turbot/kubernetes_compliance

Control: CronJob containers should not have added capabilities

Description

Container in CronJob definition should not have added capabilities. Added capabilities can provide container processes with escalated privileges which can be used to access sensitive host resources or perform operations outside of the container.

Usage

Run the control in your terminal:

powerpipe control run kubernetes_compliance.control.cronjob_container_with_added_capabilities

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run kubernetes_compliance.control.cronjob_container_with_added_capabilities --share

SQL

This control uses a named query:

cronjob_container_with_added_capabilities

Tags