed due to security concerns. Only clamp way of invocation should be allowed.