Bridgecrew.io
  • About Bridgecrew by Prisma Cloud
Checkov home
  • Docs
    • Quick start
    • Overview
    • Integrations
  • Download
  • Try Bridgecrew
  • Docs
    • Quick start
    • Overview
    • Integrations

Checkov Documentation

  • 1.Welcome
    • What is Checkov?
    • Terms and Concepts
    • Quick Start
    • Feature Descriptions
  • 2.Basics
    • Installing Checkov
    • CLI Command Reference
    • Suppressing and Skipping Policies
    • Hard and soft fail
    • Scanning Credentials and Secrets
    • Reviewing Scan Results
    • Visualizing Checkov Output
    • Handling Variables
  • 3.Custom Policies
    • Custom Policies Overview
    • Python Custom Policies
    • YAML Custom Policies
    • Custom YAML Policies Examples
    • Sharing Custom Policies
  • 4.Integrations
    • Jenkins
    • Bitbucket Cloud Pipelines
    • GitHub Actions
    • GitLab CI
    • Kubernetes
    • Pre-Commit
    • Docker
  • 5.Policy Index
    • all resource scans
    • ansible resource scans
    • argo_workflows resource scans
    • arm resource scans
    • azure_pipelines resource scans
    • bicep resource scans
    • bitbucket_configuration resource scans
    • bitbucket_pipelines resource scans
    • circleci_pipelines resource scans
    • cloudformation resource scans
    • dockerfile resource scans
    • github_actions resource scans
    • github_configuration resource scans
    • gitlab_ci resource scans
    • gitlab_configuration resource scans
    • kubernetes resource scans (auto generated)
    • openapi resource scans
    • secrets resource scans
    • serverless resource scans
    • terraform resource scans
  • 6.Contribution
    • Checkov Runner Contribution Guide
    • Implementing CI Metadata extractor
    • Implementing ImageReferencer
    • Contribution Overview
    • Contribute Python-Based Policies
    • Contribute YAML-based Policies
    • Contribute New Terraform Provider
    • Contribute New Argo Workflows configuration policy
    • Contribute New Azure Pipelines configuration policy
    • Contribute New Bitbucket configuration policy
    • Contribute New GitHub configuration policy
    • Contribute New Gitlab configuration policy
  • 7.Scan Examples
    • Terraform Plan Scanning
    • Terraform Scanning
    • Helm
    • Kustomize
    • AWS SAM configuration scanning
    • Ansible configuration scanning
    • Argo Workflows configuration scanning
    • Azure ARM templates configuration scanning
    • Azure Pipelines configuration scanning
    • Azure Bicep configuration scanning
    • Bitbucket configuration scanning
    • AWS CDK configuration scanning
    • Cloudformation configuration scanning
    • Dockerfile configuration scanning
    • GitHub configuration scanning
    • Gitlab configuration scanning
    • Kubernetes configuration scanning
    • OpenAPI configuration scanning
    • SCA scanning
    • Serverless framework configuration scanning
  • 8.Outputs
    • CSV
    • CycloneDX BOM
    • GitLab SAST
    • JUnit XML
    • SARIF
  • 9.Level up
    • Upgrade from Checkov to Bridgecrew
  • Docs
  • 5.policy index
  • kubernetes resource scans
Edit on GitHub

kubernetes resource scans (auto generated)

  Id Type Entity Policy IaC Resource Link
0 CKV_K8S_1 resource PodSecurityPolicy Do not admit containers wishing to share the host process ID namespace Kubernetes ShareHostPIDPSP.py
1 CKV_K8S_2 resource PodSecurityPolicy Do not admit privileged containers Kubernetes PrivilegedContainersPSP.py
2 CKV_K8S_3 resource PodSecurityPolicy Do not admit containers wishing to share the host IPC namespace Kubernetes ShareHostIPCPSP.py
3 CKV_K8S_4 resource PodSecurityPolicy Do not admit containers wishing to share the host network namespace Kubernetes SharedHostNetworkNamespacePSP.py
4 CKV_K8S_5 resource PodSecurityPolicy Containers should not run with allowPrivilegeEscalation Kubernetes AllowPrivilegeEscalationPSP.py
5 CKV_K8S_6 resource PodSecurityPolicy Do not admit root containers Kubernetes RootContainersPSP.py
6 CKV_K8S_7 resource PodSecurityPolicy Do not admit containers with the NET_RAW capability Kubernetes DropCapabilitiesPSP.py
7 CKV_K8S_8 resource DaemonSet Liveness Probe Should be Configured Kubernetes LivenessProbe.py
8 CKV_K8S_8 resource Deployment Liveness Probe Should be Configured Kubernetes LivenessProbe.py
9 CKV_K8S_8 resource DeploymentConfig Liveness Probe Should be Configured Kubernetes LivenessProbe.py
10 CKV_K8S_8 resource Pod Liveness Probe Should be Configured Kubernetes LivenessProbe.py
11 CKV_K8S_8 resource PodTemplate Liveness Probe Should be Configured Kubernetes LivenessProbe.py
12 CKV_K8S_8 resource ReplicaSet Liveness Probe Should be Configured Kubernetes LivenessProbe.py
13 CKV_K8S_8 resource ReplicationController Liveness Probe Should be Configured Kubernetes LivenessProbe.py
14 CKV_K8S_8 resource StatefulSet Liveness Probe Should be Configured Kubernetes LivenessProbe.py
15 CKV_K8S_9 resource DaemonSet Readiness Probe Should be Configured Kubernetes ReadinessProbe.py
16 CKV_K8S_9 resource Deployment Readiness Probe Should be Configured Kubernetes ReadinessProbe.py
17 CKV_K8S_9 resource DeploymentConfig Readiness Probe Should be Configured Kubernetes ReadinessProbe.py
18 CKV_K8S_9 resource Pod Readiness Probe Should be Configured Kubernetes ReadinessProbe.py
19 CKV_K8S_9 resource PodTemplate Readiness Probe Should be Configured Kubernetes ReadinessProbe.py
20 CKV_K8S_9 resource ReplicaSet Readiness Probe Should be Configured Kubernetes ReadinessProbe.py
21 CKV_K8S_9 resource ReplicationController Readiness Probe Should be Configured Kubernetes ReadinessProbe.py
22 CKV_K8S_9 resource StatefulSet Readiness Probe Should be Configured Kubernetes ReadinessProbe.py
23 CKV_K8S_10 resource CronJob CPU requests should be set Kubernetes CPURequests.py
24 CKV_K8S_10 resource DaemonSet CPU requests should be set Kubernetes CPURequests.py
25 CKV_K8S_10 resource Deployment CPU requests should be set Kubernetes CPURequests.py
26 CKV_K8S_10 resource DeploymentConfig CPU requests should be set Kubernetes CPURequests.py
27 CKV_K8S_10 resource Job CPU requests should be set Kubernetes CPURequests.py
28 CKV_K8S_10 resource Pod CPU requests should be set Kubernetes CPURequests.py
29 CKV_K8S_10 resource PodTemplate CPU requests should be set Kubernetes CPURequests.py
30 CKV_K8S_10 resource ReplicaSet CPU requests should be set Kubernetes CPURequests.py
31 CKV_K8S_10 resource ReplicationController CPU requests should be set Kubernetes CPURequests.py
32 CKV_K8S_10 resource StatefulSet CPU requests should be set Kubernetes CPURequests.py
33 CKV_K8S_11 resource CronJob CPU limits should be set Kubernetes CPULimits.py
34 CKV_K8S_11 resource DaemonSet CPU limits should be set Kubernetes CPULimits.py
35 CKV_K8S_11 resource Deployment CPU limits should be set Kubernetes CPULimits.py
36 CKV_K8S_11 resource DeploymentConfig CPU limits should be set Kubernetes CPULimits.py
37 CKV_K8S_11 resource Job CPU limits should be set Kubernetes CPULimits.py
38 CKV_K8S_11 resource Pod CPU limits should be set Kubernetes CPULimits.py
39 CKV_K8S_11 resource PodTemplate CPU limits should be set Kubernetes CPULimits.py
40 CKV_K8S_11 resource ReplicaSet CPU limits should be set Kubernetes CPULimits.py
41 CKV_K8S_11 resource ReplicationController CPU limits should be set Kubernetes CPULimits.py
42 CKV_K8S_11 resource StatefulSet CPU limits should be set Kubernetes CPULimits.py
43 CKV_K8S_12 resource CronJob Memory requests should be set Kubernetes MemoryRequests.py
44 CKV_K8S_12 resource DaemonSet Memory requests should be set Kubernetes MemoryRequests.py
45 CKV_K8S_12 resource Deployment Memory requests should be set Kubernetes MemoryRequests.py
46 CKV_K8S_12 resource DeploymentConfig Memory requests should be set Kubernetes MemoryRequests.py
47 CKV_K8S_12 resource Job Memory requests should be set Kubernetes MemoryRequests.py
48 CKV_K8S_12 resource Pod Memory requests should be set Kubernetes MemoryRequests.py
49 CKV_K8S_12 resource PodTemplate Memory requests should be set Kubernetes MemoryRequests.py
50 CKV_K8S_12 resource ReplicaSet Memory requests should be set Kubernetes MemoryRequests.py
51 CKV_K8S_12 resource ReplicationController Memory requests should be set Kubernetes MemoryRequests.py
52 CKV_K8S_12 resource StatefulSet Memory requests should be set Kubernetes MemoryRequests.py
53 CKV_K8S_13 resource CronJob Memory limits should be set Kubernetes MemoryLimits.py
54 CKV_K8S_13 resource DaemonSet Memory limits should be set Kubernetes MemoryLimits.py
55 CKV_K8S_13 resource Deployment Memory limits should be set Kubernetes MemoryLimits.py
56 CKV_K8S_13 resource DeploymentConfig Memory limits should be set Kubernetes MemoryLimits.py
57 CKV_K8S_13 resource Job Memory limits should be set Kubernetes MemoryLimits.py
58 CKV_K8S_13 resource Pod Memory limits should be set Kubernetes MemoryLimits.py
59 CKV_K8S_13 resource PodTemplate Memory limits should be set Kubernetes MemoryLimits.py
60 CKV_K8S_13 resource ReplicaSet Memory limits should be set Kubernetes MemoryLimits.py
61 CKV_K8S_13 resource ReplicationController Memory limits should be set Kubernetes MemoryLimits.py
62 CKV_K8S_13 resource StatefulSet Memory limits should be set Kubernetes MemoryLimits.py
63 CKV_K8S_14 resource CronJob Image Tag should be fixed - not latest or blank Kubernetes ImageTagFixed.py
64 CKV_K8S_14 resource DaemonSet Image Tag should be fixed - not latest or blank Kubernetes ImageTagFixed.py
65 CKV_K8S_14 resource Deployment Image Tag should be fixed - not latest or blank Kubernetes ImageTagFixed.py
66 CKV_K8S_14 resource DeploymentConfig Image Tag should be fixed - not latest or blank Kubernetes ImageTagFixed.py
67 CKV_K8S_14 resource Job Image Tag should be fixed - not latest or blank Kubernetes ImageTagFixed.py
68 CKV_K8S_14 resource Pod Image Tag should be fixed - not latest or blank Kubernetes ImageTagFixed.py
69 CKV_K8S_14 resource PodTemplate Image Tag should be fixed - not latest or blank Kubernetes ImageTagFixed.py
70 CKV_K8S_14 resource ReplicaSet Image Tag should be fixed - not latest or blank Kubernetes ImageTagFixed.py
71 CKV_K8S_14 resource ReplicationController Image Tag should be fixed - not latest or blank Kubernetes ImageTagFixed.py
72 CKV_K8S_14 resource StatefulSet Image Tag should be fixed - not latest or blank Kubernetes ImageTagFixed.py
73 CKV_K8S_15 resource CronJob Image Pull Policy should be Always Kubernetes ImagePullPolicyAlways.py
74 CKV_K8S_15 resource DaemonSet Image Pull Policy should be Always Kubernetes ImagePullPolicyAlways.py
75 CKV_K8S_15 resource Deployment Image Pull Policy should be Always Kubernetes ImagePullPolicyAlways.py
76 CKV_K8S_15 resource DeploymentConfig Image Pull Policy should be Always Kubernetes ImagePullPolicyAlways.py
77 CKV_K8S_15 resource Job Image Pull Policy should be Always Kubernetes ImagePullPolicyAlways.py
78 CKV_K8S_15 resource Pod Image Pull Policy should be Always Kubernetes ImagePullPolicyAlways.py
79 CKV_K8S_15 resource PodTemplate Image Pull Policy should be Always Kubernetes ImagePullPolicyAlways.py
80 CKV_K8S_15 resource ReplicaSet Image Pull Policy should be Always Kubernetes ImagePullPolicyAlways.py
81 CKV_K8S_15 resource ReplicationController Image Pull Policy should be Always Kubernetes ImagePullPolicyAlways.py
82 CKV_K8S_15 resource StatefulSet Image Pull Policy should be Always Kubernetes ImagePullPolicyAlways.py
83 CKV_K8S_16 resource CronJob Container should not be privileged Kubernetes PrivilegedContainers.py
84 CKV_K8S_16 resource DaemonSet Container should not be privileged Kubernetes PrivilegedContainers.py
85 CKV_K8S_16 resource Deployment Container should not be privileged Kubernetes PrivilegedContainers.py
86 CKV_K8S_16 resource DeploymentConfig Container should not be privileged Kubernetes PrivilegedContainers.py
87 CKV_K8S_16 resource Job Container should not be privileged Kubernetes PrivilegedContainers.py
88 CKV_K8S_16 resource Pod Container should not be privileged Kubernetes PrivilegedContainers.py
89 CKV_K8S_16 resource PodTemplate Container should not be privileged Kubernetes PrivilegedContainers.py
90 CKV_K8S_16 resource ReplicaSet Container should not be privileged Kubernetes PrivilegedContainers.py
91 CKV_K8S_16 resource ReplicationController Container should not be privileged Kubernetes PrivilegedContainers.py
92 CKV_K8S_16 resource StatefulSet Container should not be privileged Kubernetes PrivilegedContainers.py
93 CKV_K8S_17 resource CronJob Containers should not share the host process ID namespace Kubernetes ShareHostPID.py
94 CKV_K8S_17 resource DaemonSet Containers should not share the host process ID namespace Kubernetes ShareHostPID.py
95 CKV_K8S_17 resource Deployment Containers should not share the host process ID namespace Kubernetes ShareHostPID.py
96 CKV_K8S_17 resource Job Containers should not share the host process ID namespace Kubernetes ShareHostPID.py
97 CKV_K8S_17 resource Pod Containers should not share the host process ID namespace Kubernetes ShareHostPID.py
98 CKV_K8S_17 resource ReplicaSet Containers should not share the host process ID namespace Kubernetes ShareHostPID.py
99 CKV_K8S_17 resource ReplicationController Containers should not share the host process ID namespace Kubernetes ShareHostPID.py
100 CKV_K8S_17 resource StatefulSet Containers should not share the host process ID namespace Kubernetes ShareHostPID.py
101 CKV_K8S_18 resource CronJob Containers should not share the host IPC namespace Kubernetes ShareHostIPC.py
102 CKV_K8S_18 resource DaemonSet Containers should not share the host IPC namespace Kubernetes ShareHostIPC.py
103 CKV_K8S_18 resource Deployment Containers should not share the host IPC namespace Kubernetes ShareHostIPC.py
104 CKV_K8S_18 resource Job Containers should not share the host IPC namespace Kubernetes ShareHostIPC.py
105 CKV_K8S_18 resource Pod Containers should not share the host IPC namespace Kubernetes ShareHostIPC.py
106 CKV_K8S_18 resource ReplicaSet Containers should not share the host IPC namespace Kubernetes ShareHostIPC.py
107 CKV_K8S_18 resource ReplicationController Containers should not share the host IPC namespace Kubernetes ShareHostIPC.py
108 CKV_K8S_18 resource StatefulSet Containers should not share the host IPC namespace Kubernetes ShareHostIPC.py
