Benchmark: Kubernetes Pod Security
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-kubernetes-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select Kubernetes Pod Security.
Run this benchmark in your terminal:
powerpipe benchmark run kubernetes_compliance.benchmark.nsa_cisa_v1_pod_securitySnapshot and share results via Turbot Pipes:
powerpipe benchmark run kubernetes_compliance.benchmark.nsa_cisa_v1_pod_security --shareBenchmarks
- Containers should not use hostPath mounts
- Containers should not have privileged access
- Containers should not allow privilege escalation
- Containerized applications should use security services
- Containers should not run with host network access
- Containers should not share the host process namespace
- Containers should run with a read only root file system
- Containers should not run with root privileges
- Automatic mapping of the service account tokens should be disabled