Seccomp is not set to Docker/Default or Runtime/Default

Description

Secure computing mode (seccomp) is a Linux kernel feature used to restrict actions available within the container. The seccomp() system call operates on the seccomp state of the calling process. The default seccomp profile provides a reliable setting for running containers with seccomp and disables non-essential system calls.

Code Example

pod

apiVersion: v1
kind: Pod
metadata:
  name: <name>
spec:
  containers:
  - name: <container name>
    image: <image>
  securityContext:
+    seccompProfile:
+      type: RuntimeDefault
       or
+      type: DockerDefault

Remediation

Kubernetes

Resource: Pod / Deployment / DaemonSet / StatefulSet / ReplicaSet / ReplicationController / Job / CronJob
Arguments: securityContext: seccompProfile: type: (Optional: Kubernetes > v1.19) Addition of seccompProfile type: RuntimeDefault or DockerDefault

Rule Details

Field	Value
ID	IAC-1109
Severity	LOW
IaC Type	Kubernetes
Frameworks	Kubernetes,
Checkov ID	CKV_K8S_31

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Seccomp is not set to Docker/Default or Runtime/Default

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Seccomp is not set to Docker/Default or Runtime/Default ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

Seccomp is not set to Docker/Default or Runtime/Default

Description

Code Example

Remediation

Rule Details

References