checkov report for Kubernetes Goat

To identify all of the 232 kubernetes configuration issues run checkov by Bridgecrew

https://twitter.com/BarakSchoster/status/1273170904894377985

check_idfileresourcecheck_name
0CKV_K8S_31/scenarios/cache-store/deployment.yamlDeployment.cache-store-deployment.secure-middlewareEnsure that the seccomp profile is set to docker/default or runtime/default
1CKV_K8S_40/scenarios/cache-store/deployment.yamlDeployment.cache-store-deployment.secure-middlewareContainers should run as a high UID to avoid host conflict
2CKV_K8S_29/scenarios/cache-store/deployment.yamlDeployment.cache-store-deployment.secure-middlewareApply security context to your pods and containers
3CKV_K8S_38/scenarios/cache-store/deployment.yamlDeployment.cache-store-deployment.secure-middlewareEnsure that Service Account Tokens are only mounted where necessary
4CKV_K8S_23/scenarios/cache-store/deployment.yamlDeployment.cache-store-deployment.secure-middlewareMinimize the admission of root containers
5CKV_K8S_37/scenarios/cache-store/deployment.yamlDeployment.cache-store-deployment.secure-middleware (container 0)Minimize the admission of containers with capabilities assigned
6CKV_K8S_8/scenarios/cache-store/deployment.yamlDeployment.cache-store-deployment.secure-middleware (container 0)Liveness Probe Should be Configured
7CKV_K8S_12/scenarios/cache-store/deployment.yamlDeployment.cache-store-deployment.secure-middleware (container 0)Memory requests should be set
8CKV_K8S_20/scenarios/cache-store/deployment.yamlDeployment.cache-store-deployment.secure-middleware (container 0)Containers should not run with allowPrivilegeEscalation
9CKV_K8S_13/scenarios/cache-store/deployment.yamlDeployment.cache-store-deployment.secure-middleware (container 0)Memory limits should be set
10CKV_K8S_10/scenarios/cache-store/deployment.yamlDeployment.cache-store-deployment.secure-middleware (container 0)CPU requests should be set
11CKV_K8S_22/scenarios/cache-store/deployment.yamlDeployment.cache-store-deployment.secure-middleware (container 0)Use read-only filesystem for containers where possible
12CKV_K8S_9/scenarios/cache-store/deployment.yamlDeployment.cache-store-deployment.secure-middleware (container 0)Readiness Probe Should be Configured
13CKV_K8S_28/scenarios/cache-store/deployment.yamlDeployment.cache-store-deployment.secure-middleware (container 0)Minimize the admission of containers with the NET_RAW capability
14CKV_K8S_30/scenarios/cache-store/deployment.yamlDeployment.cache-store-deployment.secure-middleware (container 0)Apply security context to your pods and containers
15CKV_K8S_14/scenarios/cache-store/deployment.yamlDeployment.cache-store-deployment.secure-middleware (container 0)Image Tag should be fixed - not latest or blank
16CKV_K8S_43/scenarios/cache-store/deployment.yamlDeployment.cache-store-deployment.secure-middleware (container 0)Image should use digest
17CKV_K8S_11/scenarios/cache-store/deployment.yamlDeployment.cache-store-deployment.secure-middleware (container 0)CPU limits should be set
18CKV_K8S_31/scenarios/build-code/deployment.yamlDeployment.build-code-deployment.defaultEnsure that the seccomp profile is set to docker/default or runtime/default
19CKV_K8S_40/scenarios/build-code/deployment.yamlDeployment.build-code-deployment.defaultContainers should run as a high UID to avoid host conflict
20CKV_K8S_29/scenarios/build-code/deployment.yamlDeployment.build-code-deployment.defaultApply security context to your pods and containers
21CKV_K8S_38/scenarios/build-code/deployment.yamlDeployment.build-code-deployment.defaultEnsure that Service Account Tokens are only mounted where necessary
22CKV_K8S_21/scenarios/build-code/deployment.yamlDeployment.build-code-deployment.defaultThe default namespace should not be used
23CKV_K8S_23/scenarios/build-code/deployment.yamlDeployment.build-code-deployment.defaultMinimize the admission of root containers
24CKV_K8S_21/scenarios/build-code/deployment.yamlService.build-code-service.defaultThe default namespace should not be used
25CKV_K8S_37/scenarios/build-code/deployment.yamlDeployment.build-code-deployment.default (container 0)Minimize the admission of containers with capabilities assigned
26CKV_K8S_8/scenarios/build-code/deployment.yamlDeployment.build-code-deployment.default (container 0)Liveness Probe Should be Configured
27CKV_K8S_12/scenarios/build-code/deployment.yamlDeployment.build-code-deployment.default (container 0)Memory requests should be set
28CKV_K8S_20/scenarios/build-code/deployment.yamlDeployment.build-code-deployment.default (container 0)Containers should not run with allowPrivilegeEscalation
29CKV_K8S_10/scenarios/build-code/deployment.yamlDeployment.build-code-deployment.default (container 0)CPU requests should be set
30CKV_K8S_22/scenarios/build-code/deployment.yamlDeployment.build-code-deployment.default (container 0)Use read-only filesystem for containers where possible
31CKV_K8S_9/scenarios/build-code/deployment.yamlDeployment.build-code-deployment.default (container 0)Readiness Probe Should be Configured
32CKV_K8S_28/scenarios/build-code/deployment.yamlDeployment.build-code-deployment.default (container 0)Minimize the admission of containers with the NET_RAW capability
33CKV_K8S_30/scenarios/build-code/deployment.yamlDeployment.build-code-deployment.default (container 0)Apply security context to your pods and containers
34CKV_K8S_14/scenarios/build-code/deployment.yamlDeployment.build-code-deployment.default (container 0)Image Tag should be fixed - not latest or blank
35CKV_K8S_43/scenarios/build-code/deployment.yamlDeployment.build-code-deployment.default (container 0)Image should use digest
36CKV_K8S_31/scenarios/docker-bench-security/deployment.yamlDaemonSet.docker-bench-security.defaultEnsure that the seccomp profile is set to docker/default or runtime/default
37CKV_K8S_27/scenarios/docker-bench-security/deployment.yamlDaemonSet.docker-bench-security.defaultDo not expose the docker daemon socket to containers
38CKV_K8S_40/scenarios/docker-bench-security/deployment.yamlDaemonSet.docker-bench-security.defaultContainers should run as a high UID to avoid host conflict
39CKV_K8S_19/scenarios/docker-bench-security/deployment.yamlDaemonSet.docker-bench-security.defaultContainers should not share the host network namespace
40CKV_K8S_17/scenarios/docker-bench-security/deployment.yamlDaemonSet.docker-bench-security.defaultContainers should not share the host process ID namespace
41CKV_K8S_18/scenarios/docker-bench-security/deployment.yamlDaemonSet.docker-bench-security.defaultContainers should not share the host IPC namespace
42CKV_K8S_38/scenarios/docker-bench-security/deployment.yamlDaemonSet.docker-bench-security.defaultEnsure that Service Account Tokens are only mounted where necessary
43CKV_K8S_21/scenarios/docker-bench-security/deployment.yamlDaemonSet.docker-bench-security.defaultThe default namespace should not be used
44CKV_K8S_23/scenarios/docker-bench-security/deployment.yamlDaemonSet.docker-bench-security.defaultMinimize the admission of root containers
45CKV_K8S_37/scenarios/docker-bench-security/deployment.yamlDaemonSet.docker-bench-security.default (container 0)Minimize the admission of containers with capabilities assigned
46CKV_K8S_8/scenarios/docker-bench-security/deployment.yamlDaemonSet.docker-bench-security.default (container 0)Liveness Probe Should be Configured
47CKV_K8S_20/scenarios/docker-bench-security/deployment.yamlDaemonSet.docker-bench-security.default (container 0)Containers should not run with allowPrivilegeEscalation
48CKV_K8S_16/scenarios/docker-bench-security/deployment.yamlDaemonSet.docker-bench-security.default (container 0)Container should not be privileged
49CKV_K8S_22/scenarios/docker-bench-security/deployment.yamlDaemonSet.docker-bench-security.default (container 0)Use read-only filesystem for containers where possible
50CKV_K8S_9/scenarios/docker-bench-security/deployment.yamlDaemonSet.docker-bench-security.default (container 0)Readiness Probe Should be Configured
51CKV_K8S_28/scenarios/docker-bench-security/deployment.yamlDaemonSet.docker-bench-security.default (container 0)Minimize the admission of containers with the NET_RAW capability
52CKV_K8S_25/scenarios/docker-bench-security/deployment.yamlDaemonSet.docker-bench-security.default (container 0)Minimize the admission of containers with added capability
53CKV_K8S_14/scenarios/docker-bench-security/deployment.yamlDaemonSet.docker-bench-security.default (container 0)Image Tag should be fixed - not latest or blank
54CKV_K8S_43/scenarios/docker-bench-security/deployment.yamlDaemonSet.docker-bench-security.default (container 0)Image should use digest
55CKV_K8S_31/scenarios/kubernetes-goat-home/deployment.yamlDeployment.kubernetes-goat-home-deployment.defaultEnsure that the seccomp profile is set to docker/default or runtime/default
56CKV_K8S_40/scenarios/kubernetes-goat-home/deployment.yamlDeployment.kubernetes-goat-home-deployment.defaultContainers should run as a high UID to avoid host conflict
57CKV_K8S_29/scenarios/kubernetes-goat-home/deployment.yamlDeployment.kubernetes-goat-home-deployment.defaultApply security context to your pods and containers
58CKV_K8S_38/scenarios/kubernetes-goat-home/deployment.yamlDeployment.kubernetes-goat-home-deployment.defaultEnsure that Service Account Tokens are only mounted where necessary
59CKV_K8S_21/scenarios/kubernetes-goat-home/deployment.yamlDeployment.kubernetes-goat-home-deployment.defaultThe default namespace should not be used
60CKV_K8S_23/scenarios/kubernetes-goat-home/deployment.yamlDeployment.kubernetes-goat-home-deployment.defaultMinimize the admission of root containers
61CKV_K8S_21/scenarios/kubernetes-goat-home/deployment.yamlService.kubernetes-goat-home-service.defaultThe default namespace should not be used
62CKV_K8S_37/scenarios/kubernetes-goat-home/deployment.yamlDeployment.kubernetes-goat-home-deployment.default (container 0)Minimize the admission of containers with capabilities assigned
63CKV_K8S_8/scenarios/kubernetes-goat-home/deployment.yamlDeployment.kubernetes-goat-home-deployment.default (container 0)Liveness Probe Should be Configured
64CKV_K8S_12/scenarios/kubernetes-goat-home/deployment.yamlDeployment.kubernetes-goat-home-deployment.default (container 0)Memory requests should be set
65CKV_K8S_20/scenarios/kubernetes-goat-home/deployment.yamlDeployment.kubernetes-goat-home-deployment.default (container 0)Containers should not run with allowPrivilegeEscalation
66CKV_K8S_10/scenarios/kubernetes-goat-home/deployment.yamlDeployment.kubernetes-goat-home-deployment.default (container 0)CPU requests should be set
67CKV_K8S_22/scenarios/kubernetes-goat-home/deployment.yamlDeployment.kubernetes-goat-home-deployment.default (container 0)Use read-only filesystem for containers where possible
68CKV_K8S_9/scenarios/kubernetes-goat-home/deployment.yamlDeployment.kubernetes-goat-home-deployment.default (container 0)Readiness Probe Should be Configured
69CKV_K8S_28/scenarios/kubernetes-goat-home/deployment.yamlDeployment.kubernetes-goat-home-deployment.default (container 0)Minimize the admission of containers with the NET_RAW capability
70CKV_K8S_30/scenarios/kubernetes-goat-home/deployment.yamlDeployment.kubernetes-goat-home-deployment.default (container 0)Apply security context to your pods and containers
71CKV_K8S_14/scenarios/kubernetes-goat-home/deployment.yamlDeployment.kubernetes-goat-home-deployment.default (container 0)Image Tag should be fixed - not latest or blank
72CKV_K8S_43/scenarios/kubernetes-goat-home/deployment.yamlDeployment.kubernetes-goat-home-deployment.default (container 0)Image should use digest
73CKV_K8S_31/scenarios/batch-check/job.yamlJob.batch-check-job.defaultEnsure that the seccomp profile is set to docker/default or runtime/default
74CKV_K8S_40/scenarios/batch-check/job.yamlJob.batch-check-job.defaultContainers should run as a high UID to avoid host conflict
75CKV_K8S_29/scenarios/batch-check/job.yamlJob.batch-check-job.defaultApply security context to your pods and containers
76CKV_K8S_38/scenarios/batch-check/job.yamlJob.batch-check-job.defaultEnsure that Service Account Tokens are only mounted where necessary
77CKV_K8S_21/scenarios/batch-check/job.yamlJob.batch-check-job.defaultThe default namespace should not be used
78CKV_K8S_23/scenarios/batch-check/job.yamlJob.batch-check-job.defaultMinimize the admission of root containers
79CKV_K8S_37/scenarios/batch-check/job.yamlJob.batch-check-job.default (container 0)Minimize the admission of containers with capabilities assigned
80CKV_K8S_12/scenarios/batch-check/job.yamlJob.batch-check-job.default (container 0)Memory requests should be set
81CKV_K8S_20/scenarios/batch-check/job.yamlJob.batch-check-job.default (container 0)Containers should not run with allowPrivilegeEscalation
82CKV_K8S_13/scenarios/batch-check/job.yamlJob.batch-check-job.default (container 0)Memory limits should be set
83CKV_K8S_10/scenarios/batch-check/job.yamlJob.batch-check-job.default (container 0)CPU requests should be set
84CKV_K8S_22/scenarios/batch-check/job.yamlJob.batch-check-job.default (container 0)Use read-only filesystem for containers where possible
85CKV_K8S_28/scenarios/batch-check/job.yamlJob.batch-check-job.default (container 0)Minimize the admission of containers with the NET_RAW capability
86CKV_K8S_30/scenarios/batch-check/job.yamlJob.batch-check-job.default (container 0)Apply security context to your pods and containers
87CKV_K8S_14/scenarios/batch-check/job.yamlJob.batch-check-job.default (container 0)Image Tag should be fixed - not latest or blank
88CKV_K8S_43/scenarios/batch-check/job.yamlJob.batch-check-job.default (container 0)Image should use digest
89CKV_K8S_11/scenarios/batch-check/job.yamlJob.batch-check-job.default (container 0)CPU limits should be set
90CKV_K8S_31/scenarios/hunger-check/deployment.yamlDeployment.hunger-check-deployment.defaultEnsure that the seccomp profile is set to docker/default or runtime/default
91CKV_K8S_40/scenarios/hunger-check/deployment.yamlDeployment.hunger-check-deployment.defaultContainers should run as a high UID to avoid host conflict
92CKV_K8S_29/scenarios/hunger-check/deployment.yamlDeployment.hunger-check-deployment.defaultApply security context to your pods and containers
93CKV_K8S_38/scenarios/hunger-check/deployment.yamlDeployment.hunger-check-deployment.defaultEnsure that Service Account Tokens are only mounted where necessary
94CKV_K8S_21/scenarios/hunger-check/deployment.yamlDeployment.hunger-check-deployment.defaultThe default namespace should not be used
95CKV_K8S_23/scenarios/hunger-check/deployment.yamlDeployment.hunger-check-deployment.defaultMinimize the admission of root containers
96CKV_K8S_21/scenarios/hunger-check/deployment.yamlService.hunger-check-service.defaultThe default namespace should not be used
97CKV_K8S_37/scenarios/hunger-check/deployment.yamlDeployment.hunger-check-deployment.default (container 0)Minimize the admission of containers with capabilities assigned
98CKV_K8S_8/scenarios/hunger-check/deployment.yamlDeployment.hunger-check-deployment.default (container 0)Liveness Probe Should be Configured
99CKV_K8S_12/scenarios/hunger-check/deployment.yamlDeployment.hunger-check-deployment.default (container 0)Memory requests should be set
100CKV_K8S_20/scenarios/hunger-check/deployment.yamlDeployment.hunger-check-deployment.default (container 0)Containers should not run with allowPrivilegeEscalation
101CKV_K8S_13/scenarios/hunger-check/deployment.yamlDeployment.hunger-check-deployment.default (container 0)Memory limits should be set
102CKV_K8S_10/scenarios/hunger-check/deployment.yamlDeployment.hunger-check-deployment.default (container 0)CPU requests should be set
103CKV_K8S_22/scenarios/hunger-check/deployment.yamlDeployment.hunger-check-deployment.default (container 0)Use read-only filesystem for containers where possible
104CKV_K8S_9/scenarios/hunger-check/deployment.yamlDeployment.hunger-check-deployment.default (container 0)Readiness Probe Should be Configured
105CKV_K8S_28/scenarios/hunger-check/deployment.yamlDeployment.hunger-check-deployment.default (container 0)Minimize the admission of containers with the NET_RAW capability
106CKV_K8S_30/scenarios/hunger-check/deployment.yamlDeployment.hunger-check-deployment.default (container 0)Apply security context to your pods and containers
107CKV_K8S_14/scenarios/hunger-check/deployment.yamlDeployment.hunger-check-deployment.default (container 0)Image Tag should be fixed - not latest or blank
108CKV_K8S_43/scenarios/hunger-check/deployment.yamlDeployment.hunger-check-deployment.default (container 0)Image should use digest
109CKV_K8S_11/scenarios/hunger-check/deployment.yamlDeployment.hunger-check-deployment.default (container 0)CPU limits should be set
110CKV_K8S_31/scenarios/poor-registry/deployment.yamlDeployment.poor-registry-deployment.defaultEnsure that the seccomp profile is set to docker/default or runtime/default
111CKV_K8S_40/scenarios/poor-registry/deployment.yamlDeployment.poor-registry-deployment.defaultContainers should run as a high UID to avoid host conflict
112CKV_K8S_29/scenarios/poor-registry/deployment.yamlDeployment.poor-registry-deployment.defaultApply security context to your pods and containers
113CKV_K8S_38/scenarios/poor-registry/deployment.yamlDeployment.poor-registry-deployment.defaultEnsure that Service Account Tokens are only mounted where necessary
114CKV_K8S_21/scenarios/poor-registry/deployment.yamlDeployment.poor-registry-deployment.defaultThe default namespace should not be used
115CKV_K8S_23/scenarios/poor-registry/deployment.yamlDeployment.poor-registry-deployment.defaultMinimize the admission of root containers
116CKV_K8S_21/scenarios/poor-registry/deployment.yamlService.poor-registry-service.defaultThe default namespace should not be used
117CKV_K8S_37/scenarios/poor-registry/deployment.yamlDeployment.poor-registry-deployment.default (container 0)Minimize the admission of containers with capabilities assigned
118CKV_K8S_8/scenarios/poor-registry/deployment.yamlDeployment.poor-registry-deployment.default (container 0)Liveness Probe Should be Configured
119CKV_K8S_12/scenarios/poor-registry/deployment.yamlDeployment.poor-registry-deployment.default (container 0)Memory requests should be set
120CKV_K8S_20/scenarios/poor-registry/deployment.yamlDeployment.poor-registry-deployment.default (container 0)Containers should not run with allowPrivilegeEscalation
121CKV_K8S_10/scenarios/poor-registry/deployment.yamlDeployment.poor-registry-deployment.default (container 0)CPU requests should be set
122CKV_K8S_22/scenarios/poor-registry/deployment.yamlDeployment.poor-registry-deployment.default (container 0)Use read-only filesystem for containers where possible
123CKV_K8S_9/scenarios/poor-registry/deployment.yamlDeployment.poor-registry-deployment.default (container 0)Readiness Probe Should be Configured
124CKV_K8S_28/scenarios/poor-registry/deployment.yamlDeployment.poor-registry-deployment.default (container 0)Minimize the admission of containers with the NET_RAW capability
125CKV_K8S_30/scenarios/poor-registry/deployment.yamlDeployment.poor-registry-deployment.default (container 0)Apply security context to your pods and containers
126CKV_K8S_14/scenarios/poor-registry/deployment.yamlDeployment.poor-registry-deployment.default (container 0)Image Tag should be fixed - not latest or blank
127CKV_K8S_43/scenarios/poor-registry/deployment.yamlDeployment.poor-registry-deployment.default (container 0)Image should use digest
128CKV_K8S_31/scenarios/kube-bench-security/master-job.yamlJob.kube-bench-master.defaultEnsure that the seccomp profile is set to docker/default or runtime/default
129CKV_K8S_40/scenarios/kube-bench-security/master-job.yamlJob.kube-bench-master.defaultContainers should run as a high UID to avoid host conflict
130CKV_K8S_17/scenarios/kube-bench-security/master-job.yamlJob.kube-bench-master.defaultContainers should not share the host process ID namespace
131CKV_K8S_29/scenarios/kube-bench-security/master-job.yamlJob.kube-bench-master.defaultApply security context to your pods and containers
132CKV_K8S_38/scenarios/kube-bench-security/master-job.yamlJob.kube-bench-master.defaultEnsure that Service Account Tokens are only mounted where necessary
133CKV_K8S_21/scenarios/kube-bench-security/master-job.yamlJob.kube-bench-master.defaultThe default namespace should not be used
134CKV_K8S_23/scenarios/kube-bench-security/master-job.yamlJob.kube-bench-master.defaultMinimize the admission of root containers
135CKV_K8S_37/scenarios/kube-bench-security/master-job.yamlJob.kube-bench-master.default (container 0)Minimize the admission of containers with capabilities assigned
136CKV_K8S_12/scenarios/kube-bench-security/master-job.yamlJob.kube-bench-master.default (container 0)Memory requests should be set
137CKV_K8S_20/scenarios/kube-bench-security/master-job.yamlJob.kube-bench-master.default (container 0)Containers should not run with allowPrivilegeEscalation
138CKV_K8S_13/scenarios/kube-bench-security/master-job.yamlJob.kube-bench-master.default (container 0)Memory limits should be set
139CKV_K8S_10/scenarios/kube-bench-security/master-job.yamlJob.kube-bench-master.default (container 0)CPU requests should be set
140CKV_K8S_22/scenarios/kube-bench-security/master-job.yamlJob.kube-bench-master.default (container 0)Use read-only filesystem for containers where possible
141CKV_K8S_28/scenarios/kube-bench-security/master-job.yamlJob.kube-bench-master.default (container 0)Minimize the admission of containers with the NET_RAW capability
142CKV_K8S_30/scenarios/kube-bench-security/master-job.yamlJob.kube-bench-master.default (container 0)Apply security context to your pods and containers
143CKV_K8S_14/scenarios/kube-bench-security/master-job.yamlJob.kube-bench-master.default (container 0)Image Tag should be fixed - not latest or blank
144CKV_K8S_43/scenarios/kube-bench-security/master-job.yamlJob.kube-bench-master.default (container 0)Image should use digest
