nonroot

package

v0.20.0 Latest Latest Go to latest Published: Sep 6, 2022 License: MIT Imports: 4 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/Shopify/kubeaudit

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type RunAsNonRoot
- func New() *RunAsNonRoot
- func (a *RunAsNonRoot) Audit(resource k8s.Resource, _ []k8s.Resource) ([]*kubeaudit.AuditResult, error)

Constants ¶

View Source

const (
	// RunAsUserCSCRoot occurs when runAsUser is set to 0 in the container SecurityContext
	RunAsUserCSCRoot = "RunAsUserCSCRoot"
	// RunAsUserPSCRoot occurs when runAsUser is set to 0 in the pod SecurityContext
	RunAsUserPSCRoot = "RunAsUserPSCRoot"
	// RunAsNonRootCSCFalse occurs when runAsNonRoot is set to false in the container SecurityContext
	RunAsNonRootCSCFalse = "RunAsNonRootCSCFalse"
	// RunAsNonRootPSCNilCSCNil occurs when runAsNonRoot is not set in the container SecurityContext nor the pod
	// security context. runAsNonRoot defaults to false so this is bad
	RunAsNonRootPSCNilCSCNil = "RunAsNonRootPSCNilCSCNil"
	// RunAsNonRootPSCFalseCSCNil occurs when runAsNonRoot is not set in the container SecurityContext and is set to
	// false in the PodSecurityContext
	RunAsNonRootPSCFalseCSCNil = "RunAsNonRootPSCFalseCSCNil"
)

View Source

const Name = "nonroot"

View Source

const OverrideLabel = "allow-run-as-root"

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type RunAsNonRoot ¶

type RunAsNonRoot struct{}

RunAsNonRoot implements Auditable

func New ¶

func New() *RunAsNonRoot

func (*RunAsNonRoot) Audit ¶

func (a *RunAsNonRoot) Audit(resource k8s.Resource, _ []k8s.Resource) ([]*kubeaudit.AuditResult, error)

Audit checks that runAsNonRoot is set to true in every container's security context

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL