Json Yaml Sa Token Enabled
Description
Detects Kubernetes configurations that allow automatic mounting of service account tokens in pods. This can create security risks by providing unnecessary API access to containers, violating the principle of least privilege.
Detection Strategy
• Examines Kubernetes manifest files (like pod specs or deployments)
• Flags if 'automountServiceAccountToken' is explicitly set to 'true'
• Also flags if containers are defined without explicitly disabling service account token mounting (since this is enabled by default)
• Checks pod specifications under 'spec' that contain container definitions
Vulnerable code example
apiVersion: batch/v1
kind: CronJob
metadata:
name: vulnerable-cronjob
spec:
schedule: "0 * * * *"
jobTemplate:
spec:...✅ Secure code example
apiVersion: batch/v1
kind: CronJob
metadata:
name: secure-cronjob
labels:
app: web
spec:
schedule: "0 * * * *"...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.