109 CKV_K8S_19 resource CronJob Containers should not share the host network namespace Kubernetes SharedHostNetworkNamespace.py
110 CKV_K8S_19 resource DaemonSet Containers should not share the host network namespace Kubernetes SharedHostNetworkNamespace.py
111 CKV_K8S_19 resource Deployment Containers should not share the host network namespace Kubernetes SharedHostNetworkNamespace.py
112 CKV_K8S_19 resource Job Containers should not share the host network namespace Kubernetes SharedHostNetworkNamespace.py
113 CKV_K8S_19 resource Pod Containers should not share the host network namespace Kubernetes SharedHostNetworkNamespace.py
114 CKV_K8S_19 resource ReplicaSet Containers should not share the host network namespace Kubernetes SharedHostNetworkNamespace.py
115 CKV_K8S_19 resource ReplicationController Containers should not share the host network namespace Kubernetes SharedHostNetworkNamespace.py
116 CKV_K8S_19 resource StatefulSet Containers should not share the host network namespace Kubernetes SharedHostNetworkNamespace.py
117 CKV_K8S_20 resource CronJob Containers should not run with allowPrivilegeEscalation Kubernetes AllowPrivilegeEscalation.py
118 CKV_K8S_20 resource DaemonSet Containers should not run with allowPrivilegeEscalation Kubernetes AllowPrivilegeEscalation.py
119 CKV_K8S_20 resource Deployment Containers should not run with allowPrivilegeEscalation Kubernetes AllowPrivilegeEscalation.py
120 CKV_K8S_20 resource DeploymentConfig Containers should not run with allowPrivilegeEscalation Kubernetes AllowPrivilegeEscalation.py
121 CKV_K8S_20 resource Job Containers should not run with allowPrivilegeEscalation Kubernetes AllowPrivilegeEscalation.py
122 CKV_K8S_20 resource Pod Containers should not run with allowPrivilegeEscalation Kubernetes AllowPrivilegeEscalation.py
123 CKV_K8S_20 resource PodTemplate Containers should not run with allowPrivilegeEscalation Kubernetes AllowPrivilegeEscalation.py
124 CKV_K8S_20 resource ReplicaSet Containers should not run with allowPrivilegeEscalation Kubernetes AllowPrivilegeEscalation.py
125 CKV_K8S_20 resource ReplicationController Containers should not run with allowPrivilegeEscalation Kubernetes AllowPrivilegeEscalation.py
126 CKV_K8S_20 resource StatefulSet Containers should not run with allowPrivilegeEscalation Kubernetes AllowPrivilegeEscalation.py
127 CKV_K8S_21 resource ConfigMap The default namespace should not be used Kubernetes DefaultNamespace.py
128 CKV_K8S_21 resource CronJob The default namespace should not be used Kubernetes DefaultNamespace.py
129 CKV_K8S_21 resource DaemonSet The default namespace should not be used Kubernetes DefaultNamespace.py
130 CKV_K8S_21 resource Deployment The default namespace should not be used Kubernetes DefaultNamespace.py
131 CKV_K8S_21 resource Ingress The default namespace should not be used Kubernetes DefaultNamespace.py
132 CKV_K8S_21 resource Job The default namespace should not be used Kubernetes DefaultNamespace.py
133 CKV_K8S_21 resource Pod The default namespace should not be used Kubernetes DefaultNamespace.py
134 CKV_K8S_21 resource ReplicaSet The default namespace should not be used Kubernetes DefaultNamespace.py
135 CKV_K8S_21 resource ReplicationController The default namespace should not be used Kubernetes DefaultNamespace.py
136 CKV_K8S_21 resource Role The default namespace should not be used Kubernetes DefaultNamespace.py
137 CKV_K8S_21 resource RoleBinding The default namespace should not be used Kubernetes DefaultNamespace.py
138 CKV_K8S_21 resource Secret The default namespace should not be used Kubernetes DefaultNamespace.py
139 CKV_K8S_21 resource Service The default namespace should not be used Kubernetes DefaultNamespace.py
140 CKV_K8S_21 resource ServiceAccount The default namespace should not be used Kubernetes DefaultNamespace.py
141 CKV_K8S_21 resource StatefulSet The default namespace should not be used Kubernetes DefaultNamespace.py
142 CKV_K8S_22 resource CronJob Use read-only filesystem for containers where possible Kubernetes ReadOnlyFilesystem.py
143 CKV_K8S_22 resource DaemonSet Use read-only filesystem for containers where possible Kubernetes ReadOnlyFilesystem.py
144 CKV_K8S_22 resource Deployment Use read-only filesystem for containers where possible Kubernetes ReadOnlyFilesystem.py
145 CKV_K8S_22 resource DeploymentConfig Use read-only filesystem for containers where possible Kubernetes ReadOnlyFilesystem.py
146 CKV_K8S_22 resource Job Use read-only filesystem for containers where possible Kubernetes ReadOnlyFilesystem.py
147 CKV_K8S_22 resource Pod Use read-only filesystem for containers where possible Kubernetes ReadOnlyFilesystem.py
148 CKV_K8S_22 resource PodTemplate Use read-only filesystem for containers where possible Kubernetes ReadOnlyFilesystem.py
149 CKV_K8S_22 resource ReplicaSet Use read-only filesystem for containers where possible Kubernetes ReadOnlyFilesystem.py
150 CKV_K8S_22 resource ReplicationController Use read-only filesystem for containers where possible Kubernetes ReadOnlyFilesystem.py
151 CKV_K8S_22 resource StatefulSet Use read-only filesystem for containers where possible Kubernetes ReadOnlyFilesystem.py
152 CKV_K8S_23 resource CronJob Minimize the admission of root containers Kubernetes RootContainers.py
153 CKV_K8S_23 resource DaemonSet Minimize the admission of root containers Kubernetes RootContainers.py
154 CKV_K8S_23 resource Deployment Minimize the admission of root containers Kubernetes RootContainers.py
155 CKV_K8S_23 resource Job Minimize the admission of root containers Kubernetes RootContainers.py
156 CKV_K8S_23 resource Pod Minimize the admission of root containers Kubernetes RootContainers.py
157 CKV_K8S_23 resource ReplicaSet Minimize the admission of root containers Kubernetes RootContainers.py
158 CKV_K8S_23 resource ReplicationController Minimize the admission of root containers Kubernetes RootContainers.py
159 CKV_K8S_23 resource StatefulSet Minimize the admission of root containers Kubernetes RootContainers.py
160 CKV_K8S_24 resource PodSecurityPolicy Do not allow containers with added capability Kubernetes AllowedCapabilitiesPSP.py
161 CKV_K8S_25 resource CronJob Minimize the admission of containers with added capability Kubernetes AllowedCapabilities.py
162 CKV_K8S_25 resource DaemonSet Minimize the admission of containers with added capability Kubernetes AllowedCapabilities.py
163 CKV_K8S_25 resource Deployment Minimize the admission of containers with added capability Kubernetes AllowedCapabilities.py
164 CKV_K8S_25 resource DeploymentConfig Minimize the admission of containers with added capability Kubernetes AllowedCapabilities.py
165 CKV_K8S_25 resource Job Minimize the admission of containers with added capability Kubernetes AllowedCapabilities.py
166 CKV_K8S_25 resource Pod Minimize the admission of containers with added capability Kubernetes AllowedCapabilities.py
167 CKV_K8S_25 resource PodTemplate Minimize the admission of containers with added capability Kubernetes AllowedCapabilities.py
168 CKV_K8S_25 resource ReplicaSet Minimize the admission of containers with added capability Kubernetes AllowedCapabilities.py
169 CKV_K8S_25 resource ReplicationController Minimize the admission of containers with added capability Kubernetes AllowedCapabilities.py
170 CKV_K8S_25 resource StatefulSet Minimize the admission of containers with added capability Kubernetes AllowedCapabilities.py
171 CKV_K8S_26 resource CronJob Do not specify hostPort unless absolutely necessary Kubernetes HostPort.py
172 CKV_K8S_26 resource DaemonSet Do not specify hostPort unless absolutely necessary Kubernetes HostPort.py
173 CKV_K8S_26 resource Deployment Do not specify hostPort unless absolutely necessary Kubernetes HostPort.py
174 CKV_K8S_26 resource DeploymentConfig Do not specify hostPort unless absolutely necessary Kubernetes HostPort.py
175 CKV_K8S_26 resource Job Do not specify hostPort unless absolutely necessary Kubernetes HostPort.py
176 CKV_K8S_26 resource Pod Do not specify hostPort unless absolutely necessary Kubernetes HostPort.py
177 CKV_K8S_26 resource PodTemplate Do not specify hostPort unless absolutely necessary Kubernetes HostPort.py
178 CKV_K8S_26 resource ReplicaSet Do not specify hostPort unless absolutely necessary Kubernetes HostPort.py
179 CKV_K8S_26 resource ReplicationController Do not specify hostPort unless absolutely necessary Kubernetes HostPort.py
180 CKV_K8S_26 resource StatefulSet Do not specify hostPort unless absolutely necessary Kubernetes HostPort.py
181 CKV_K8S_27 resource CronJob Do not expose the docker daemon socket to containers Kubernetes DockerSocketVolume.py
182 CKV_K8S_27 resource DaemonSet Do not expose the docker daemon socket to containers Kubernetes DockerSocketVolume.py
183 CKV_K8S_27 resource Deployment Do not expose the docker daemon socket to containers Kubernetes DockerSocketVolume.py
184 CKV_K8S_27 resource Job Do not expose the docker daemon socket to containers Kubernetes DockerSocketVolume.py
185 CKV_K8S_27 resource Pod Do not expose the docker daemon socket to containers Kubernetes DockerSocketVolume.py
186 CKV_K8S_27 resource ReplicaSet Do not expose the docker daemon socket to containers Kubernetes DockerSocketVolume.py
187 CKV_K8S_27 resource ReplicationController Do not expose the docker daemon socket to containers Kubernetes DockerSocketVolume.py
188 CKV_K8S_27 resource StatefulSet Do not expose the docker daemon socket to containers Kubernetes DockerSocketVolume.py
189 CKV_K8S_28 resource CronJob Minimize the admission of containers with the NET_RAW capability Kubernetes DropCapabilities.py
190 CKV_K8S_28 resource DaemonSet Minimize the admission of containers with the NET_RAW capability Kubernetes DropCapabilities.py
191 CKV_K8S_28 resource Deployment Minimize the admission of containers with the NET_RAW capability Kubernetes DropCapabilities.py
192 CKV_K8S_28 resource DeploymentConfig Minimize the admission of containers with the NET_RAW capability Kubernetes DropCapabilities.py
193 CKV_K8S_28 resource Job Minimize the admission of containers with the NET_RAW capability Kubernetes DropCapabilities.py
194 CKV_K8S_28 resource Pod Minimize the admission of containers with the NET_RAW capability Kubernetes DropCapabilities.py
195 CKV_K8S_28 resource PodTemplate Minimize the admission of containers with the NET_RAW capability Kubernetes DropCapabilities.py
196 CKV_K8S_28 resource ReplicaSet Minimize the admission of containers with the NET_RAW capability Kubernetes DropCapabilities.py
197 CKV_K8S_28 resource ReplicationController Minimize the admission of containers with the NET_RAW capability Kubernetes DropCapabilities.py
198 CKV_K8S_28 resource StatefulSet Minimize the admission of containers with the NET_RAW capability Kubernetes DropCapabilities.py
199 CKV_K8S_29 resource CronJob Apply security context to your pods and containers Kubernetes PodSecurityContext.py
200 CKV_K8S_29 resource DaemonSet Apply security context to your pods and containers Kubernetes PodSecurityContext.py
201 CKV_K8S_29 resource Deployment Apply security context to your pods and containers Kubernetes PodSecurityContext.py
202 CKV_K8S_29 resource Job Apply security context to your pods and containers Kubernetes PodSecurityContext.py
203 CKV_K8S_29 resource Pod Apply security context to your pods and containers Kubernetes PodSecurityContext.py
204 CKV_K8S_29 resource ReplicaSet Apply security context to your pods and containers Kubernetes PodSecurityContext.py
205 CKV_K8S_29 resource ReplicationController Apply security context to your pods and containers Kubernetes PodSecurityContext.py
206 CKV_K8S_29 resource StatefulSet Apply security context to your pods and containers Kubernetes PodSecurityContext.py
207 CKV_K8S_30 resource CronJob Apply security context to your containers Kubernetes ContainerSecurityContext.py
208 CKV_K8S_30 resource DaemonSet Apply security context to your containers Kubernetes ContainerSecurityContext.py
209 CKV_K8S_30 resource Deployment Apply security context to your containers Kubernetes ContainerSecurityContext.py
210 CKV_K8S_30 resource DeploymentConfig Apply security context to your containers Kubernetes ContainerSecurityContext.py
211 CKV_K8S_30 resource Job Apply security context to your containers Kubernetes ContainerSecurityContext.py
212 CKV_K8S_30 resource Pod Apply security context to your containers Kubernetes ContainerSecurityContext.py
213 CKV_K8S_30 resource PodTemplate Apply security context to your containers Kubernetes ContainerSecurityContext.py
214 CKV_K8S_30 resource ReplicaSet Apply security context to your containers Kubernetes ContainerSecurityContext.py
215 CKV_K8S_30 resource ReplicationController Apply security context to your containers Kubernetes ContainerSecurityContext.py
216 CKV_K8S_30 resource StatefulSet Apply security context to your containers Kubernetes ContainerSecurityContext.py
217 CKV_K8S_31 resource CronJob Ensure that the seccomp profile is set to docker/default or runtime/default Kubernetes Seccomp.py
218 CKV_K8S_31 resource DaemonSet Ensure that the seccomp profile is set to docker/default or runtime/default Kubernetes Seccomp.py
219 CKV_K8S_31 resource Deployment Ensure that the seccomp profile is set to docker/default or runtime/default Kubernetes Seccomp.py
220 CKV_K8S_31 resource Job Ensure that the seccomp profile is set to docker/default or runtime/default Kubernetes Seccomp.py
221 CKV_K8S_31 resource Pod Ensure that the seccomp profile is set to docker/default or runtime/default Kubernetes Seccomp.py
222 CKV_K8S_31 resource ReplicaSet Ensure that the seccomp profile is set to docker/default or runtime/default Kubernetes Seccomp.py
223 CKV_K8S_31 resource ReplicationController Ensure that the seccomp profile is set to docker/default or runtime/default Kubernetes Seccomp.py
224 CKV_K8S_31 resource StatefulSet Ensure that the seccomp profile is set to docker/default or runtime/default Kubernetes Seccomp.py
225 CKV_K8S_32 resource PodSecurityPolicy Ensure default seccomp profile set to docker/default or runtime/default Kubernetes SeccompPSP.py
226 CKV_K8S_33 resource CronJob Ensure the Kubernetes dashboard is not deployed Kubernetes KubernetesDashboard.py
227 CKV_K8S_33 resource DaemonSet Ensure the Kubernetes dashboard is not deployed Kubernetes KubernetesDashboard.py
228 CKV_K8S_33 resource Deployment Ensure the Kubernetes dashboard is not deployed Kubernetes KubernetesDashboard.py
229 CKV_K8S_33 resource DeploymentConfig Ensure the Kubernetes dashboard is not deployed Kubernetes KubernetesDashboard.py
230 CKV_K8S_33 resource Job Ensure the Kubernetes dashboard is not deployed Kubernetes KubernetesDashboard.py
231 CKV_K8S_33 resource Pod Ensure the Kubernetes dashboard is not deployed Kubernetes KubernetesDashboard.py
232 CKV_K8S_33 resource PodTemplate Ensure the Kubernetes dashboard is not deployed Kubernetes KubernetesDashboard.py
233 CKV_K8S_33 resource ReplicaSet Ensure the Kubernetes dashboard is not deployed Kubernetes KubernetesDashboard.py
234 CKV_K8S_33 resource ReplicationController Ensure the Kubernetes dashboard is not deployed Kubernetes KubernetesDashboard.py
235 CKV_K8S_33 resource StatefulSet Ensure the Kubernetes dashboard is not deployed Kubernetes KubernetesDashboard.py
236 CKV_K8S_34 resource CronJob Ensure that Tiller (Helm v2) is not deployed Kubernetes Tiller.py
237 CKV_K8S_34 resource DaemonSet Ensure that Tiller (Helm v2) is not deployed Kubernetes Tiller.py
238 CKV_K8S_34 resource Deployment Ensure that Tiller (Helm v2) is not deployed Kubernetes Tiller.py
239 CKV_K8S_34 resource DeploymentConfig Ensure that Tiller (Helm v2) is not deployed Kubernetes Tiller.py
240 CKV_K8S_34 resource Job Ensure that Tiller (Helm v2) is not deployed Kubernetes Tiller.py
241 CKV_K8S_34 resource Pod Ensure that Tiller (Helm v2) is not deployed Kubernetes Tiller.py
242 CKV_K8S_34 resource PodTemplate Ensure that Tiller (Helm v2) is not deployed Kubernetes Tiller.py
243 CKV_K8S_34 resource ReplicaSet Ensure that Tiller (Helm v2) is not deployed Kubernetes Tiller.py
244 CKV_K8S_34 resource ReplicationController Ensure that Tiller (Helm v2) is not deployed Kubernetes Tiller.py
245 CKV_K8S_34 resource StatefulSet Ensure that Tiller (Helm v2) is not deployed Kubernetes Tiller.py
246 CKV_K8S_35 resource CronJob Prefer using secrets as files over secrets as environment variables Kubernetes Secrets.py
247 CKV_K8S_35 resource DaemonSet Prefer using secrets as files over secrets as environment variables Kubernetes Secrets.py
248 CKV_K8S_35 resource Deployment Prefer using secrets as files over secrets as environment variables Kubernetes Secrets.py
249 CKV_K8S_35 resource DeploymentConfig Prefer using secrets as files over secrets as environment variables Kubernetes Secrets.py
250 CKV_K8S_35 resource Job Prefer using secrets as files over secrets as environment variables Kubernetes Secrets.py
251 CKV_K8S_35 resource Pod Prefer using secrets as files over secrets as environment variables Kubernetes Secrets.py
252 CKV_K8S_35 resource PodTemplate Prefer using secrets as files over secrets as environment variables Kubernetes Secrets.py
253 CKV_K8S_35 resource ReplicaSet Prefer using secrets as files over secrets as environment variables Kubernetes Secrets.py
254 CKV_K8S_35 resource ReplicationController Prefer using secrets as files over secrets as environment variables Kubernetes Secrets.py
255 CKV_K8S_35 resource StatefulSet Prefer using secrets as files over secrets as environment variables Kubernetes Secrets.py
256 CKV_K8S_36 resource PodSecurityPolicy Minimize the admission of containers with capabilities assigned Kubernetes MinimizeCapabilitiesPSP.py
257 CKV_K8S_37 resource CronJob Minimize the admission of containers with capabilities assigned Kubernetes MinimizeCapabilities.py
258 CKV_K8S_37 resource DaemonSet Minimize the admission of containers with capabilities assigned Kubernetes MinimizeCapabilities.py
259 CKV_K8S_37 resource Deployment Minimize the admission of containers with capabilities assigned Kubernetes MinimizeCapabilities.py
260 CKV_K8S_37 resource DeploymentConfig Minimize the admission of containers with capabilities assigned Kubernetes MinimizeCapabilities.py
261 CKV_K8S_37 resource Job Minimize the admission of containers with capabilities assigned Kubernetes MinimizeCapabilities.py
262 CKV_K8S_37 resource Pod Minimize the admission of containers with capabilities assigned Kubernetes MinimizeCapabilities.py
263 CKV_K8S_37 resource PodTemplate Minimize the admission of containers with capabilities assigned Kubernetes MinimizeCapabilities.py
264 CKV_K8S_37 resource ReplicaSet Minimize the admission of containers with capabilities assigned Kubernetes MinimizeCapabilities.py
265 CKV_K8S_37 resource ReplicationController Minimize the admission of containers with capabilities assigned Kubernetes MinimizeCapabilities.py
266 CKV_K8S_37 resource StatefulSet Minimize the admission of containers with capabilities assigned Kubernetes MinimizeCapabilities.py
267 CKV_K8S_38 resource CronJob Ensure that Service Account Tokens are only mounted where necessary Kubernetes ServiceAccountTokens.py
268 CKV_K8S_38 resource DaemonSet Ensure that Service Account Tokens are only mounted where necessary Kubernetes ServiceAccountTokens.py
269 CKV_K8S_38 resource Deployment Ensure that Service Account Tokens are only mounted where necessary Kubernetes ServiceAccountTokens.py
270 CKV_K8S_38 resource Job Ensure that Service Account Tokens are only mounted where necessary Kubernetes ServiceAccountTokens.py
271 CKV_K8S_38 resource Pod Ensure that Service Account Tokens are only mounted where necessary Kubernetes ServiceAccountTokens.py
272 CKV_K8S_38 resource ReplicaSet Ensure that Service Account Tokens are only mounted where necessary Kubernetes ServiceAccountTokens.py
273 CKV_K8S_38 resource ReplicationController Ensure that Service Account Tokens are only mounted where necessary Kubernetes ServiceAccountTokens.py
274 CKV_K8S_38 resource StatefulSet Ensure that Service Account Tokens are only mounted where necessary Kubernetes ServiceAccountTokens.py
275 CKV_K8S_39 resource CronJob Do not use the CAP_SYS_ADMIN linux capability Kubernetes AllowedCapabilitiesSysAdmin.py
276 CKV_K8S_39 resource DaemonSet Do not use the CAP_SYS_ADMIN linux capability Kubernetes AllowedCapabilitiesSysAdmin.py
277 CKV_K8S_39 resource Deployment Do not use the CAP_SYS_ADMIN linux capability Kubernetes AllowedCapabilitiesSysAdmin.py
278 CKV_K8S_39 resource DeploymentConfig Do not use the CAP_SYS_ADMIN linux capability Kubernetes AllowedCapabilitiesSysAdmin.py
279 CKV_K8S_39 resource Job Do not use the CAP_SYS_ADMIN linux capability Kubernetes AllowedCapabilitiesSysAdmin.py
280 CKV_K8S_39 resource Pod Do not use the CAP_SYS_ADMIN linux capability Kubernetes AllowedCapabilitiesSysAdmin.py
281 CKV_K8S_39 resource PodTemplate Do not use the CAP_SYS_ADMIN linux capability Kubernetes AllowedCapabilitiesSysAdmin.py
282 CKV_K8S_39 resource ReplicaSet Do not use the CAP_SYS_ADMIN linux capability Kubernetes AllowedCapabilitiesSysAdmin.py
283 CKV_K8S_39 resource ReplicationController Do not use the CAP_SYS_ADMIN linux capability Kubernetes AllowedCapabilitiesSysAdmin.py
284 CKV_K8S_39 resource StatefulSet Do not use the CAP_SYS_ADMIN linux capability Kubernetes AllowedCapabilitiesSysAdmin.py
285 CKV_K8S_40 resource CronJob Containers should run as a high UID to avoid host conflict Kubernetes RootContainersHighUID.py
286 CKV_K8S_40 resource DaemonSet Containers should run as a high UID to avoid host conflict Kubernetes RootContainersHighUID.py
287 CKV_K8S_40 resource Deployment Containers should run as a high UID to avoid host conflict Kubernetes RootContainersHighUID.py
288 CKV_K8S_40 resource Job Containers should run as a high UID to avoid host conflict Kubernetes RootContainersHighUID.py
289 CKV_K8S_40 resource Pod Containers should run as a high UID to avoid host conflict Kubernetes RootContainersHighUID.py
290 CKV_K8S_40 resource ReplicaSet Containers should run as a high UID to avoid host conflict Kubernetes RootContainersHighUID.py
291 CKV_K8S_40 resource ReplicationController Containers should run as a high UID to avoid host conflict Kubernetes RootContainersHighUID.py
292 CKV_K8S_40 resource StatefulSet Containers should run as a high UID to avoid host conflict Kubernetes RootContainersHighUID.py
293 CKV_K8S_41 resource ServiceAccount Ensure that default service accounts are not actively used Kubernetes DefaultServiceAccount.py
294 CKV_K8S_42 resource ClusterRoleBinding Ensure that default service accounts are not actively used Kubernetes DefaultServiceAccountBinding.py
295 CKV_K8S_42 resource RoleBinding Ensure that default service accounts are not actively used Kubernetes DefaultServiceAccountBinding.py
296 CKV_K8S_43 resource CronJob Image should use digest Kubernetes ImageDigest.py
297 CKV_K8S_43 resource DaemonSet Image should use digest Kubernetes ImageDigest.py
298 CKV_K8S_43 resource Deployment Image should use digest Kubernetes ImageDigest.py
299 CKV_K8S_43 resource DeploymentConfig Image should use digest Kubernetes ImageDigest.py
300 CKV_K8S_43 resource Job Image should use digest Kubernetes ImageDigest.py
301 CKV_K8S_43 resource Pod Image should use digest Kubernetes ImageDigest.py
302 CKV_K8S_43 resource PodTemplate Image should use digest Kubernetes ImageDigest.py
303 CKV_K8S_43 resource ReplicaSet Image should use digest Kubernetes ImageDigest.py
304 CKV_K8S_43 resource ReplicationController Image should use digest Kubernetes ImageDigest.py
305 CKV_K8S_43 resource StatefulSet Image should use digest Kubernetes ImageDigest.py
306 CKV_K8S_44 resource Service Ensure that the Tiller Service (Helm v2) is deleted Kubernetes TillerService.py
307 CKV_K8S_45 resource CronJob Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster Kubernetes TillerDeploymentListener.py
308 CKV_K8S_45 resource DaemonSet Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster Kubernetes TillerDeploymentListener.py
309 CKV_K8S_45 resource Deployment Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster Kubernetes TillerDeploymentListener.py
310 CKV_K8S_45 resource DeploymentConfig Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster Kubernetes TillerDeploymentListener.py
311 CKV_K8S_45 resource Job Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster Kubernetes TillerDeploymentListener.py
312 CKV_K8S_45 resource Pod Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster Kubernetes TillerDeploymentListener.py
313 CKV_K8S_45 resource PodTemplate Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster Kubernetes TillerDeploymentListener.py
314 CKV_K8S_45 resource ReplicaSet Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster Kubernetes TillerDeploymentListener.py
315 CKV_K8S_45 resource ReplicationController Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster Kubernetes TillerDeploymentListener.py
316 CKV_K8S_45 resource StatefulSet Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster Kubernetes TillerDeploymentListener.py
317 CKV_K8S_49 resource ClusterRole Minimize wildcard use in Roles and ClusterRoles Kubernetes WildcardRoles.py
318 CKV_K8S_49 resource Role Minimize wildcard use in Roles and ClusterRoles Kubernetes WildcardRoles.py
319 CKV_K8S_68 resource CronJob Ensure that the –anonymous-auth argument is set to false Kubernetes ApiServerAnonymousAuth.py
320 CKV_K8S_68 resource DaemonSet Ensure that the –anonymous-auth argument is set to false Kubernetes ApiServerAnonymousAuth.py
321 CKV_K8S_68 resource Deployment Ensure that the –anonymous-auth argument is set to false Kubernetes ApiServerAnonymousAuth.py
322 CKV_K8S_68 resource DeploymentConfig Ensure that the –anonymous-auth argument is set to false Kubernetes ApiServerAnonymousAuth.py
323 CKV_K8S_68 resource Job Ensure that the –anonymous-auth argument is set to false Kubernetes ApiServerAnonymousAuth.py
324 CKV_K8S_68 resource Pod Ensure that the –anonymous-auth argument is set to false Kubernetes ApiServerAnonymousAuth.py
325 CKV_K8S_68 resource PodTemplate Ensure that the –anonymous-auth argument is set to false Kubernetes ApiServerAnonymousAuth.py
326 CKV_K8S_68 resource ReplicaSet Ensure that the –anonymous-auth argument is set to false Kubernetes ApiServerAnonymousAuth.py
327 CKV_K8S_68 resource ReplicationController Ensure that the –anonymous-auth argument is set to false Kubernetes ApiServerAnonymousAuth.py
328 CKV_K8S_68 resource StatefulSet Ensure that the –anonymous-auth argument is set to false Kubernetes ApiServerAnonymousAuth.py
329 CKV_K8S_69 resource CronJob Ensure that the –basic-auth-file argument is not set Kubernetes ApiServerBasicAuthFile.py
330 CKV_K8S_69 resource DaemonSet Ensure that the –basic-auth-file argument is not set Kubernetes ApiServerBasicAuthFile.py
331 CKV_K8S_69 resource Deployment Ensure that the –basic-auth-file argument is not set Kubernetes ApiServerBasicAuthFile.py
332 CKV_K8S_69 resource DeploymentConfig Ensure that the –basic-auth-file argument is not set Kubernetes ApiServerBasicAuthFile.py
333 CKV_K8S_69 resource Job Ensure that the –basic-auth-file argument is not set Kubernetes ApiServerBasicAuthFile.py
334 CKV_K8S_69 resource Pod Ensure that the –basic-auth-file argument is not set Kubernetes ApiServerBasicAuthFile.py
335 CKV_K8S_69 resource PodTemplate Ensure that the –basic-auth-file argument is not set Kubernetes ApiServerBasicAuthFile.py
336 CKV_K8S_69 resource ReplicaSet Ensure that the –basic-auth-file argument is not set Kubernetes ApiServerBasicAuthFile.py
337 CKV_K8S_69 resource ReplicationController Ensure that the –basic-auth-file argument is not set Kubernetes ApiServerBasicAuthFile.py
338 CKV_K8S_69 resource StatefulSet Ensure that the –basic-auth-file argument is not set Kubernetes ApiServerBasicAuthFile.py
339 CKV_K8S_70 resource CronJob Ensure that the –token-auth-file argument is not set Kubernetes ApiServerTokenAuthFile.py
340 CKV_K8S_70 resource DaemonSet Ensure that the –token-auth-file argument is not set Kubernetes ApiServerTokenAuthFile.py
341 CKV_K8S_70 resource Deployment Ensure that the –token-auth-file argument is not set Kubernetes ApiServerTokenAuthFile.py
342 CKV_K8S_70 resource DeploymentConfig Ensure that the –token-auth-file argument is not set Kubernetes ApiServerTokenAuthFile.py
343 CKV_K8S_70 resource Job Ensure that the –token-auth-file argument is not set Kubernetes ApiServerTokenAuthFile.py
344 CKV_K8S_70 resource Pod Ensure that the –token-auth-file argument is not set Kubernetes ApiServerTokenAuthFile.py
345 CKV_K8S_70 resource PodTemplate Ensure that the –token-auth-file argument is not set Kubernetes ApiServerTokenAuthFile.py
346 CKV_K8S_70 resource ReplicaSet Ensure that the –token-auth-file argument is not set Kubernetes ApiServerTokenAuthFile.py
347 CKV_K8S_70 resource ReplicationController Ensure that the –token-auth-file argument is not set Kubernetes ApiServerTokenAuthFile.py
348 CKV_K8S_70 resource StatefulSet Ensure that the –token-auth-file argument is not set Kubernetes ApiServerTokenAuthFile.py
349 CKV_K8S_71 resource CronJob Ensure that the –kubelet-https argument is set to true Kubernetes ApiServerKubeletHttps.py
350 CKV_K8S_71 resource DaemonSet Ensure that the –kubelet-https argument is set to true Kubernetes ApiServerKubeletHttps.py
351 CKV_K8S_71 resource Deployment Ensure that the –kubelet-https argument is set to true Kubernetes ApiServerKubeletHttps.py
352 CKV_K8S_71 resource DeploymentConfig Ensure that the –kubelet-https argument is set to true Kubernetes ApiServerKubeletHttps.py
353 CKV_K8S_71 resource Job Ensure that the –kubelet-https argument is set to true Kubernetes ApiServerKubeletHttps.py
354 CKV_K8S_71 resource Pod Ensure that the –kubelet-https argument is set to true Kubernetes ApiServerKubeletHttps.py
355 CKV_K8S_71 resource PodTemplate Ensure that the –kubelet-https argument is set to true Kubernetes ApiServerKubeletHttps.py
356 CKV_K8S_71 resource ReplicaSet Ensure that the –kubelet-https argument is set to true Kubernetes ApiServerKubeletHttps.py
357 CKV_K8S_71 resource ReplicationController Ensure that the –kubelet-https argument is set to true Kubernetes ApiServerKubeletHttps.py
358 CKV_K8S_71 resource StatefulSet Ensure that the –kubelet-https argument is set to true Kubernetes ApiServerKubeletHttps.py
359 CKV_K8S_72 resource CronJob Ensure that the –kubelet-client-certificate and –kubelet-client-key arguments are set as appropriate Kubernetes ApiServerKubeletClientCertAndKey.py
360 CKV_K8S_72 resource DaemonSet Ensure that the –kubelet-client-certificate and –kubelet-client-key arguments are set as appropriate Kubernetes ApiServerKubeletClientCertAndKey.py
361 CKV_K8S_72 resource Deployment Ensure that the –kubelet-client-certificate and –kubelet-client-key arguments are set as appropriate Kubernetes ApiServerKubeletClientCertAndKey.py
362 CKV_K8S_72 resource DeploymentConfig Ensure that the –kubelet-client-certificate and –kubelet-client-key arguments are set as appropriate Kubernetes ApiServerKubeletClientCertAndKey.py
363 CKV_K8S_72 resource Job Ensure that the –kubelet-client-certificate and –kubelet-client-key arguments are set as appropriate Kubernetes ApiServerKubeletClientCertAndKey.py
364 CKV_K8S_72 resource Pod Ensure that the –kubelet-client-certificate and –kubelet-client-key arguments are set as appropriate Kubernetes ApiServerKubeletClientCertAndKey.py
365 CKV_K8S_72 resource PodTemplate Ensure that the –kubelet-client-certificate and –kubelet-client-key arguments are set as appropriate Kubernetes ApiServerKubeletClientCertAndKey.py
366 CKV_K8S_72 resource ReplicaSet Ensure that the –kubelet-client-certificate and –kubelet-client-key arguments are set as appropriate Kubernetes ApiServerKubeletClientCertAndKey.py
367 CKV_K8S_72 resource ReplicationController Ensure that the –kubelet-client-certificate and –kubelet-client-key arguments are set as appropriate Kubernetes ApiServerKubeletClientCertAndKey.py
368 CKV_K8S_72 resource StatefulSet Ensure that the –kubelet-client-certificate and –kubelet-client-key arguments are set as appropriate Kubernetes ApiServerKubeletClientCertAndKey.py
369 CKV_K8S_73 resource CronJob Ensure that the –kubelet-certificate-authority argument is set as appropriate Kubernetes ApiServerkubeletCertificateAuthority.py
370 CKV_K8S_73 resource DaemonSet Ensure that the –kubelet-certificate-authority argument is set as appropriate Kubernetes ApiServerkubeletCertificateAuthority.py
371 CKV_K8S_73 resource Deployment Ensure that the –kubelet-certificate-authority argument is set as appropriate Kubernetes ApiServerkubeletCertificateAuthority.py
372 CKV_K8S_73 resource DeploymentConfig Ensure that the –kubelet-certificate-authority argument is set as appropriate Kubernetes ApiServerkubeletCertificateAuthority.py
373 CKV_K8S_73 resource Job Ensure that the –kubelet-certificate-authority argument is set as appropriate Kubernetes ApiServerkubeletCertificateAuthority.py
374 CKV_K8S_73 resource Pod Ensure that the –kubelet-certificate-authority argument is set as appropriate Kubernetes ApiServerkubeletCertificateAuthority.py
375 CKV_K8S_73 resource PodTemplate Ensure that the –kubelet-certificate-authority argument is set as appropriate Kubernetes ApiServerkubeletCertificateAuthority.py
376 CKV_K8S_73 resource ReplicaSet Ensure that the –kubelet-certificate-authority argument is set as appropriate Kubernetes ApiServerkubeletCertificateAuthority.py
377 CKV_K8S_73 resource ReplicationController Ensure that the –kubelet-certificate-authority argument is set as appropriate Kubernetes ApiServerkubeletCertificateAuthority.py
378 CKV_K8S_73 resource StatefulSet Ensure that the –kubelet-certificate-authority argument is set as appropriate Kubernetes ApiServerkubeletCertificateAuthority.py
379 CKV_K8S_74 resource CronJob Ensure that the –authorization-mode argument is not set to AlwaysAllow Kubernetes ApiServerAuthorizationModeNotAlwaysAllow.py
380 CKV_K8S_74 resource DaemonSet Ensure that the –authorization-mode argument is not set to AlwaysAllow Kubernetes ApiServerAuthorizationModeNotAlwaysAllow.py
381 CKV_K8S_74 resource Deployment Ensure that the –authorization-mode argument is not set to AlwaysAllow Kubernetes ApiServerAuthorizationModeNotAlwaysAllow.py
382 CKV_K8S_74 resource DeploymentConfig Ensure that the –authorization-mode argument is not set to AlwaysAllow Kubernetes ApiServerAuthorizationModeNotAlwaysAllow.py
383 CKV_K8S_74 resource Job Ensure that the –authorization-mode argument is not set to AlwaysAllow Kubernetes ApiServerAuthorizationModeNotAlwaysAllow.py
384 CKV_K8S_74 resource Pod Ensure that the –authorization-mode argument is not set to AlwaysAllow Kubernetes ApiServerAuthorizationModeNotAlwaysAllow.py
385 CKV_K8S_74 resource PodTemplate Ensure that the –authorization-mode argument is not set to AlwaysAllow Kubernetes ApiServerAuthorizationModeNotAlwaysAllow.py
386 CKV_K8S_74 resource ReplicaSet Ensure that the –authorization-mode argument is not set to AlwaysAllow Kubernetes ApiServerAuthorizationModeNotAlwaysAllow.py
387 CKV_K8S_74 resource ReplicationController Ensure that the –authorization-mode argument is not set to AlwaysAllow Kubernetes ApiServerAuthorizationModeNotAlwaysAllow.py
388 CKV_K8S_74 resource StatefulSet Ensure that the –authorization-mode argument is not set to AlwaysAllow Kubernetes ApiServerAuthorizationModeNotAlwaysAllow.py
389 CKV_K8S_75 resource CronJob Ensure that the –authorization-mode argument includes Node Kubernetes ApiServerAuthorizationModeNode.py
390 CKV_K8S_75 resource DaemonSet Ensure that the –authorization-mode argument includes Node Kubernetes ApiServerAuthorizationModeNode.py
391 CKV_K8S_75 resource Deployment Ensure that the –authorization-mode argument includes Node Kubernetes ApiServerAuthorizationModeNode.py
392 CKV_K8S_75 resource DeploymentConfig Ensure that the –authorization-mode argument includes Node Kubernetes ApiServerAuthorizationModeNode.py
393 CKV_K8S_75 resource Job Ensure that the –authorization-mode argument includes Node Kubernetes ApiServerAuthorizationModeNode.py
394 CKV_K8S_75 resource Pod Ensure that the –authorization-mode argument includes Node Kubernetes ApiServerAuthorizationModeNode.py
395 CKV_K8S_75 resource PodTemplate Ensure that the –authorization-mode argument includes Node Kubernetes ApiServerAuthorizationModeNode.py
396 CKV_K8S_75 resource ReplicaSet Ensure that the –authorization-mode argument includes Node Kubernetes ApiServerAuthorizationModeNode.py
397 CKV_K8S_75 resource ReplicationController Ensure that the –authorization-mode argument includes Node Kubernetes ApiServerAuthorizationModeNode.py
398 CKV_K8S_75 resource StatefulSet Ensure that the –authorization-mode argument includes Node Kubernetes ApiServerAuthorizationModeNode.py
399 CKV_K8S_77 resource CronJob Ensure that the –authorization-mode argument includes RBAC Kubernetes ApiServerAuthorizationModeRBAC.py
400 CKV_K8S_77 resource DaemonSet Ensure that the –authorization-mode argument includes RBAC Kubernetes ApiServerAuthorizationModeRBAC.py
401 CKV_K8S_77 resource Deployment Ensure that the –authorization-mode argument includes RBAC Kubernetes ApiServerAuthorizationModeRBAC.py
402 CKV_K8S_77 resource DeploymentConfig Ensure that the –authorization-mode argument includes RBAC Kubernetes ApiServerAuthorizationModeRBAC.py
403 CKV_K8S_77 resource Job Ensure that the –authorization-mode argument includes RBAC Kubernetes ApiServerAuthorizationModeRBAC.py
404 CKV_K8S_77 resource Pod Ensure that the –authorization-mode argument includes RBAC Kubernetes ApiServerAuthorizationModeRBAC.py
405 CKV_K8S_77 resource PodTemplate Ensure that the –authorization-mode argument includes RBAC Kubernetes ApiServerAuthorizationModeRBAC.py
406 CKV_K8S_77 resource ReplicaSet Ensure that the –authorization-mode argument includes RBAC Kubernetes ApiServerAuthorizationModeRBAC.py
407 CKV_K8S_77 resource ReplicationController Ensure that the –authorization-mode argument includes RBAC Kubernetes ApiServerAuthorizationModeRBAC.py
408 CKV_K8S_77 resource StatefulSet Ensure that the –authorization-mode argument includes RBAC Kubernetes ApiServerAuthorizationModeRBAC.py
409 CKV_K8S_78 resource AdmissionConfiguration Ensure that the admission control plugin EventRateLimit is set Kubernetes ApiServerAdmissionControlEventRateLimit.py
410 CKV_K8S_79 resource CronJob Ensure that the admission control plugin AlwaysAdmit is not set Kubernetes ApiServerAdmissionControlAlwaysAdmit.py
411 CKV_K8S_79 resource DaemonSet Ensure that the admission control plugin AlwaysAdmit is not set Kubernetes ApiServerAdmissionControlAlwaysAdmit.py
412 CKV_K8S_79 resource Deployment Ensure that the admission control plugin AlwaysAdmit is not set Kubernetes ApiServerAdmissionControlAlwaysAdmit.py
413 CKV_K8S_79 resource DeploymentConfig Ensure that the admission control plugin AlwaysAdmit is not set Kubernetes ApiServerAdmissionControlAlwaysAdmit.py
414 CKV_K8S_79 resource Job Ensure that the admission control plugin AlwaysAdmit is not set Kubernetes ApiServerAdmissionControlAlwaysAdmit.py
415 CKV_K8S_79 resource Pod Ensure that the admission control plugin AlwaysAdmit is not set Kubernetes ApiServerAdmissionControlAlwaysAdmit.py
416 CKV_K8S_79 resource PodTemplate Ensure that the admission control plugin AlwaysAdmit is not set Kubernetes ApiServerAdmissionControlAlwaysAdmit.py
417 CKV_K8S_79 resource ReplicaSet Ensure that the admission control plugin AlwaysAdmit is not set Kubernetes ApiServerAdmissionControlAlwaysAdmit.py
418 CKV_K8S_79 resource ReplicationController Ensure that the admission control plugin AlwaysAdmit is not set Kubernetes ApiServerAdmissionControlAlwaysAdmit.py
419 CKV_K8S_79 resource StatefulSet Ensure that the admission control plugin AlwaysAdmit is not set Kubernetes ApiServerAdmissionControlAlwaysAdmit.py
420 CKV_K8S_80 resource CronJob Ensure that the admission control plugin AlwaysPullImages is set Kubernetes ApiServerAlwaysPullImagesPlugin.py
421 CKV_K8S_80 resource DaemonSet Ensure that the admission control plugin AlwaysPullImages is set Kubernetes ApiServerAlwaysPullImagesPlugin.py
422 CKV_K8S_80 resource Deployment Ensure that the admission control plugin AlwaysPullImages is set Kubernetes ApiServerAlwaysPullImagesPlugin.py
423 CKV_K8S_80 resource DeploymentConfig Ensure that the admission control plugin AlwaysPullImages is set Kubernetes ApiServerAlwaysPullImagesPlugin.py
424 CKV_K8S_80 resource Job Ensure that the admission control plugin AlwaysPullImages is set Kubernetes ApiServerAlwaysPullImagesPlugin.py
425 CKV_K8S_80 resource Pod Ensure that the admission control plugin AlwaysPullImages is set Kubernetes ApiServerAlwaysPullImagesPlugin.py
426 CKV_K8S_80 resource PodTemplate Ensure that the admission control plugin AlwaysPullImages is set Kubernetes ApiServerAlwaysPullImagesPlugin.py
427 CKV_K8S_80 resource ReplicaSet Ensure that the admission control plugin AlwaysPullImages is set Kubernetes ApiServerAlwaysPullImagesPlugin.py
428 CKV_K8S_80 resource ReplicationController Ensure that the admission control plugin AlwaysPullImages is set Kubernetes ApiServerAlwaysPullImagesPlugin.py
429 CKV_K8S_80 resource StatefulSet Ensure that the admission control plugin AlwaysPullImages is set Kubernetes ApiServerAlwaysPullImagesPlugin.py
430 CKV_K8S_81 resource CronJob Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used Kubernetes ApiServerSecurityContextDenyPlugin.py
431 CKV_K8S_81 resource DaemonSet Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used Kubernetes ApiServerSecurityContextDenyPlugin.py
432 CKV_K8S_81 resource Deployment Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used Kubernetes ApiServerSecurityContextDenyPlugin.py
433 CKV_K8S_81 resource DeploymentConfig Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used Kubernetes ApiServerSecurityContextDenyPlugin.py
434 CKV_K8S_81 resource Job Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used Kubernetes ApiServerSecurityContextDenyPlugin.py
435 CKV_K8S_81 resource Pod Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used Kubernetes ApiServerSecurityContextDenyPlugin.py
436 CKV_K8S_81 resource PodTemplate Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used Kubernetes ApiServerSecurityContextDenyPlugin.py
437 CKV_K8S_81 resource ReplicaSet Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used Kubernetes ApiServerSecurityContextDenyPlugin.py
438 CKV_K8S_81 resource ReplicationController Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used Kubernetes ApiServerSecurityContextDenyPlugin.py
439 CKV_K8S_81 resource StatefulSet Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used Kubernetes ApiServerSecurityContextDenyPlugin.py
440 CKV_K8S_82 resource CronJob Ensure that the admission control plugin ServiceAccount is set Kubernetes ApiServerServiceAccountPlugin.py
441 CKV_K8S_82 resource DaemonSet Ensure that the admission control plugin ServiceAccount is set Kubernetes ApiServerServiceAccountPlugin.py
