Closed zhaohuabing closed 4 days ago
All modified and coverable lines are covered by tests :white_check_mark:
Project coverage is 65.76%. Comparing base (
7a9556a
) to head (cb02506
). Report is 8 commits behind head on main.
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
isnt this already baked into the image / distroless ?
isnt this already baked into the image / distroless ?
Yes. This PR just explicitly sets the userID and GroupID in the container's SecurityContext
. This is recommended by some security frameworks and is checked by security scanning tools, eg, https://hub.armosec.io/docs/c-0013
This PR sets the user group and user id for the default SecurityContext to harden EG deployment. This is recommended by some security frameworks and usually checked by security scanning tools.
Reference: https://hub.armosec.io/docs/c-0013 Related: https://github.com/envoyproxy/gateway/pull/3940