145CKV_K8S_11/scenarios/kube-bench-security/master-job.yamlJob.kube-bench-master.default (container 0)CPU limits should be set
146CKV_K8S_31/scenarios/kube-bench-security/node-job.yamlJob.kube-bench-node.defaultEnsure that the seccomp profile is set to docker/default or runtime/default
147CKV_K8S_40/scenarios/kube-bench-security/node-job.yamlJob.kube-bench-node.defaultContainers should run as a high UID to avoid host conflict
148CKV_K8S_17/scenarios/kube-bench-security/node-job.yamlJob.kube-bench-node.defaultContainers should not share the host process ID namespace
149CKV_K8S_29/scenarios/kube-bench-security/node-job.yamlJob.kube-bench-node.defaultApply security context to your pods and containers
150CKV_K8S_38/scenarios/kube-bench-security/node-job.yamlJob.kube-bench-node.defaultEnsure that Service Account Tokens are only mounted where necessary
151CKV_K8S_21/scenarios/kube-bench-security/node-job.yamlJob.kube-bench-node.defaultThe default namespace should not be used
152CKV_K8S_23/scenarios/kube-bench-security/node-job.yamlJob.kube-bench-node.defaultMinimize the admission of root containers
153CKV_K8S_37/scenarios/kube-bench-security/node-job.yamlJob.kube-bench-node.default (container 0)Minimize the admission of containers with capabilities assigned
154CKV_K8S_12/scenarios/kube-bench-security/node-job.yamlJob.kube-bench-node.default (container 0)Memory requests should be set
155CKV_K8S_20/scenarios/kube-bench-security/node-job.yamlJob.kube-bench-node.default (container 0)Containers should not run with allowPrivilegeEscalation
156CKV_K8S_13/scenarios/kube-bench-security/node-job.yamlJob.kube-bench-node.default (container 0)Memory limits should be set
157CKV_K8S_10/scenarios/kube-bench-security/node-job.yamlJob.kube-bench-node.default (container 0)CPU requests should be set
158CKV_K8S_22/scenarios/kube-bench-security/node-job.yamlJob.kube-bench-node.default (container 0)Use read-only filesystem for containers where possible
159CKV_K8S_28/scenarios/kube-bench-security/node-job.yamlJob.kube-bench-node.default (container 0)Minimize the admission of containers with the NET_RAW capability
160CKV_K8S_30/scenarios/kube-bench-security/node-job.yamlJob.kube-bench-node.default (container 0)Apply security context to your pods and containers
161CKV_K8S_14/scenarios/kube-bench-security/node-job.yamlJob.kube-bench-node.default (container 0)Image Tag should be fixed - not latest or blank
162CKV_K8S_43/scenarios/kube-bench-security/node-job.yamlJob.kube-bench-node.default (container 0)Image should use digest
163CKV_K8S_11/scenarios/kube-bench-security/node-job.yamlJob.kube-bench-node.default (container 0)CPU limits should be set
164CKV_K8S_31/scenarios/health-check/deployment.yamlDeployment.health-check-deployment.defaultEnsure that the seccomp profile is set to docker/default or runtime/default
165CKV_K8S_27/scenarios/health-check/deployment.yamlDeployment.health-check-deployment.defaultDo not expose the docker daemon socket to containers
166CKV_K8S_40/scenarios/health-check/deployment.yamlDeployment.health-check-deployment.defaultContainers should run as a high UID to avoid host conflict
167CKV_K8S_29/scenarios/health-check/deployment.yamlDeployment.health-check-deployment.defaultApply security context to your pods and containers
168CKV_K8S_38/scenarios/health-check/deployment.yamlDeployment.health-check-deployment.defaultEnsure that Service Account Tokens are only mounted where necessary
169CKV_K8S_21/scenarios/health-check/deployment.yamlDeployment.health-check-deployment.defaultThe default namespace should not be used
170CKV_K8S_23/scenarios/health-check/deployment.yamlDeployment.health-check-deployment.defaultMinimize the admission of root containers
171CKV_K8S_21/scenarios/health-check/deployment.yamlService.health-check-service.defaultThe default namespace should not be used
172CKV_K8S_37/scenarios/health-check/deployment.yamlDeployment.health-check-deployment.default (container 0)Minimize the admission of containers with capabilities assigned
173CKV_K8S_8/scenarios/health-check/deployment.yamlDeployment.health-check-deployment.default (container 0)Liveness Probe Should be Configured
174CKV_K8S_12/scenarios/health-check/deployment.yamlDeployment.health-check-deployment.default (container 0)Memory requests should be set