442 CKV_K8S_82 resource Deployment Ensure that the admission control plugin ServiceAccount is set Kubernetes ApiServerServiceAccountPlugin.py
443 CKV_K8S_82 resource DeploymentConfig Ensure that the admission control plugin ServiceAccount is set Kubernetes ApiServerServiceAccountPlugin.py
444 CKV_K8S_82 resource Job Ensure that the admission control plugin ServiceAccount is set Kubernetes ApiServerServiceAccountPlugin.py
445 CKV_K8S_82 resource Pod Ensure that the admission control plugin ServiceAccount is set Kubernetes ApiServerServiceAccountPlugin.py
446 CKV_K8S_82 resource PodTemplate Ensure that the admission control plugin ServiceAccount is set Kubernetes ApiServerServiceAccountPlugin.py
447 CKV_K8S_82 resource ReplicaSet Ensure that the admission control plugin ServiceAccount is set Kubernetes ApiServerServiceAccountPlugin.py
448 CKV_K8S_82 resource ReplicationController Ensure that the admission control plugin ServiceAccount is set Kubernetes ApiServerServiceAccountPlugin.py
449 CKV_K8S_82 resource StatefulSet Ensure that the admission control plugin ServiceAccount is set Kubernetes ApiServerServiceAccountPlugin.py
450 CKV_K8S_83 resource CronJob Ensure that the admission control plugin NamespaceLifecycle is set Kubernetes ApiServerNamespaceLifecyclePlugin.py
451 CKV_K8S_83 resource DaemonSet Ensure that the admission control plugin NamespaceLifecycle is set Kubernetes ApiServerNamespaceLifecyclePlugin.py
452 CKV_K8S_83 resource Deployment Ensure that the admission control plugin NamespaceLifecycle is set Kubernetes ApiServerNamespaceLifecyclePlugin.py
453 CKV_K8S_83 resource DeploymentConfig Ensure that the admission control plugin NamespaceLifecycle is set Kubernetes ApiServerNamespaceLifecyclePlugin.py
454 CKV_K8S_83 resource Job Ensure that the admission control plugin NamespaceLifecycle is set Kubernetes ApiServerNamespaceLifecyclePlugin.py
455 CKV_K8S_83 resource Pod Ensure that the admission control plugin NamespaceLifecycle is set Kubernetes ApiServerNamespaceLifecyclePlugin.py
456 CKV_K8S_83 resource PodTemplate Ensure that the admission control plugin NamespaceLifecycle is set Kubernetes ApiServerNamespaceLifecyclePlugin.py
457 CKV_K8S_83 resource ReplicaSet Ensure that the admission control plugin NamespaceLifecycle is set Kubernetes ApiServerNamespaceLifecyclePlugin.py
458 CKV_K8S_83 resource ReplicationController Ensure that the admission control plugin NamespaceLifecycle is set Kubernetes ApiServerNamespaceLifecyclePlugin.py
459 CKV_K8S_83 resource StatefulSet Ensure that the admission control plugin NamespaceLifecycle is set Kubernetes ApiServerNamespaceLifecyclePlugin.py
460 CKV_K8S_84 resource CronJob Ensure that the admission control plugin PodSecurityPolicy is set Kubernetes ApiServerPodSecurityPolicyPlugin.py
461 CKV_K8S_84 resource DaemonSet Ensure that the admission control plugin PodSecurityPolicy is set Kubernetes ApiServerPodSecurityPolicyPlugin.py
462 CKV_K8S_84 resource Deployment Ensure that the admission control plugin PodSecurityPolicy is set Kubernetes ApiServerPodSecurityPolicyPlugin.py
463 CKV_K8S_84 resource DeploymentConfig Ensure that the admission control plugin PodSecurityPolicy is set Kubernetes ApiServerPodSecurityPolicyPlugin.py
464 CKV_K8S_84 resource Job Ensure that the admission control plugin PodSecurityPolicy is set Kubernetes ApiServerPodSecurityPolicyPlugin.py
465 CKV_K8S_84 resource Pod Ensure that the admission control plugin PodSecurityPolicy is set Kubernetes ApiServerPodSecurityPolicyPlugin.py
466 CKV_K8S_84 resource PodTemplate Ensure that the admission control plugin PodSecurityPolicy is set Kubernetes ApiServerPodSecurityPolicyPlugin.py
467 CKV_K8S_84 resource ReplicaSet Ensure that the admission control plugin PodSecurityPolicy is set Kubernetes ApiServerPodSecurityPolicyPlugin.py
468 CKV_K8S_84 resource ReplicationController Ensure that the admission control plugin PodSecurityPolicy is set Kubernetes ApiServerPodSecurityPolicyPlugin.py
469 CKV_K8S_84 resource StatefulSet Ensure that the admission control plugin PodSecurityPolicy is set Kubernetes ApiServerPodSecurityPolicyPlugin.py
470 CKV_K8S_85 resource CronJob Ensure that the admission control plugin NodeRestriction is set Kubernetes ApiServerNodeRestrictionPlugin.py
471 CKV_K8S_85 resource DaemonSet Ensure that the admission control plugin NodeRestriction is set Kubernetes ApiServerNodeRestrictionPlugin.py
472 CKV_K8S_85 resource Deployment Ensure that the admission control plugin NodeRestriction is set Kubernetes ApiServerNodeRestrictionPlugin.py
473 CKV_K8S_85 resource DeploymentConfig Ensure that the admission control plugin NodeRestriction is set Kubernetes ApiServerNodeRestrictionPlugin.py
474 CKV_K8S_85 resource Job Ensure that the admission control plugin NodeRestriction is set Kubernetes ApiServerNodeRestrictionPlugin.py
475 CKV_K8S_85 resource Pod Ensure that the admission control plugin NodeRestriction is set Kubernetes ApiServerNodeRestrictionPlugin.py
476 CKV_K8S_85 resource PodTemplate Ensure that the admission control plugin NodeRestriction is set Kubernetes ApiServerNodeRestrictionPlugin.py
477 CKV_K8S_85 resource ReplicaSet Ensure that the admission control plugin NodeRestriction is set Kubernetes ApiServerNodeRestrictionPlugin.py
478 CKV_K8S_85 resource ReplicationController Ensure that the admission control plugin NodeRestriction is set Kubernetes ApiServerNodeRestrictionPlugin.py
479 CKV_K8S_85 resource StatefulSet Ensure that the admission control plugin NodeRestriction is set Kubernetes ApiServerNodeRestrictionPlugin.py
480 CKV_K8S_86 resource CronJob Ensure that the –insecure-bind-address argument is not set Kubernetes ApiServerInsecureBindAddress.py
481 CKV_K8S_86 resource DaemonSet Ensure that the –insecure-bind-address argument is not set Kubernetes ApiServerInsecureBindAddress.py
482 CKV_K8S_86 resource Deployment Ensure that the –insecure-bind-address argument is not set Kubernetes ApiServerInsecureBindAddress.py
483 CKV_K8S_86 resource DeploymentConfig Ensure that the –insecure-bind-address argument is not set Kubernetes ApiServerInsecureBindAddress.py
484 CKV_K8S_86 resource Job Ensure that the –insecure-bind-address argument is not set Kubernetes ApiServerInsecureBindAddress.py
485 CKV_K8S_86 resource Pod Ensure that the –insecure-bind-address argument is not set Kubernetes ApiServerInsecureBindAddress.py
486 CKV_K8S_86 resource PodTemplate Ensure that the –insecure-bind-address argument is not set Kubernetes ApiServerInsecureBindAddress.py
487 CKV_K8S_86 resource ReplicaSet Ensure that the –insecure-bind-address argument is not set Kubernetes ApiServerInsecureBindAddress.py
488 CKV_K8S_86 resource ReplicationController Ensure that the –insecure-bind-address argument is not set Kubernetes ApiServerInsecureBindAddress.py
489 CKV_K8S_86 resource StatefulSet Ensure that the –insecure-bind-address argument is not set Kubernetes ApiServerInsecureBindAddress.py
490 CKV_K8S_88 resource CronJob Ensure that the –insecure-port argument is set to 0 Kubernetes ApiServerInsecurePort.py
491 CKV_K8S_88 resource DaemonSet Ensure that the –insecure-port argument is set to 0 Kubernetes ApiServerInsecurePort.py
492 CKV_K8S_88 resource Deployment Ensure that the –insecure-port argument is set to 0 Kubernetes ApiServerInsecurePort.py
493 CKV_K8S_88 resource DeploymentConfig Ensure that the –insecure-port argument is set to 0 Kubernetes ApiServerInsecurePort.py
494 CKV_K8S_88 resource Job Ensure that the –insecure-port argument is set to 0 Kubernetes ApiServerInsecurePort.py
495 CKV_K8S_88 resource Pod Ensure that the –insecure-port argument is set to 0 Kubernetes ApiServerInsecurePort.py
496 CKV_K8S_88 resource PodTemplate Ensure that the –insecure-port argument is set to 0 Kubernetes ApiServerInsecurePort.py
497 CKV_K8S_88 resource ReplicaSet Ensure that the –insecure-port argument is set to 0 Kubernetes ApiServerInsecurePort.py
498 CKV_K8S_88 resource ReplicationController Ensure that the –insecure-port argument is set to 0 Kubernetes ApiServerInsecurePort.py
499 CKV_K8S_88 resource StatefulSet Ensure that the –insecure-port argument is set to 0 Kubernetes ApiServerInsecurePort.py
500 CKV_K8S_89 resource CronJob Ensure that the –secure-port argument is not set to 0 Kubernetes ApiServerSecurePort.py
501 CKV_K8S_89 resource DaemonSet Ensure that the –secure-port argument is not set to 0 Kubernetes ApiServerSecurePort.py
502 CKV_K8S_89 resource Deployment Ensure that the –secure-port argument is not set to 0 Kubernetes ApiServerSecurePort.py
503 CKV_K8S_89 resource DeploymentConfig Ensure that the –secure-port argument is not set to 0 Kubernetes ApiServerSecurePort.py
504 CKV_K8S_89 resource Job Ensure that the –secure-port argument is not set to 0 Kubernetes ApiServerSecurePort.py
505 CKV_K8S_89 resource Pod Ensure that the –secure-port argument is not set to 0 Kubernetes ApiServerSecurePort.py
506 CKV_K8S_89 resource PodTemplate Ensure that the –secure-port argument is not set to 0 Kubernetes ApiServerSecurePort.py
507 CKV_K8S_89 resource ReplicaSet Ensure that the –secure-port argument is not set to 0 Kubernetes ApiServerSecurePort.py
508 CKV_K8S_89 resource ReplicationController Ensure that the –secure-port argument is not set to 0 Kubernetes ApiServerSecurePort.py
509 CKV_K8S_89 resource StatefulSet Ensure that the –secure-port argument is not set to 0 Kubernetes ApiServerSecurePort.py
510 CKV_K8S_90 resource CronJob Ensure that the –profiling argument is set to false Kubernetes ApiServerProfiling.py
511 CKV_K8S_90 resource DaemonSet Ensure that the –profiling argument is set to false Kubernetes ApiServerProfiling.py
512 CKV_K8S_90 resource Deployment Ensure that the –profiling argument is set to false Kubernetes ApiServerProfiling.py
513 CKV_K8S_90 resource DeploymentConfig Ensure that the –profiling argument is set to false Kubernetes ApiServerProfiling.py
514 CKV_K8S_90 resource Job Ensure that the –profiling argument is set to false Kubernetes ApiServerProfiling.py
515 CKV_K8S_90 resource Pod Ensure that the –profiling argument is set to false Kubernetes ApiServerProfiling.py
516 CKV_K8S_90 resource PodTemplate Ensure that the –profiling argument is set to false Kubernetes ApiServerProfiling.py
517 CKV_K8S_90 resource ReplicaSet Ensure that the –profiling argument is set to false Kubernetes ApiServerProfiling.py
518 CKV_K8S_90 resource ReplicationController Ensure that the –profiling argument is set to false Kubernetes ApiServerProfiling.py
519 CKV_K8S_90 resource StatefulSet Ensure that the –profiling argument is set to false Kubernetes ApiServerProfiling.py
520 CKV_K8S_91 resource CronJob Ensure that the –audit-log-path argument is set Kubernetes ApiServerAuditLog.py
521 CKV_K8S_91 resource DaemonSet Ensure that the –audit-log-path argument is set Kubernetes ApiServerAuditLog.py
522 CKV_K8S_91 resource Deployment Ensure that the –audit-log-path argument is set Kubernetes ApiServerAuditLog.py
523 CKV_K8S_91 resource DeploymentConfig Ensure that the –audit-log-path argument is set Kubernetes ApiServerAuditLog.py
524 CKV_K8S_91 resource Job Ensure that the –audit-log-path argument is set Kubernetes ApiServerAuditLog.py
525 CKV_K8S_91 resource Pod Ensure that the –audit-log-path argument is set Kubernetes ApiServerAuditLog.py
526 CKV_K8S_91 resource PodTemplate Ensure that the –audit-log-path argument is set Kubernetes ApiServerAuditLog.py
527 CKV_K8S_91 resource ReplicaSet Ensure that the –audit-log-path argument is set Kubernetes ApiServerAuditLog.py
528 CKV_K8S_91 resource ReplicationController Ensure that the –audit-log-path argument is set Kubernetes ApiServerAuditLog.py
529 CKV_K8S_91 resource StatefulSet Ensure that the –audit-log-path argument is set Kubernetes ApiServerAuditLog.py
530 CKV_K8S_92 resource CronJob Ensure that the –audit-log-maxage argument is set to 30 or as appropriate Kubernetes ApiServerAuditLogMaxAge.py
531 CKV_K8S_92 resource DaemonSet Ensure that the –audit-log-maxage argument is set to 30 or as appropriate Kubernetes ApiServerAuditLogMaxAge.py
532 CKV_K8S_92 resource Deployment Ensure that the –audit-log-maxage argument is set to 30 or as appropriate Kubernetes ApiServerAuditLogMaxAge.py
533 CKV_K8S_92 resource DeploymentConfig Ensure that the –audit-log-maxage argument is set to 30 or as appropriate Kubernetes ApiServerAuditLogMaxAge.py
534 CKV_K8S_92 resource Job Ensure that the –audit-log-maxage argument is set to 30 or as appropriate Kubernetes ApiServerAuditLogMaxAge.py
535 CKV_K8S_92 resource Pod Ensure that the –audit-log-maxage argument is set to 30 or as appropriate Kubernetes ApiServerAuditLogMaxAge.py
536 CKV_K8S_92 resource PodTemplate Ensure that the –audit-log-maxage argument is set to 30 or as appropriate Kubernetes ApiServerAuditLogMaxAge.py
537 CKV_K8S_92 resource ReplicaSet Ensure that the –audit-log-maxage argument is set to 30 or as appropriate Kubernetes ApiServerAuditLogMaxAge.py
538 CKV_K8S_92 resource ReplicationController Ensure that the –audit-log-maxage argument is set to 30 or as appropriate Kubernetes ApiServerAuditLogMaxAge.py
539 CKV_K8S_92 resource StatefulSet Ensure that the –audit-log-maxage argument is set to 30 or as appropriate Kubernetes ApiServerAuditLogMaxAge.py
540 CKV_K8S_93 resource CronJob Ensure that the –audit-log-maxbackup argument is set to 10 or as appropriate Kubernetes ApiServerAuditLogMaxBackup.py
541 CKV_K8S_93 resource DaemonSet Ensure that the –audit-log-maxbackup argument is set to 10 or as appropriate Kubernetes ApiServerAuditLogMaxBackup.py
542 CKV_K8S_93 resource Deployment Ensure that the –audit-log-maxbackup argument is set to 10 or as appropriate Kubernetes ApiServerAuditLogMaxBackup.py
543 CKV_K8S_93 resource DeploymentConfig Ensure that the –audit-log-maxbackup argument is set to 10 or as appropriate Kubernetes ApiServerAuditLogMaxBackup.py
544 CKV_K8S_93 resource Job Ensure that the –audit-log-maxbackup argument is set to 10 or as appropriate Kubernetes ApiServerAuditLogMaxBackup.py
545 CKV_K8S_93 resource Pod Ensure that the –audit-log-maxbackup argument is set to 10 or as appropriate Kubernetes ApiServerAuditLogMaxBackup.py
546 CKV_K8S_93 resource PodTemplate Ensure that the –audit-log-maxbackup argument is set to 10 or as appropriate Kubernetes ApiServerAuditLogMaxBackup.py
547 CKV_K8S_93 resource ReplicaSet Ensure that the –audit-log-maxbackup argument is set to 10 or as appropriate Kubernetes ApiServerAuditLogMaxBackup.py
548 CKV_K8S_93 resource ReplicationController Ensure that the –audit-log-maxbackup argument is set to 10 or as appropriate Kubernetes ApiServerAuditLogMaxBackup.py
549 CKV_K8S_93 resource StatefulSet Ensure that the –audit-log-maxbackup argument is set to 10 or as appropriate Kubernetes ApiServerAuditLogMaxBackup.py
550 CKV_K8S_94 resource CronJob Ensure that the –audit-log-maxsize argument is set to 100 or as appropriate Kubernetes ApiServerAuditLogMaxSize.py
551 CKV_K8S_94 resource DaemonSet Ensure that the –audit-log-maxsize argument is set to 100 or as appropriate Kubernetes ApiServerAuditLogMaxSize.py
552 CKV_K8S_94 resource Deployment Ensure that the –audit-log-maxsize argument is set to 100 or as appropriate Kubernetes ApiServerAuditLogMaxSize.py
553 CKV_K8S_94 resource DeploymentConfig Ensure that the –audit-log-maxsize argument is set to 100 or as appropriate Kubernetes ApiServerAuditLogMaxSize.py
554 CKV_K8S_94 resource Job Ensure that the –audit-log-maxsize argument is set to 100 or as appropriate Kubernetes ApiServerAuditLogMaxSize.py
555 CKV_K8S_94 resource Pod Ensure that the –audit-log-maxsize argument is set to 100 or as appropriate Kubernetes ApiServerAuditLogMaxSize.py
556 CKV_K8S_94 resource PodTemplate Ensure that the –audit-log-maxsize argument is set to 100 or as appropriate Kubernetes ApiServerAuditLogMaxSize.py
557 CKV_K8S_94 resource ReplicaSet Ensure that the –audit-log-maxsize argument is set to 100 or as appropriate Kubernetes ApiServerAuditLogMaxSize.py
558 CKV_K8S_94 resource ReplicationController Ensure that the –audit-log-maxsize argument is set to 100 or as appropriate Kubernetes ApiServerAuditLogMaxSize.py
559 CKV_K8S_94 resource StatefulSet Ensure that the –audit-log-maxsize argument is set to 100 or as appropriate Kubernetes ApiServerAuditLogMaxSize.py
560 CKV_K8S_95 resource CronJob Ensure that the –request-timeout argument is set as appropriate Kubernetes ApiServerRequestTimeout.py
561 CKV_K8S_95 resource DaemonSet Ensure that the –request-timeout argument is set as appropriate Kubernetes ApiServerRequestTimeout.py
562 CKV_K8S_95 resource Deployment Ensure that the –request-timeout argument is set as appropriate Kubernetes ApiServerRequestTimeout.py
563 CKV_K8S_95 resource DeploymentConfig Ensure that the –request-timeout argument is set as appropriate Kubernetes ApiServerRequestTimeout.py
564 CKV_K8S_95 resource Job Ensure that the –request-timeout argument is set as appropriate Kubernetes ApiServerRequestTimeout.py
565 CKV_K8S_95 resource Pod Ensure that the –request-timeout argument is set as appropriate Kubernetes ApiServerRequestTimeout.py
566 CKV_K8S_95 resource PodTemplate Ensure that the –request-timeout argument is set as appropriate Kubernetes ApiServerRequestTimeout.py
567 CKV_K8S_95 resource ReplicaSet Ensure that the –request-timeout argument is set as appropriate Kubernetes ApiServerRequestTimeout.py
568 CKV_K8S_95 resource ReplicationController Ensure that the –request-timeout argument is set as appropriate Kubernetes ApiServerRequestTimeout.py
569 CKV_K8S_95 resource StatefulSet Ensure that the –request-timeout argument is set as appropriate Kubernetes ApiServerRequestTimeout.py
570 CKV_K8S_96 resource CronJob Ensure that the –service-account-lookup argument is set to true Kubernetes ApiServerServiceAccountLookup.py
571 CKV_K8S_96 resource DaemonSet Ensure that the –service-account-lookup argument is set to true Kubernetes ApiServerServiceAccountLookup.py
572 CKV_K8S_96 resource Deployment Ensure that the –service-account-lookup argument is set to true Kubernetes ApiServerServiceAccountLookup.py
573 CKV_K8S_96 resource DeploymentConfig Ensure that the –service-account-lookup argument is set to true Kubernetes ApiServerServiceAccountLookup.py
574 CKV_K8S_96 resource Job Ensure that the –service-account-lookup argument is set to true Kubernetes ApiServerServiceAccountLookup.py
575 CKV_K8S_96 resource Pod Ensure that the –service-account-lookup argument is set to true Kubernetes ApiServerServiceAccountLookup.py
576 CKV_K8S_96 resource PodTemplate Ensure that the –service-account-lookup argument is set to true Kubernetes ApiServerServiceAccountLookup.py
577 CKV_K8S_96 resource ReplicaSet Ensure that the –service-account-lookup argument is set to true Kubernetes ApiServerServiceAccountLookup.py
578 CKV_K8S_96 resource ReplicationController Ensure that the –service-account-lookup argument is set to true Kubernetes ApiServerServiceAccountLookup.py
579 CKV_K8S_96 resource StatefulSet Ensure that the –service-account-lookup argument is set to true Kubernetes ApiServerServiceAccountLookup.py
580 CKV_K8S_97 resource CronJob Ensure that the –service-account-key-file argument is set as appropriate Kubernetes ApiServerServiceAccountKeyFile.py
581 CKV_K8S_97 resource DaemonSet Ensure that the –service-account-key-file argument is set as appropriate Kubernetes ApiServerServiceAccountKeyFile.py
582 CKV_K8S_97 resource Deployment Ensure that the –service-account-key-file argument is set as appropriate Kubernetes ApiServerServiceAccountKeyFile.py
583 CKV_K8S_97 resource DeploymentConfig Ensure that the –service-account-key-file argument is set as appropriate Kubernetes ApiServerServiceAccountKeyFile.py
584 CKV_K8S_97 resource Job Ensure that the –service-account-key-file argument is set as appropriate Kubernetes ApiServerServiceAccountKeyFile.py
585 CKV_K8S_97 resource Pod Ensure that the –service-account-key-file argument is set as appropriate Kubernetes ApiServerServiceAccountKeyFile.py
586 CKV_K8S_97 resource PodTemplate Ensure that the –service-account-key-file argument is set as appropriate Kubernetes ApiServerServiceAccountKeyFile.py
587 CKV_K8S_97 resource ReplicaSet Ensure that the –service-account-key-file argument is set as appropriate Kubernetes ApiServerServiceAccountKeyFile.py
588 CKV_K8S_97 resource ReplicationController Ensure that the –service-account-key-file argument is set as appropriate Kubernetes ApiServerServiceAccountKeyFile.py
589 CKV_K8S_97 resource StatefulSet Ensure that the –service-account-key-file argument is set as appropriate Kubernetes ApiServerServiceAccountKeyFile.py
590 CKV_K8S_99 resource CronJob Ensure that the –etcd-certfile and –etcd-keyfile arguments are set as appropriate Kubernetes ApiServerEtcdCertAndKey.py
591 CKV_K8S_99 resource DaemonSet Ensure that the –etcd-certfile and –etcd-keyfile arguments are set as appropriate Kubernetes ApiServerEtcdCertAndKey.py
592 CKV_K8S_99 resource Deployment Ensure that the –etcd-certfile and –etcd-keyfile arguments are set as appropriate Kubernetes ApiServerEtcdCertAndKey.py
593 CKV_K8S_99 resource DeploymentConfig Ensure that the –etcd-certfile and –etcd-keyfile arguments are set as appropriate Kubernetes ApiServerEtcdCertAndKey.py
594 CKV_K8S_99 resource Job Ensure that the –etcd-certfile and –etcd-keyfile arguments are set as appropriate Kubernetes ApiServerEtcdCertAndKey.py
595 CKV_K8S_99 resource Pod Ensure that the –etcd-certfile and –etcd-keyfile arguments are set as appropriate Kubernetes ApiServerEtcdCertAndKey.py
596 CKV_K8S_99 resource PodTemplate Ensure that the –etcd-certfile and –etcd-keyfile arguments are set as appropriate Kubernetes ApiServerEtcdCertAndKey.py
597 CKV_K8S_99 resource ReplicaSet Ensure that the –etcd-certfile and –etcd-keyfile arguments are set as appropriate Kubernetes ApiServerEtcdCertAndKey.py
598 CKV_K8S_99 resource ReplicationController Ensure that the –etcd-certfile and –etcd-keyfile arguments are set as appropriate Kubernetes ApiServerEtcdCertAndKey.py
599 CKV_K8S_99 resource StatefulSet Ensure that the –etcd-certfile and –etcd-keyfile arguments are set as appropriate Kubernetes ApiServerEtcdCertAndKey.py
600 CKV_K8S_100 resource CronJob Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate Kubernetes ApiServerTlsCertAndKey.py
601 CKV_K8S_100 resource DaemonSet Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate Kubernetes ApiServerTlsCertAndKey.py
602 CKV_K8S_100 resource Deployment Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate Kubernetes ApiServerTlsCertAndKey.py
603 CKV_K8S_100 resource DeploymentConfig Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate Kubernetes ApiServerTlsCertAndKey.py
604 CKV_K8S_100 resource Job Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate Kubernetes ApiServerTlsCertAndKey.py
605 CKV_K8S_100 resource Pod Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate Kubernetes ApiServerTlsCertAndKey.py
606 CKV_K8S_100 resource PodTemplate Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate Kubernetes ApiServerTlsCertAndKey.py
607 CKV_K8S_100 resource ReplicaSet Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate Kubernetes ApiServerTlsCertAndKey.py
608 CKV_K8S_100 resource ReplicationController Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate Kubernetes ApiServerTlsCertAndKey.py
609 CKV_K8S_100 resource StatefulSet Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate Kubernetes ApiServerTlsCertAndKey.py
610 CKV_K8S_102 resource CronJob Ensure that the –etcd-cafile argument is set as appropriate Kubernetes ApiServerEtcdCaFile.py
611 CKV_K8S_102 resource DaemonSet Ensure that the –etcd-cafile argument is set as appropriate Kubernetes ApiServerEtcdCaFile.py
612 CKV_K8S_102 resource Deployment Ensure that the –etcd-cafile argument is set as appropriate Kubernetes ApiServerEtcdCaFile.py
613 CKV_K8S_102 resource DeploymentConfig Ensure that the –etcd-cafile argument is set as appropriate Kubernetes ApiServerEtcdCaFile.py
614 CKV_K8S_102 resource Job Ensure that the –etcd-cafile argument is set as appropriate Kubernetes ApiServerEtcdCaFile.py
615 CKV_K8S_102 resource Pod Ensure that the –etcd-cafile argument is set as appropriate Kubernetes ApiServerEtcdCaFile.py
616 CKV_K8S_102 resource PodTemplate Ensure that the –etcd-cafile argument is set as appropriate Kubernetes ApiServerEtcdCaFile.py
617 CKV_K8S_102 resource ReplicaSet Ensure that the –etcd-cafile argument is set as appropriate Kubernetes ApiServerEtcdCaFile.py
618 CKV_K8S_102 resource ReplicationController Ensure that the –etcd-cafile argument is set as appropriate Kubernetes ApiServerEtcdCaFile.py
619 CKV_K8S_102 resource StatefulSet Ensure that the –etcd-cafile argument is set as appropriate Kubernetes ApiServerEtcdCaFile.py
620 CKV_K8S_104 resource CronJob Ensure that encryption providers are appropriately configured Kubernetes ApiServerEncryptionProviders.py
621 CKV_K8S_104 resource DaemonSet Ensure that encryption providers are appropriately configured Kubernetes ApiServerEncryptionProviders.py
622 CKV_K8S_104 resource Deployment Ensure that encryption providers are appropriately configured Kubernetes ApiServerEncryptionProviders.py
623 CKV_K8S_104 resource DeploymentConfig Ensure that encryption providers are appropriately configured Kubernetes ApiServerEncryptionProviders.py
624 CKV_K8S_104 resource Job Ensure that encryption providers are appropriately configured Kubernetes ApiServerEncryptionProviders.py
625 CKV_K8S_104 resource Pod Ensure that encryption providers are appropriately configured Kubernetes ApiServerEncryptionProviders.py
626 CKV_K8S_104 resource PodTemplate Ensure that encryption providers are appropriately configured Kubernetes ApiServerEncryptionProviders.py
627 CKV_K8S_104 resource ReplicaSet Ensure that encryption providers are appropriately configured Kubernetes ApiServerEncryptionProviders.py
628 CKV_K8S_104 resource ReplicationController Ensure that encryption providers are appropriately configured Kubernetes ApiServerEncryptionProviders.py
629 CKV_K8S_104 resource StatefulSet Ensure that encryption providers are appropriately configured Kubernetes ApiServerEncryptionProviders.py
630 CKV_K8S_105 resource CronJob Ensure that the API Server only makes use of Strong Cryptographic Ciphers Kubernetes ApiServerStrongCryptographicCiphers.py
631 CKV_K8S_105 resource DaemonSet Ensure that the API Server only makes use of Strong Cryptographic Ciphers Kubernetes ApiServerStrongCryptographicCiphers.py
632 CKV_K8S_105 resource Deployment Ensure that the API Server only makes use of Strong Cryptographic Ciphers Kubernetes ApiServerStrongCryptographicCiphers.py
633 CKV_K8S_105 resource DeploymentConfig Ensure that the API Server only makes use of Strong Cryptographic Ciphers Kubernetes ApiServerStrongCryptographicCiphers.py
634 CKV_K8S_105 resource Job Ensure that the API Server only makes use of Strong Cryptographic Ciphers Kubernetes ApiServerStrongCryptographicCiphers.py
635 CKV_K8S_105 resource Pod Ensure that the API Server only makes use of Strong Cryptographic Ciphers Kubernetes ApiServerStrongCryptographicCiphers.py
636 CKV_K8S_105 resource PodTemplate Ensure that the API Server only makes use of Strong Cryptographic Ciphers Kubernetes ApiServerStrongCryptographicCiphers.py
637 CKV_K8S_105 resource ReplicaSet Ensure that the API Server only makes use of Strong Cryptographic Ciphers Kubernetes ApiServerStrongCryptographicCiphers.py
638 CKV_K8S_105 resource ReplicationController Ensure that the API Server only makes use of Strong Cryptographic Ciphers Kubernetes ApiServerStrongCryptographicCiphers.py
639 CKV_K8S_105 resource StatefulSet Ensure that the API Server only makes use of Strong Cryptographic Ciphers Kubernetes ApiServerStrongCryptographicCiphers.py
640 CKV_K8S_106 resource CronJob Ensure that the –terminated-pod-gc-threshold argument is set as appropriate Kubernetes KubeControllerManagerTerminatedPods.py
641 CKV_K8S_106 resource DaemonSet Ensure that the –terminated-pod-gc-threshold argument is set as appropriate Kubernetes KubeControllerManagerTerminatedPods.py
642 CKV_K8S_106 resource Deployment Ensure that the –terminated-pod-gc-threshold argument is set as appropriate Kubernetes KubeControllerManagerTerminatedPods.py
643 CKV_K8S_106 resource DeploymentConfig Ensure that the –terminated-pod-gc-threshold argument is set as appropriate Kubernetes KubeControllerManagerTerminatedPods.py
644 CKV_K8S_106 resource Job Ensure that the –terminated-pod-gc-threshold argument is set as appropriate Kubernetes KubeControllerManagerTerminatedPods.py
645 CKV_K8S_106 resource Pod Ensure that the –terminated-pod-gc-threshold argument is set as appropriate Kubernetes KubeControllerManagerTerminatedPods.py
