Control: CronJob containers should not run with root privileges
Description
Containers in a CronJob should not run with root privileges. By default, many container services run as the privileged root user, and applications execute inside the container as root despite not requiring privileged execution. Preventing root execution by using non-root containers or a rootless container engine limits the impact of a container compromise.
Usage
Run the control in your terminal:
powerpipe control run kubernetes_compliance.control.cronjob_non_root_container
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run kubernetes_compliance.control.cronjob_non_root_container --share
SQL
This control uses a named query:
cronjob_non_root_container