Checkov: CKV_K8S_31: "Ensure that the seccomp profile is set to docker/default or runtime/default"

[padmankosalaram]

Check: CKV_K8S_31: "Ensure that the seccomp profile is set to docker/default or runtime/default"

FAILED for resource: Job.mas-inst1-pipelines.mas-deploy-job
File: /chart/deploy-mas/mas-deploy/templates/01-deploy-mas.yaml:95-327

Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/kubernetes-policies/kubernetes-policy-index/bc-k8s-29

[padmankosalaram]

This issue can be fixed. PR https://github.com/terraform-ibm-modules/terraform-ibm-mas/pull/101 Validation in progress.

Please note seccompProfile earlier added in spec.containers[].securityContext as part of PR 28. But the validation expects it to be under spec.securityContext as well and PR 101 will take care of this

    spec:
      securityContext:
        seccompProfile:
          type: RuntimeDefault  # Adding seccompProfile fix as part of PR 101
      containers:
        - name: {{ $job_name }}
          securityContext:
            seccompProfile:
              type: RuntimeDefault  # seccompProfile fix already added as part of PR 28

https://github.com/terraform-ibm-modules/terraform-ibm-mas/blob/6ed2eda03f34bd579c33b1318aa1b935877dbe50/chart/deploy-mas/templates/01-deploy-mas.yaml#L104