No resource limits
Part of Architecture & Best Practices, which counts for 15% of the overall score. When this check fires it deducts 8 points from that category, once per scan, no matter how many places it turns up.
What it detects
A workload defines containers but no resource limits, so a single pod can consume all CPU and memory on its node and starve its neighbours.
Why it matters
A workload with no resource limits can consume all the CPU and memory available on its node. One misbehaving or attacked pod then starves its neighbours, and memory pressure can trigger node-wide evictions and cascading failures. Limits keep a single workload from taking down others. This is a heuristic that checks for any limits block on the workload.
How to fix it
Add resources.limits (and matching requests) to each container, sized from observed usage with some headroom. Use metrics from the running workload or a tool like the Vertical Pod Autoscaler in recommendation mode to pick values. Consider a LimitRange on the namespace so new workloads get sane defaults.
The paid report includes a ready-to-paste prompt for your AI coding agent for every check it finds, pointed at the exact findings from your scan. See pricing
Does your repo trip this check?
Paste a GitHub URL or drop a project folder. Scans run in your browser and take seconds.
Scan your repo