turbot/steampipe-mod-kubernetes-compliance

Benchmark: Containers should not have privileged access

Description

Containers should not have privileged access. To prevent security issues, it is recommended that you do not run privileged containers in your environment. Instead, provide granular permissions and capabilities to the container environment. Giving containers full access to the host can create security flaws in your production environment.

Usage

Install the mod:

mkdir dashboards
cd dashboards
powerpipe mod init
powerpipe mod install github.com/turbot/steampipe-mod-kubernetes-compliance

Start the Powerpipe server:

steampipe service start
powerpipe server

Open http://localhost:9033 in your browser and select Containers should not have privileged access.

Run this benchmark in your terminal:

powerpipe benchmark run kubernetes_compliance.benchmark.nsa_cisa_v1_pod_security_container_privilege_disabled

Snapshot and share results via Turbot Pipes:

powerpipe benchmark run kubernetes_compliance.benchmark.nsa_cisa_v1_pod_security_container_privilege_disabled --share

Controls

Tags