[FEATURE_REQUEST] Expand run-as-non-root
template to verify runAsGroup
field is nonzero.
#748
Labels
run-as-non-root
template to verify runAsGroup
field is nonzero.
#748
Description of the problem/feature request
In addition to it being a best security practice for pods to have
runAsUser
set to a non-zero value, it is also recommended that theGID
, determined by either the runtime default security context or therunAsGroup
field, is set to a non-zero value.Would like to propose either creating a new template/check or extend the existing
run-as-non-root
template to check against therunAsGroup
field.Description of the existing behavior vs. expected behavior
Below is a snippet of behavior when
runAsUser
set to0
. Expected behavior would be along similar lines.Additional context
Not particularly familiar with Go, but would be glad to take a crack at this.
Just let me know if there's any particular preference to either extend, or create new template, (or any other helpful suggestions/pointers).
The text was updated successfully, but these errors were encountered: