Loading controls...
Control: CronJob containers should not have added capabilities
Description
Container in CronJob definition should not have added capabilities. Added capabilities can provide container processes with escalated privileges which can be used to access sensitive host resources or perform operations outside of the container.
Usage
Run the control in your terminal:
powerpipe control run kubernetes_compliance.control.cronjob_container_with_added_capabilitiesSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run kubernetes_compliance.control.cronjob_container_with_added_capabilities --shareSQL
This control uses a named query:
cronjob_container_with_added_capabilities