search

stackrox / kube-linter

KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices.
https://docs.kubelinter.io/
Apache License 2.0
2.91k stars 232 forks source link

Add OpenShift SecurityContextConstraints object linting #650

Closed mancubus77 closed 10 months ago

mancubus77 commented 10 months ago

resolves #649

Add SecurityContextConstraints objects parsing, and adds check of allowPrivilegedContainer: true what enabled privileged mode to attached objects.

Name: scc-deny-privileged-container
Description: Indicates when allowPrivilegedContainer SSC set to True
Remediation: SecurityContextConstraints has AllowPrivilegedContainer set to "true". Using this option is dangerous, please consider using allowedCapabilities instead
Template: scc-deny-privileged-container
Parameters: map[AllowPrivilegedContainer:true]
Enabled by default: false
mancubus77 commented 10 months ago

Thank you @janisz Updated according your advice

mancubus77 commented 10 months ago

👋 @janisz Just wondering if you are fine with the commit Thank you