Query: Seccomp profile is set to docker/default in Deployment definition

Description

In Deployment definition seccomp profile should be set to docker/default. Seccomp (secure computing mode) is used to restrict the set of system calls applications can make, allowing cluster administrators greater control over the security of workloads running in the cluster. Kubernetes disables seccomp profiles by default for historical reasons. It should be enabled to ensure that the workloads have restricted actions available within the container.

Query

Tables used in this query:

• kubernetes_deployment

Controls using this query:

• Seccomp profile is set to docker/default in Deployment definition

SQL