Documentation ¶
Index ¶
Constants ¶
View Source
const ( // RunAsUserCSCRoot occurs when runAsUser is set to 0 in the container SecurityContext RunAsUserCSCRoot = "RunAsUserCSCRoot" // RunAsUserPSCRoot occurs when runAsUser is set to 0 in the pod SecurityContext RunAsUserPSCRoot = "RunAsUserPSCRoot" // RunAsNonRootCSCFalse occurs when runAsNonRoot is set to false in the container SecurityContext RunAsNonRootCSCFalse = "RunAsNonRootCSCFalse" // RunAsNonRootPSCNilCSCNil occurs when runAsNonRoot is not set in the container SecurityContext nor the pod // security context. runAsNonRoot defaults to false so this is bad RunAsNonRootPSCNilCSCNil = "RunAsNonRootPSCNilCSCNil" // RunAsNonRootPSCFalseCSCNil occurs when runAsNonRoot is not set in the container SecurityContext and is set to // false in the PodSecurityContext RunAsNonRootPSCFalseCSCNil = "RunAsNonRootPSCFalseCSCNil" )
View Source
const Name = "nonroot"
View Source
const OverrideLabel = "allow-run-as-root"
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type RunAsNonRoot ¶
type RunAsNonRoot struct{}
RunAsNonRoot implements Auditable
func New ¶
func New() *RunAsNonRoot
func (*RunAsNonRoot) Audit ¶
func (a *RunAsNonRoot) Audit(resource k8stypes.Resource, _ []k8stypes.Resource) ([]*kubeaudit.AuditResult, error)
Audit checks that runAsNonRoot is set to true in every container's security context
Click to show internal directories.
Click to hide internal directories.