securityContext is not applied to pods and containers
Description
securityContext defines privilege and access control settings for your pod or container, and holds security configurations that will be applied to a container. Some fields are present in both securityContext and PodSecurityContext, when both are set, securityContext takes precedence. Well-defined privilege and access control settings will enhance assurance that your pod is running with the properties it requires to function.
Code Example
container
apiVersion: v1
kind: Pod
metadata:
name: <Pod name>
spec:
containers:
- name: <container name>
image: <image>
+ securityContext:Remediation
Kubernetes
- Resource: Container / Pod / Deployment / DaemonSet / StatefulSet / ReplicaSet / ReplicationController / Job / CronJob
- Arguments: securityContext (Optional) A field that defines privilege and access control settings for your Pod or Container.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1107 |
| Severity | LOW |
| IaC Type | Kubernetes |
| Frameworks | Kubernetes, |
| Checkov ID | CKV_K8S_29 |