seccomp profile is not set to Docker/Default or Runtime/Default

Description

Secure computing mode (seccomp) is a Linux kernel feature used to restrict actions available within the container. The seccomp() system call operates on the seccomp state of the calling process. The default seccomp profile provides a reliable setting for running containers with seccomp and disables non-essential system calls.

Code Example

yaml

apiVersion: v1
kind: Pod
metadata:
  name: <name>
  annotations:
+   seccomp.security.alpha.kubernetes.io/pod: "docker/default" 
    or
+   seccomp.security.alpha.kubernetes.io/pod: "runtime/default"

Remediation

Kubernetes

Resource: Pod / Deployment / DaemonSet / StatefulSet / ReplicaSet / ReplicationController / Job / CronJob
Arguments: metadata:annotations (Optional) Annotations attach arbitrary non-identifying metadata to objects.

Rule Details

Field	Value
ID	IAC-1110
Severity	LOW
IaC Type	Kubernetes
Frameworks	Kubernetes,
Checkov ID	CKV_K8S_32

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

seccomp profile is not set to Docker/Default or Runtime/Default

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

seccomp profile is not set to Docker/Default or Runtime/Default ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

seccomp profile is not set to Docker/Default or Runtime/Default

Description

Code Example

Remediation

Rule Details

References