turbot/steampipe-mod-kubernetes-compliance

Benchmark: Containers should not run with root privileges

Description

Containers should not be deployed with root privileges. By default, many container services run as the privileged root user, and applications execute inside the container as root despite not requiring privileged execution. Preventing root execution by using non-root containers or a rootless container engine limits the impact of a container compromise.

Usage

Install the mod:

mkdir dashboards
cd dashboards
powerpipe mod init
powerpipe mod install github.com/turbot/steampipe-mod-kubernetes-compliance

Start the Powerpipe server:

steampipe service start
powerpipe server

Open http://localhost:9033 in your browser and select Containers should not run with root privileges.

Run this benchmark in your terminal:

powerpipe benchmark run kubernetes_compliance.benchmark.nsa_cisa_v1_pod_security_non_root_container

Snapshot and share results via Turbot Pipes:

powerpipe benchmark run kubernetes_compliance.benchmark.nsa_cisa_v1_pod_security_non_root_container --share

Controls

Tags