Closed scrayos closed 1 year ago
The numeric ID of nonroot user and group should be used, so that spec.template.spec.containers.securityContext.runAsNonRoot of the Kubernetes deployment can be set and verified. This check only supports numeric users at the moment.
nonroot
spec.template.spec.containers.securityContext.runAsNonRoot
Here can be seen, that the user and group ID of nonroot is 65532: https://github.com/GoogleContainerTools/distroless/blob/main/base/base.bzl#L8
65532
And here is the problem: https://stackoverflow.com/a/49729786
The numeric ID of
nonrootuser and group should be used, so thatspec.template.spec.containers.securityContext.runAsNonRootof the Kubernetes deployment can be set and verified. This check only supports numeric users at the moment.Here can be seen, that the user and group ID of
nonrootis65532: https://github.com/GoogleContainerTools/distroless/blob/main/base/base.bzl#L8And here is the problem: https://stackoverflow.com/a/49729786