Containers Must Be Run As Non-root

Ensure containers run as non-root.

Policy Details

Policy Subtype
Build
Severity
High
Template Type
Kubernetes

Build Rules

Containers must be run as non-root.
JSON Query:
$.spec.template.spec.containers[*].securityContext.runAsNonRoot equals false
Recommendation:
Recommended solution for making sure containers are running as non root.
It is recommended containers run as non-root. Please make sure "runAsNonRoot" has value set to "true".
For example:
"spec": { "containers": [ { "name": "pause", "image": "k8s.gcr.io/pause", "securityContext": { "runAsNonRoot": true } } ] }

Recommended For You