175CKV_K8S_20/scenarios/health-check/deployment.yamlDeployment.health-check-deployment.default (container 0)Containers should not run with allowPrivilegeEscalation
176CKV_K8S_10/scenarios/health-check/deployment.yamlDeployment.health-check-deployment.default (container 0)CPU requests should be set
177CKV_K8S_16/scenarios/health-check/deployment.yamlDeployment.health-check-deployment.default (container 0)Container should not be privileged
178CKV_K8S_22/scenarios/health-check/deployment.yamlDeployment.health-check-deployment.default (container 0)Use read-only filesystem for containers where possible
179CKV_K8S_9/scenarios/health-check/deployment.yamlDeployment.health-check-deployment.default (container 0)Readiness Probe Should be Configured
180CKV_K8S_28/scenarios/health-check/deployment.yamlDeployment.health-check-deployment.default (container 0)Minimize the admission of containers with the NET_RAW capability
181CKV_K8S_14/scenarios/health-check/deployment.yamlDeployment.health-check-deployment.default (container 0)Image Tag should be fixed - not latest or blank
182CKV_K8S_43/scenarios/health-check/deployment.yamlDeployment.health-check-deployment.default (container 0)Image should use digest
183CKV_K8S_31/scenarios/internal-proxy/deployment.yamlDeployment.internal-proxy-deployment.defaultEnsure that the seccomp profile is set to docker/default or runtime/default
184CKV_K8S_40/scenarios/internal-proxy/deployment.yamlDeployment.internal-proxy-deployment.defaultContainers should run as a high UID to avoid host conflict
185CKV_K8S_29/scenarios/internal-proxy/deployment.yamlDeployment.internal-proxy-deployment.defaultApply security context to your pods and containers
186CKV_K8S_38/scenarios/internal-proxy/deployment.yamlDeployment.internal-proxy-deployment.defaultEnsure that Service Account Tokens are only mounted where necessary
187CKV_K8S_21/scenarios/internal-proxy/deployment.yamlDeployment.internal-proxy-deployment.defaultThe default namespace should not be used
188CKV_K8S_23/scenarios/internal-proxy/deployment.yamlDeployment.internal-proxy-deployment.defaultMinimize the admission of root containers
189CKV_K8S_21/scenarios/internal-proxy/deployment.yamlService.internal-proxy-api-service.defaultThe default namespace should not be used
190CKV_K8S_21/scenarios/internal-proxy/deployment.yamlService.internal-proxy-info-app-service.defaultThe default namespace should not be used
191CKV_K8S_37/scenarios/internal-proxy/deployment.yamlDeployment.internal-proxy-deployment.default (container 0)Minimize the admission of containers with capabilities assigned
192CKV_K8S_8/scenarios/internal-proxy/deployment.yamlDeployment.internal-proxy-deployment.default (container 0)Liveness Probe Should be Configured
193CKV_K8S_20/scenarios/internal-proxy/deployment.yamlDeployment.internal-proxy-deployment.default (container 0)Containers should not run with allowPrivilegeEscalation
194CKV_K8S_22/scenarios/internal-proxy/deployment.yamlDeployment.internal-proxy-deployment.default (container 0)Use read-only filesystem for containers where possible
195CKV_K8S_9/scenarios/internal-proxy/deployment.yamlDeployment.internal-proxy-deployment.default (container 0)Readiness Probe Should be Configured
196CKV_K8S_28/scenarios/internal-proxy/deployment.yamlDeployment.internal-proxy-deployment.default (container 0)Minimize the admission of containers with the NET_RAW capability
197CKV_K8S_30/scenarios/internal-proxy/deployment.yamlDeployment.internal-proxy-deployment.default (container 0)Apply security context to your pods and containers
198CKV_K8S_14/scenarios/internal-proxy/deployment.yamlDeployment.internal-proxy-deployment.default (container 0)Image Tag should be fixed - not latest or blank
199CKV_K8S_43/scenarios/internal-proxy/deployment.yamlDeployment.internal-proxy-deployment.default (container 0)Image should use digest
200CKV_K8S_37/scenarios/internal-proxy/deployment.yamlDeployment.internal-proxy-deployment.default (container 1)Minimize the admission of containers with capabilities assigned
201CKV_K8S_8/scenarios/internal-proxy/deployment.yamlDeployment.internal-proxy-deployment.default (container 1)Liveness Probe Should be Configured
202CKV_K8S_20/scenarios/internal-proxy/deployment.yamlDeployment.internal-proxy-deployment.default (container 1)Containers should not run with allowPrivilegeEscalation
203CKV_K8S_22/scenarios/internal-proxy/deployment.yamlDeployment.internal-proxy-deployment.default (container 1)Use read-only filesystem for containers where possible
