Terraform Missing Security Context
Description
Identifies Kubernetes container configurations that are missing security context settings. Missing security contexts can allow containers to run with excessive privileges, potentially enabling privilege escalation attacks or container breakouts.
Detection Strategy
• Examines Kubernetes resource definitions in infrastructure code (like pod specs, deployments, etc)
• Checks if container specifications are present under the 'spec' field
• Verifies if securityContext configuration is missing from container specifications
• Reports containers that don't have security context constraints defined
Vulnerable code example
# Vulnerable Kubernetes pod configuration
resource "kubernetes_pod" "example" {
metadata {
name = "vulnerable-pod"
labels = {
app = "web"
}
}...✅ Secure code example
resource "kubernetes_pod" "example" {
metadata {
name = "vulnerable-pod"
labels = {
app = "web"
}
}
spec {...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.