Infrastructure as Code - Security Rules

medium severity

Container is running without privilege escalation control (SNYK-CC-K8S-9)

`allowPrivilegeEscalation` attribute is not set to `false`

Processes could elevate current privileges via known vectors, for example SUID binaries

Kubernetes

Set `securityContext.allowPrivilegeEscalation` to `false`

Terraform

Set `spec.container.security_context.allow_privilege_escalation` to `false`

CIS Docker Benchmark 1.2.0 - 5.25 Ensure that the container is restricted from acquiring additional privileges
https://www.kernel.org/doc/html/latest/userspace-api/no_new_privs.html