204CKV_K8S_9/scenarios/internal-proxy/deployment.yamlDeployment.internal-proxy-deployment.default (container 1)Readiness Probe Should be Configured
205CKV_K8S_28/scenarios/internal-proxy/deployment.yamlDeployment.internal-proxy-deployment.default (container 1)Minimize the admission of containers with the NET_RAW capability
206CKV_K8S_30/scenarios/internal-proxy/deployment.yamlDeployment.internal-proxy-deployment.default (container 1)Apply security context to your pods and containers
207CKV_K8S_14/scenarios/internal-proxy/deployment.yamlDeployment.internal-proxy-deployment.default (container 1)Image Tag should be fixed - not latest or blank
208CKV_K8S_43/scenarios/internal-proxy/deployment.yamlDeployment.internal-proxy-deployment.default (container 1)Image should use digest
209CKV_K8S_21/scenarios/system-monitor/deployment.yamlSecret.goatvault.defaultThe default namespace should not be used
210CKV_K8S_31/scenarios/system-monitor/deployment.yamlDeployment.system-monitor-deployment.defaultEnsure that the seccomp profile is set to docker/default or runtime/default
211CKV_K8S_40/scenarios/system-monitor/deployment.yamlDeployment.system-monitor-deployment.defaultContainers should run as a high UID to avoid host conflict
212CKV_K8S_19/scenarios/system-monitor/deployment.yamlDeployment.system-monitor-deployment.defaultContainers should not share the host network namespace
213CKV_K8S_17/scenarios/system-monitor/deployment.yamlDeployment.system-monitor-deployment.defaultContainers should not share the host process ID namespace
214CKV_K8S_18/scenarios/system-monitor/deployment.yamlDeployment.system-monitor-deployment.defaultContainers should not share the host IPC namespace
215CKV_K8S_29/scenarios/system-monitor/deployment.yamlDeployment.system-monitor-deployment.defaultApply security context to your pods and containers
216CKV_K8S_38/scenarios/system-monitor/deployment.yamlDeployment.system-monitor-deployment.defaultEnsure that Service Account Tokens are only mounted where necessary
217CKV_K8S_21/scenarios/system-monitor/deployment.yamlDeployment.system-monitor-deployment.defaultThe default namespace should not be used
218CKV_K8S_23/scenarios/system-monitor/deployment.yamlDeployment.system-monitor-deployment.defaultMinimize the admission of root containers
219CKV_K8S_21/scenarios/system-monitor/deployment.yamlService.system-monitor-service.defaultThe default namespace should not be used
220CKV_K8S_37/scenarios/system-monitor/deployment.yamlDeployment.system-monitor-deployment.default (container 0)Minimize the admission of containers with capabilities assigned
221CKV_K8S_8/scenarios/system-monitor/deployment.yamlDeployment.system-monitor-deployment.default (container 0)Liveness Probe Should be Configured
222CKV_K8S_12/scenarios/system-monitor/deployment.yamlDeployment.system-monitor-deployment.default (container 0)Memory requests should be set
223CKV_K8S_20/scenarios/system-monitor/deployment.yamlDeployment.system-monitor-deployment.default (container 0)Containers should not run with allowPrivilegeEscalation
224CKV_K8S_10/scenarios/system-monitor/deployment.yamlDeployment.system-monitor-deployment.default (container 0)CPU requests should be set
225CKV_K8S_16/scenarios/system-monitor/deployment.yamlDeployment.system-monitor-deployment.default (container 0)Container should not be privileged
226CKV_K8S_22/scenarios/system-monitor/deployment.yamlDeployment.system-monitor-deployment.default (container 0)Use read-only filesystem for containers where possible
227CKV_K8S_9/scenarios/system-monitor/deployment.yamlDeployment.system-monitor-deployment.default (container 0)Readiness Probe Should be Configured
228CKV_K8S_35/scenarios/system-monitor/deployment.yamlDeployment.system-monitor-deployment.default (container 0)Prefer using secrets as files over secrets as environment variables
229CKV_K8S_28/scenarios/system-monitor/deployment.yamlDeployment.system-monitor-deployment.default (container 0)Minimize the admission of containers with the NET_RAW capability
230CKV_K8S_14/scenarios/system-monitor/deployment.yamlDeployment.system-monitor-deployment.default (container 0)Image Tag should be fixed - not latest or blank
231CKV_K8S_43/scenarios/system-monitor/deployment.yamlDeployment.system-monitor-deployment.default (container 0)Image should use digest