Skip to content

Add securityContext for PodSecurity Configuration to all scanTypes #1330

New issue
New issue
Closed
#1339
Closed
Add securityContext for PodSecurity Configuration to all scanTypes#1330
#1339
Assignees
rseedorff
Labels
scannerImplement or update a security scanner
Milestone
 
v3.15.0
@rseedorff

Description

@rseedorff
rseedorff
opened on Aug 31, 2022

In the scanType HelmCharts it is currently not possible to configure PodSecurityContext like fsGroup but only container specific securityContext.

All scanType Chart must be extended for that. Example:

scanner:
   # scanner.podSecurityContext -- Optional securityContext set on scanner pod (see: 
  https://kubernetes.io/docs/tasks/configure-pod-container/security-context/)
  podSecurityContext:
    fsGroup: 2000
  # scanner.securityContext -- Optional securityContext set on scanner container (see: 
  https://kubernetes.io/docs/tasks/configure-pod-container/security-context/)
  securityContext:
    # scanner.securityContext.runAsNonRoot -- Enforces that the scanner image is run as a non root user
    runAsNonRoot: false
    # scanner.securityContext.readOnlyRootFilesystem -- Prevents write access to the containers file system
    readOnlyRootFilesystem: false
    # scanner.securityContext.allowPrivilegeEscalation -- Ensure that users privileges cannot be escalated
    allowPrivilegeEscalation: false
    # scanner.securityContext.privileged -- Ensures that the scanner container is not run in privileged mode
    privileged: false
    capabilities:
      drop:
        # scanner.securityContext.capabilities.drop[0] -- This drops all linux privileges from the container.
        - all

Activity

rseedorff
moved this from Backlog to Todo in secureCodeBox v4on Aug 31, 2022
rseedorff
added this to the v3.15.0 milestone on Aug 31, 2022
rseedorff
added a commit that references this issue on Sep 3, 2022

Added podSecurityContext to all scanTypes

7465795
rseedorff
self-assigned this
on Sep 3, 2022
rseedorff
mentioned this on Sep 3, 2022
rseedorff
moved this from Todo to In Progress in secureCodeBox v4on Sep 3, 2022
J12934
closed this as completedin #1339on Sep 5, 2022
J12934
added a commit that references this issue on Sep 5, 2022

Merge pull request #1339 from secureCodeBox/feature/add-podsecurityco…

b631135
Repository owner moved this from In Progress to Done in secureCodeBox v4on Sep 5, 2022
rseedorff
added a commit that references this issue on Sep 15, 2022

#1330 Added missing podSecurityContext

e3eb0f9
rseedorff
mentioned this on Sep 15, 2022
Weltraumschaf
mentioned this on Jul 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

Labels

scannerImplement or update a security scanner

Type

No type

Projects

secureCodeBox v4

  • Status

    Done

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions
    Add securityContext for PodSecurity Configuration to all scanTypes · Issue #1330 · secureCodeBox/secureCodeBox