Do Not Run Containers As Root

Ensure running containers as non-root.

Policy Details

Policy Subtype
Build
Severity
High
Template Type
Kubernetes

Build Rules

Do not run containers as root.
JSON Query:
$.spec.template.spec.securityContext.runAsUser any equal 0
Recommendation:
Recommended solution to ensure that containers are running as non-root.
It is recommended that containers run as non-root. Please make sure "runAsUser" value is not equal to 0.
For example:
"spec": { "containers": [ { "name": "pause", "image": "k8s.gcr.io/pause" } ], "securityContext": { "runAsUser": 1000, "runAsGroup": 3000, "fsGroup": 2000 } }

Recommended For You