v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/kubernetes_compliance
Overview
4Dashboards
790Controls
781Queries
2Variables
GitHub

Control: Pod containers should not run with root privileges

Description

Containers in a Pod should not run with root privileges. By default, many container services run as the privileged root user, and applications execute inside the container as root despite not requiring privileged execution. Preventing root execution by using non-root containers or a rootless container engine limits the impact of a container compromise.

Usage

Run the control in your terminal:

powerpipe control run kubernetes_compliance.control.pod_non_root_container

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run kubernetes_compliance.control.pod_non_root_container --share

SQL

This control uses a named query:

pod_non_root_container

Tags

category = Compliance
nsa_cisa_v1 = true
plugin = kubernetes
service = Kubernetes/Pod