Json Yaml Run As Non Root Missing
Description
Detects Kubernetes containers that could run with root privileges due to missing or disabled `runAsNonRoot` security context settings. Running containers as root poses significant security risks as it may allow container processes to gain excessive privileges on the host system if they break out of container isolation.
Detection Strategy
• Examines container specifications in Kubernetes manifests (like Deployments, StatefulSets, etc.)
• Checks if security controls are missing at both pod-level and container-level security contexts
• Reports a vulnerability if a container has no security context defined and no pod-level security context exists
• Reports a vulnerability if a container's security context exists but `runAsNonRoot` is not specified and no pod-level security exists
• Reports a vulnerability if `runAsNonRoot` is explicitly set to false in the container's security context
Vulnerable code example
apiVersion: v1
kind: Pod
metadata:
name: vulnerable-pod
spec:
securityContext:
runAsNonRoot: false # Vulnerable: Allows pod to run as root
containers:...✅ Secure code example
apiVersion: v1
kind: Pod
metadata:
name: secure-pod
spec:
automountServiceAccountToken: false # Prevent access to service account credentials
securityContext:
runAsNonRoot: true # Force pod to run as non-root user...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.