646 CKV_K8S_106 resource PodTemplate Ensure that the –terminated-pod-gc-threshold argument is set as appropriate Kubernetes KubeControllerManagerTerminatedPods.py
647 CKV_K8S_106 resource ReplicaSet Ensure that the –terminated-pod-gc-threshold argument is set as appropriate Kubernetes KubeControllerManagerTerminatedPods.py
648 CKV_K8S_106 resource ReplicationController Ensure that the –terminated-pod-gc-threshold argument is set as appropriate Kubernetes KubeControllerManagerTerminatedPods.py
649 CKV_K8S_106 resource StatefulSet Ensure that the –terminated-pod-gc-threshold argument is set as appropriate Kubernetes KubeControllerManagerTerminatedPods.py
650 CKV_K8S_107 resource CronJob Ensure that the –profiling argument is set to false Kubernetes KubeControllerManagerBlockProfiles.py
651 CKV_K8S_107 resource DaemonSet Ensure that the –profiling argument is set to false Kubernetes KubeControllerManagerBlockProfiles.py
652 CKV_K8S_107 resource Deployment Ensure that the –profiling argument is set to false Kubernetes KubeControllerManagerBlockProfiles.py
653 CKV_K8S_107 resource DeploymentConfig Ensure that the –profiling argument is set to false Kubernetes KubeControllerManagerBlockProfiles.py
654 CKV_K8S_107 resource Job Ensure that the –profiling argument is set to false Kubernetes KubeControllerManagerBlockProfiles.py
655 CKV_K8S_107 resource Pod Ensure that the –profiling argument is set to false Kubernetes KubeControllerManagerBlockProfiles.py
656 CKV_K8S_107 resource PodTemplate Ensure that the –profiling argument is set to false Kubernetes KubeControllerManagerBlockProfiles.py
657 CKV_K8S_107 resource ReplicaSet Ensure that the –profiling argument is set to false Kubernetes KubeControllerManagerBlockProfiles.py
658 CKV_K8S_107 resource ReplicationController Ensure that the –profiling argument is set to false Kubernetes KubeControllerManagerBlockProfiles.py
659 CKV_K8S_107 resource StatefulSet Ensure that the –profiling argument is set to false Kubernetes KubeControllerManagerBlockProfiles.py
660 CKV_K8S_108 resource CronJob Ensure that the –use-service-account-credentials argument is set to true Kubernetes KubeControllerManagerServiceAccountCredentials.py
661 CKV_K8S_108 resource DaemonSet Ensure that the –use-service-account-credentials argument is set to true Kubernetes KubeControllerManagerServiceAccountCredentials.py
662 CKV_K8S_108 resource Deployment Ensure that the –use-service-account-credentials argument is set to true Kubernetes KubeControllerManagerServiceAccountCredentials.py
663 CKV_K8S_108 resource DeploymentConfig Ensure that the –use-service-account-credentials argument is set to true Kubernetes KubeControllerManagerServiceAccountCredentials.py
664 CKV_K8S_108 resource Job Ensure that the –use-service-account-credentials argument is set to true Kubernetes KubeControllerManagerServiceAccountCredentials.py
665 CKV_K8S_108 resource Pod Ensure that the –use-service-account-credentials argument is set to true Kubernetes KubeControllerManagerServiceAccountCredentials.py
666 CKV_K8S_108 resource PodTemplate Ensure that the –use-service-account-credentials argument is set to true Kubernetes KubeControllerManagerServiceAccountCredentials.py
667 CKV_K8S_108 resource ReplicaSet Ensure that the –use-service-account-credentials argument is set to true Kubernetes KubeControllerManagerServiceAccountCredentials.py
668 CKV_K8S_108 resource ReplicationController Ensure that the –use-service-account-credentials argument is set to true Kubernetes KubeControllerManagerServiceAccountCredentials.py
669 CKV_K8S_108 resource StatefulSet Ensure that the –use-service-account-credentials argument is set to true Kubernetes KubeControllerManagerServiceAccountCredentials.py
670 CKV_K8S_110 resource CronJob Ensure that the –service-account-private-key-file argument is set as appropriate Kubernetes KubeControllerManagerServiceAccountPrivateKeyFile.py
671 CKV_K8S_110 resource DaemonSet Ensure that the –service-account-private-key-file argument is set as appropriate Kubernetes KubeControllerManagerServiceAccountPrivateKeyFile.py
672 CKV_K8S_110 resource Deployment Ensure that the –service-account-private-key-file argument is set as appropriate Kubernetes KubeControllerManagerServiceAccountPrivateKeyFile.py
673 CKV_K8S_110 resource DeploymentConfig Ensure that the –service-account-private-key-file argument is set as appropriate Kubernetes KubeControllerManagerServiceAccountPrivateKeyFile.py
674 CKV_K8S_110 resource Job Ensure that the –service-account-private-key-file argument is set as appropriate Kubernetes KubeControllerManagerServiceAccountPrivateKeyFile.py
675 CKV_K8S_110 resource Pod Ensure that the –service-account-private-key-file argument is set as appropriate Kubernetes KubeControllerManagerServiceAccountPrivateKeyFile.py
676 CKV_K8S_110 resource PodTemplate Ensure that the –service-account-private-key-file argument is set as appropriate Kubernetes KubeControllerManagerServiceAccountPrivateKeyFile.py
677 CKV_K8S_110 resource ReplicaSet Ensure that the –service-account-private-key-file argument is set as appropriate Kubernetes KubeControllerManagerServiceAccountPrivateKeyFile.py
678 CKV_K8S_110 resource ReplicationController Ensure that the –service-account-private-key-file argument is set as appropriate Kubernetes KubeControllerManagerServiceAccountPrivateKeyFile.py
679 CKV_K8S_110 resource StatefulSet Ensure that the –service-account-private-key-file argument is set as appropriate Kubernetes KubeControllerManagerServiceAccountPrivateKeyFile.py
680 CKV_K8S_111 resource CronJob Ensure that the –root-ca-file argument is set as appropriate Kubernetes KubeControllerManagerRootCAFile.py
681 CKV_K8S_111 resource DaemonSet Ensure that the –root-ca-file argument is set as appropriate Kubernetes KubeControllerManagerRootCAFile.py
682 CKV_K8S_111 resource Deployment Ensure that the –root-ca-file argument is set as appropriate Kubernetes KubeControllerManagerRootCAFile.py
683 CKV_K8S_111 resource DeploymentConfig Ensure that the –root-ca-file argument is set as appropriate Kubernetes KubeControllerManagerRootCAFile.py
684 CKV_K8S_111 resource Job Ensure that the –root-ca-file argument is set as appropriate Kubernetes KubeControllerManagerRootCAFile.py
685 CKV_K8S_111 resource Pod Ensure that the –root-ca-file argument is set as appropriate Kubernetes KubeControllerManagerRootCAFile.py
686 CKV_K8S_111 resource PodTemplate Ensure that the –root-ca-file argument is set as appropriate Kubernetes KubeControllerManagerRootCAFile.py
687 CKV_K8S_111 resource ReplicaSet Ensure that the –root-ca-file argument is set as appropriate Kubernetes KubeControllerManagerRootCAFile.py
688 CKV_K8S_111 resource ReplicationController Ensure that the –root-ca-file argument is set as appropriate Kubernetes KubeControllerManagerRootCAFile.py
689 CKV_K8S_111 resource StatefulSet Ensure that the –root-ca-file argument is set as appropriate Kubernetes KubeControllerManagerRootCAFile.py
690 CKV_K8S_112 resource CronJob Ensure that the RotateKubeletServerCertificate argument is set to true Kubernetes RotateKubeletServerCertificate.py
691 CKV_K8S_112 resource DaemonSet Ensure that the RotateKubeletServerCertificate argument is set to true Kubernetes RotateKubeletServerCertificate.py
692 CKV_K8S_112 resource Deployment Ensure that the RotateKubeletServerCertificate argument is set to true Kubernetes RotateKubeletServerCertificate.py
693 CKV_K8S_112 resource DeploymentConfig Ensure that the RotateKubeletServerCertificate argument is set to true Kubernetes RotateKubeletServerCertificate.py
694 CKV_K8S_112 resource Job Ensure that the RotateKubeletServerCertificate argument is set to true Kubernetes RotateKubeletServerCertificate.py
695 CKV_K8S_112 resource Pod Ensure that the RotateKubeletServerCertificate argument is set to true Kubernetes RotateKubeletServerCertificate.py
696 CKV_K8S_112 resource PodTemplate Ensure that the RotateKubeletServerCertificate argument is set to true Kubernetes RotateKubeletServerCertificate.py
697 CKV_K8S_112 resource ReplicaSet Ensure that the RotateKubeletServerCertificate argument is set to true Kubernetes RotateKubeletServerCertificate.py
698 CKV_K8S_112 resource ReplicationController Ensure that the RotateKubeletServerCertificate argument is set to true Kubernetes RotateKubeletServerCertificate.py
699 CKV_K8S_112 resource StatefulSet Ensure that the RotateKubeletServerCertificate argument is set to true Kubernetes RotateKubeletServerCertificate.py
700 CKV_K8S_113 resource CronJob Ensure that the –bind-address argument is set to 127.0.0.1 Kubernetes ControllerManagerBindAddress.py
701 CKV_K8S_113 resource DaemonSet Ensure that the –bind-address argument is set to 127.0.0.1 Kubernetes ControllerManagerBindAddress.py
702 CKV_K8S_113 resource Deployment Ensure that the –bind-address argument is set to 127.0.0.1 Kubernetes ControllerManagerBindAddress.py
703 CKV_K8S_113 resource DeploymentConfig Ensure that the –bind-address argument is set to 127.0.0.1 Kubernetes ControllerManagerBindAddress.py
704 CKV_K8S_113 resource Job Ensure that the –bind-address argument is set to 127.0.0.1 Kubernetes ControllerManagerBindAddress.py
705 CKV_K8S_113 resource Pod Ensure that the –bind-address argument is set to 127.0.0.1 Kubernetes ControllerManagerBindAddress.py
706 CKV_K8S_113 resource PodTemplate Ensure that the –bind-address argument is set to 127.0.0.1 Kubernetes ControllerManagerBindAddress.py
707 CKV_K8S_113 resource ReplicaSet Ensure that the –bind-address argument is set to 127.0.0.1 Kubernetes ControllerManagerBindAddress.py
708 CKV_K8S_113 resource ReplicationController Ensure that the –bind-address argument is set to 127.0.0.1 Kubernetes ControllerManagerBindAddress.py
709 CKV_K8S_113 resource StatefulSet Ensure that the –bind-address argument is set to 127.0.0.1 Kubernetes ControllerManagerBindAddress.py
710 CKV_K8S_114 resource CronJob Ensure that the –profiling argument is set to false Kubernetes SchedulerProfiling.py
711 CKV_K8S_114 resource DaemonSet Ensure that the –profiling argument is set to false Kubernetes SchedulerProfiling.py
712 CKV_K8S_114 resource Deployment Ensure that the –profiling argument is set to false Kubernetes SchedulerProfiling.py
713 CKV_K8S_114 resource DeploymentConfig Ensure that the –profiling argument is set to false Kubernetes SchedulerProfiling.py
714 CKV_K8S_114 resource Job Ensure that the –profiling argument is set to false Kubernetes SchedulerProfiling.py
715 CKV_K8S_114 resource Pod Ensure that the –profiling argument is set to false Kubernetes SchedulerProfiling.py
716 CKV_K8S_114 resource PodTemplate Ensure that the –profiling argument is set to false Kubernetes SchedulerProfiling.py
717 CKV_K8S_114 resource ReplicaSet Ensure that the –profiling argument is set to false Kubernetes SchedulerProfiling.py
718 CKV_K8S_114 resource ReplicationController Ensure that the –profiling argument is set to false Kubernetes SchedulerProfiling.py
719 CKV_K8S_114 resource StatefulSet Ensure that the –profiling argument is set to false Kubernetes SchedulerProfiling.py
720 CKV_K8S_115 resource CronJob Ensure that the –bind-address argument is set to 127.0.0.1 Kubernetes SchedulerBindAddress.py
721 CKV_K8S_115 resource DaemonSet Ensure that the –bind-address argument is set to 127.0.0.1 Kubernetes SchedulerBindAddress.py
722 CKV_K8S_115 resource Deployment Ensure that the –bind-address argument is set to 127.0.0.1 Kubernetes SchedulerBindAddress.py
723 CKV_K8S_115 resource DeploymentConfig Ensure that the –bind-address argument is set to 127.0.0.1 Kubernetes SchedulerBindAddress.py
724 CKV_K8S_115 resource Job Ensure that the –bind-address argument is set to 127.0.0.1 Kubernetes SchedulerBindAddress.py
725 CKV_K8S_115 resource Pod Ensure that the –bind-address argument is set to 127.0.0.1 Kubernetes SchedulerBindAddress.py
726 CKV_K8S_115 resource PodTemplate Ensure that the –bind-address argument is set to 127.0.0.1 Kubernetes SchedulerBindAddress.py
727 CKV_K8S_115 resource ReplicaSet Ensure that the –bind-address argument is set to 127.0.0.1 Kubernetes SchedulerBindAddress.py
728 CKV_K8S_115 resource ReplicationController Ensure that the –bind-address argument is set to 127.0.0.1 Kubernetes SchedulerBindAddress.py
729 CKV_K8S_115 resource StatefulSet Ensure that the –bind-address argument is set to 127.0.0.1 Kubernetes SchedulerBindAddress.py
730 CKV_K8S_116 resource CronJob Ensure that the –cert-file and –key-file arguments are set as appropriate Kubernetes EtcdCertAndKey.py
731 CKV_K8S_116 resource DaemonSet Ensure that the –cert-file and –key-file arguments are set as appropriate Kubernetes EtcdCertAndKey.py
732 CKV_K8S_116 resource Deployment Ensure that the –cert-file and –key-file arguments are set as appropriate Kubernetes EtcdCertAndKey.py
733 CKV_K8S_116 resource DeploymentConfig Ensure that the –cert-file and –key-file arguments are set as appropriate Kubernetes EtcdCertAndKey.py
734 CKV_K8S_116 resource Job Ensure that the –cert-file and –key-file arguments are set as appropriate Kubernetes EtcdCertAndKey.py
735 CKV_K8S_116 resource Pod Ensure that the –cert-file and –key-file arguments are set as appropriate Kubernetes EtcdCertAndKey.py
736 CKV_K8S_116 resource PodTemplate Ensure that the –cert-file and –key-file arguments are set as appropriate Kubernetes EtcdCertAndKey.py
737 CKV_K8S_116 resource ReplicaSet Ensure that the –cert-file and –key-file arguments are set as appropriate Kubernetes EtcdCertAndKey.py
738 CKV_K8S_116 resource ReplicationController Ensure that the –cert-file and –key-file arguments are set as appropriate Kubernetes EtcdCertAndKey.py
739 CKV_K8S_116 resource StatefulSet Ensure that the –cert-file and –key-file arguments are set as appropriate Kubernetes EtcdCertAndKey.py
740 CKV_K8S_117 resource CronJob Ensure that the –client-cert-auth argument is set to true Kubernetes EtcdClientCertAuth.py
741 CKV_K8S_117 resource DaemonSet Ensure that the –client-cert-auth argument is set to true Kubernetes EtcdClientCertAuth.py
742 CKV_K8S_117 resource Deployment Ensure that the –client-cert-auth argument is set to true Kubernetes EtcdClientCertAuth.py
743 CKV_K8S_117 resource DeploymentConfig Ensure that the –client-cert-auth argument is set to true Kubernetes EtcdClientCertAuth.py
744 CKV_K8S_117 resource Job Ensure that the –client-cert-auth argument is set to true Kubernetes EtcdClientCertAuth.py
745 CKV_K8S_117 resource Pod Ensure that the –client-cert-auth argument is set to true Kubernetes EtcdClientCertAuth.py
746 CKV_K8S_117 resource PodTemplate Ensure that the –client-cert-auth argument is set to true Kubernetes EtcdClientCertAuth.py
747 CKV_K8S_117 resource ReplicaSet Ensure that the –client-cert-auth argument is set to true Kubernetes EtcdClientCertAuth.py
748 CKV_K8S_117 resource ReplicationController Ensure that the –client-cert-auth argument is set to true Kubernetes EtcdClientCertAuth.py
749 CKV_K8S_117 resource StatefulSet Ensure that the –client-cert-auth argument is set to true Kubernetes EtcdClientCertAuth.py
750 CKV_K8S_118 resource CronJob Ensure that the –auto-tls argument is not set to true Kubernetes EtcdAutoTls.py
751 CKV_K8S_118 resource DaemonSet Ensure that the –auto-tls argument is not set to true Kubernetes EtcdAutoTls.py
752 CKV_K8S_118 resource Deployment Ensure that the –auto-tls argument is not set to true Kubernetes EtcdAutoTls.py
753 CKV_K8S_118 resource DeploymentConfig Ensure that the –auto-tls argument is not set to true Kubernetes EtcdAutoTls.py
754 CKV_K8S_118 resource Job Ensure that the –auto-tls argument is not set to true Kubernetes EtcdAutoTls.py
755 CKV_K8S_118 resource Pod Ensure that the –auto-tls argument is not set to true Kubernetes EtcdAutoTls.py
756 CKV_K8S_118 resource PodTemplate Ensure that the –auto-tls argument is not set to true Kubernetes EtcdAutoTls.py
757 CKV_K8S_118 resource ReplicaSet Ensure that the –auto-tls argument is not set to true Kubernetes EtcdAutoTls.py
758 CKV_K8S_118 resource ReplicationController Ensure that the –auto-tls argument is not set to true Kubernetes EtcdAutoTls.py
759 CKV_K8S_118 resource StatefulSet Ensure that the –auto-tls argument is not set to true Kubernetes EtcdAutoTls.py
760 CKV_K8S_119 resource CronJob Ensure that the –peer-cert-file and –peer-key-file arguments are set as appropriate Kubernetes EtcdPeerFiles.py
761 CKV_K8S_119 resource DaemonSet Ensure that the –peer-cert-file and –peer-key-file arguments are set as appropriate Kubernetes EtcdPeerFiles.py
762 CKV_K8S_119 resource Deployment Ensure that the –peer-cert-file and –peer-key-file arguments are set as appropriate Kubernetes EtcdPeerFiles.py
763 CKV_K8S_119 resource DeploymentConfig Ensure that the –peer-cert-file and –peer-key-file arguments are set as appropriate Kubernetes EtcdPeerFiles.py
764 CKV_K8S_119 resource Job Ensure that the –peer-cert-file and –peer-key-file arguments are set as appropriate Kubernetes EtcdPeerFiles.py
765 CKV_K8S_119 resource Pod Ensure that the –peer-cert-file and –peer-key-file arguments are set as appropriate Kubernetes EtcdPeerFiles.py
766 CKV_K8S_119 resource PodTemplate Ensure that the –peer-cert-file and –peer-key-file arguments are set as appropriate Kubernetes EtcdPeerFiles.py
767 CKV_K8S_119 resource ReplicaSet Ensure that the –peer-cert-file and –peer-key-file arguments are set as appropriate Kubernetes EtcdPeerFiles.py
768 CKV_K8S_119 resource ReplicationController Ensure that the –peer-cert-file and –peer-key-file arguments are set as appropriate Kubernetes EtcdPeerFiles.py
769 CKV_K8S_119 resource StatefulSet Ensure that the –peer-cert-file and –peer-key-file arguments are set as appropriate Kubernetes EtcdPeerFiles.py
770 CKV_K8S_121 resource Pod Ensure that the –peer-client-cert-auth argument is set to true Kubernetes PeerClientCertAuthTrue.py
771 CKV_K8S_138 resource CronJob Ensure that the –anonymous-auth argument is set to false Kubernetes KubeletAnonymousAuth.py
772 CKV_K8S_138 resource DaemonSet Ensure that the –anonymous-auth argument is set to false Kubernetes KubeletAnonymousAuth.py
773 CKV_K8S_138 resource Deployment Ensure that the –anonymous-auth argument is set to false Kubernetes KubeletAnonymousAuth.py
774 CKV_K8S_138 resource DeploymentConfig Ensure that the –anonymous-auth argument is set to false Kubernetes KubeletAnonymousAuth.py
775 CKV_K8S_138 resource Job Ensure that the –anonymous-auth argument is set to false Kubernetes KubeletAnonymousAuth.py
776 CKV_K8S_138 resource Pod Ensure that the –anonymous-auth argument is set to false Kubernetes KubeletAnonymousAuth.py
777 CKV_K8S_138 resource PodTemplate Ensure that the –anonymous-auth argument is set to false Kubernetes KubeletAnonymousAuth.py
778 CKV_K8S_138 resource ReplicaSet Ensure that the –anonymous-auth argument is set to false Kubernetes KubeletAnonymousAuth.py
779 CKV_K8S_138 resource ReplicationController Ensure that the –anonymous-auth argument is set to false Kubernetes KubeletAnonymousAuth.py
780 CKV_K8S_138 resource StatefulSet Ensure that the –anonymous-auth argument is set to false Kubernetes KubeletAnonymousAuth.py
781 CKV_K8S_139 resource CronJob Ensure that the –authorization-mode argument is not set to AlwaysAllow Kubernetes KubeletAuthorizationModeNotAlwaysAllow.py
782 CKV_K8S_139 resource DaemonSet Ensure that the –authorization-mode argument is not set to AlwaysAllow Kubernetes KubeletAuthorizationModeNotAlwaysAllow.py
783 CKV_K8S_139 resource Deployment Ensure that the –authorization-mode argument is not set to AlwaysAllow Kubernetes KubeletAuthorizationModeNotAlwaysAllow.py
784 CKV_K8S_139 resource DeploymentConfig Ensure that the –authorization-mode argument is not set to AlwaysAllow Kubernetes KubeletAuthorizationModeNotAlwaysAllow.py
785 CKV_K8S_139 resource Job Ensure that the –authorization-mode argument is not set to AlwaysAllow Kubernetes KubeletAuthorizationModeNotAlwaysAllow.py
786 CKV_K8S_139 resource Pod Ensure that the –authorization-mode argument is not set to AlwaysAllow Kubernetes KubeletAuthorizationModeNotAlwaysAllow.py
787 CKV_K8S_139 resource PodTemplate Ensure that the –authorization-mode argument is not set to AlwaysAllow Kubernetes KubeletAuthorizationModeNotAlwaysAllow.py
788 CKV_K8S_139 resource ReplicaSet Ensure that the –authorization-mode argument is not set to AlwaysAllow Kubernetes KubeletAuthorizationModeNotAlwaysAllow.py
789 CKV_K8S_139 resource ReplicationController Ensure that the –authorization-mode argument is not set to AlwaysAllow Kubernetes KubeletAuthorizationModeNotAlwaysAllow.py
790 CKV_K8S_139 resource StatefulSet Ensure that the –authorization-mode argument is not set to AlwaysAllow Kubernetes KubeletAuthorizationModeNotAlwaysAllow.py
791 CKV_K8S_140 resource CronJob Ensure that the –client-ca-file argument is set as appropriate Kubernetes KubeletClientCa.py
792 CKV_K8S_140 resource DaemonSet Ensure that the –client-ca-file argument is set as appropriate Kubernetes KubeletClientCa.py
793 CKV_K8S_140 resource Deployment Ensure that the –client-ca-file argument is set as appropriate Kubernetes KubeletClientCa.py
794 CKV_K8S_140 resource DeploymentConfig Ensure that the –client-ca-file argument is set as appropriate Kubernetes KubeletClientCa.py
795 CKV_K8S_140 resource Job Ensure that the –client-ca-file argument is set as appropriate Kubernetes KubeletClientCa.py
796 CKV_K8S_140 resource Pod Ensure that the –client-ca-file argument is set as appropriate Kubernetes KubeletClientCa.py
797 CKV_K8S_140 resource PodTemplate Ensure that the –client-ca-file argument is set as appropriate Kubernetes KubeletClientCa.py
798 CKV_K8S_140 resource ReplicaSet Ensure that the –client-ca-file argument is set as appropriate Kubernetes KubeletClientCa.py
799 CKV_K8S_140 resource ReplicationController Ensure that the –client-ca-file argument is set as appropriate Kubernetes KubeletClientCa.py
800 CKV_K8S_140 resource StatefulSet Ensure that the –client-ca-file argument is set as appropriate Kubernetes KubeletClientCa.py
801 CKV_K8S_141 resource CronJob Ensure that the –read-only-port argument is set to 0 Kubernetes KubeletReadOnlyPort.py
802 CKV_K8S_141 resource DaemonSet Ensure that the –read-only-port argument is set to 0 Kubernetes KubeletReadOnlyPort.py
803 CKV_K8S_141 resource Deployment Ensure that the –read-only-port argument is set to 0 Kubernetes KubeletReadOnlyPort.py
804 CKV_K8S_141 resource DeploymentConfig Ensure that the –read-only-port argument is set to 0 Kubernetes KubeletReadOnlyPort.py
805 CKV_K8S_141 resource Job Ensure that the –read-only-port argument is set to 0 Kubernetes KubeletReadOnlyPort.py
806 CKV_K8S_141 resource Pod Ensure that the –read-only-port argument is set to 0 Kubernetes KubeletReadOnlyPort.py
807 CKV_K8S_141 resource PodTemplate Ensure that the –read-only-port argument is set to 0 Kubernetes KubeletReadOnlyPort.py
808 CKV_K8S_141 resource ReplicaSet Ensure that the –read-only-port argument is set to 0 Kubernetes KubeletReadOnlyPort.py
809 CKV_K8S_141 resource ReplicationController Ensure that the –read-only-port argument is set to 0 Kubernetes KubeletReadOnlyPort.py
810 CKV_K8S_141 resource StatefulSet Ensure that the –read-only-port argument is set to 0 Kubernetes KubeletReadOnlyPort.py
811 CKV_K8S_143 resource CronJob Ensure that the –streaming-connection-idle-timeout argument is not set to 0 Kubernetes KubeletStreamingConnectionIdleTimeout.py
812 CKV_K8S_143 resource DaemonSet Ensure that the –streaming-connection-idle-timeout argument is not set to 0 Kubernetes KubeletStreamingConnectionIdleTimeout.py
813 CKV_K8S_143 resource Deployment Ensure that the –streaming-connection-idle-timeout argument is not set to 0 Kubernetes KubeletStreamingConnectionIdleTimeout.py
814 CKV_K8S_143 resource DeploymentConfig Ensure that the –streaming-connection-idle-timeout argument is not set to 0 Kubernetes KubeletStreamingConnectionIdleTimeout.py
815 CKV_K8S_143 resource Job Ensure that the –streaming-connection-idle-timeout argument is not set to 0 Kubernetes KubeletStreamingConnectionIdleTimeout.py
816 CKV_K8S_143 resource Pod Ensure that the –streaming-connection-idle-timeout argument is not set to 0 Kubernetes KubeletStreamingConnectionIdleTimeout.py
817 CKV_K8S_143 resource PodTemplate Ensure that the –streaming-connection-idle-timeout argument is not set to 0 Kubernetes KubeletStreamingConnectionIdleTimeout.py
818 CKV_K8S_143 resource ReplicaSet Ensure that the –streaming-connection-idle-timeout argument is not set to 0 Kubernetes KubeletStreamingConnectionIdleTimeout.py
819 CKV_K8S_143 resource ReplicationController Ensure that the –streaming-connection-idle-timeout argument is not set to 0 Kubernetes KubeletStreamingConnectionIdleTimeout.py
820 CKV_K8S_143 resource StatefulSet Ensure that the –streaming-connection-idle-timeout argument is not set to 0 Kubernetes KubeletStreamingConnectionIdleTimeout.py
821 CKV_K8S_144 resource CronJob Ensure that the –protect-kernel-defaults argument is set to true Kubernetes KubeletProtectKernelDefaults.py
822 CKV_K8S_144 resource DaemonSet Ensure that the –protect-kernel-defaults argument is set to true Kubernetes KubeletProtectKernelDefaults.py
823 CKV_K8S_144 resource Deployment Ensure that the –protect-kernel-defaults argument is set to true Kubernetes KubeletProtectKernelDefaults.py
824 CKV_K8S_144 resource DeploymentConfig Ensure that the –protect-kernel-defaults argument is set to true Kubernetes KubeletProtectKernelDefaults.py
825 CKV_K8S_144 resource Job Ensure that the –protect-kernel-defaults argument is set to true Kubernetes KubeletProtectKernelDefaults.py
826 CKV_K8S_144 resource Pod Ensure that the –protect-kernel-defaults argument is set to true Kubernetes KubeletProtectKernelDefaults.py
827 CKV_K8S_144 resource PodTemplate Ensure that the –protect-kernel-defaults argument is set to true Kubernetes KubeletProtectKernelDefaults.py
828 CKV_K8S_144 resource ReplicaSet Ensure that the –protect-kernel-defaults argument is set to true Kubernetes KubeletProtectKernelDefaults.py
829 CKV_K8S_144 resource ReplicationController Ensure that the –protect-kernel-defaults argument is set to true Kubernetes KubeletProtectKernelDefaults.py
830 CKV_K8S_144 resource StatefulSet Ensure that the –protect-kernel-defaults argument is set to true Kubernetes KubeletProtectKernelDefaults.py
831 CKV_K8S_145 resource CronJob Ensure that the –make-iptables-util-chains argument is set to true Kubernetes KubeletMakeIptablesUtilChains.py
832 CKV_K8S_145 resource DaemonSet Ensure that the –make-iptables-util-chains argument is set to true Kubernetes KubeletMakeIptablesUtilChains.py
833 CKV_K8S_145 resource Deployment Ensure that the –make-iptables-util-chains argument is set to true Kubernetes KubeletMakeIptablesUtilChains.py
834 CKV_K8S_145 resource DeploymentConfig Ensure that the –make-iptables-util-chains argument is set to true Kubernetes KubeletMakeIptablesUtilChains.py
835 CKV_K8S_145 resource Job Ensure that the –make-iptables-util-chains argument is set to true Kubernetes KubeletMakeIptablesUtilChains.py
836 CKV_K8S_145 resource Pod Ensure that the –make-iptables-util-chains argument is set to true Kubernetes KubeletMakeIptablesUtilChains.py
837 CKV_K8S_145 resource PodTemplate Ensure that the –make-iptables-util-chains argument is set to true Kubernetes KubeletMakeIptablesUtilChains.py
838 CKV_K8S_145 resource ReplicaSet Ensure that the –make-iptables-util-chains argument is set to true Kubernetes KubeletMakeIptablesUtilChains.py
839 CKV_K8S_145 resource ReplicationController Ensure that the –make-iptables-util-chains argument is set to true Kubernetes KubeletMakeIptablesUtilChains.py
840 CKV_K8S_145 resource StatefulSet Ensure that the –make-iptables-util-chains argument is set to true Kubernetes KubeletMakeIptablesUtilChains.py
841 CKV_K8S_146 resource CronJob Ensure that the –hostname-override argument is not set Kubernetes KubeletHostnameOverride.py
842 CKV_K8S_146 resource DaemonSet Ensure that the –hostname-override argument is not set Kubernetes KubeletHostnameOverride.py
843 CKV_K8S_146 resource Deployment Ensure that the –hostname-override argument is not set Kubernetes KubeletHostnameOverride.py
844 CKV_K8S_146 resource DeploymentConfig Ensure that the –hostname-override argument is not set Kubernetes KubeletHostnameOverride.py
845 CKV_K8S_146 resource Job Ensure that the –hostname-override argument is not set Kubernetes KubeletHostnameOverride.py
846 CKV_K8S_146 resource Pod Ensure that the –hostname-override argument is not set Kubernetes KubeletHostnameOverride.py
847 CKV_K8S_146 resource PodTemplate Ensure that the –hostname-override argument is not set Kubernetes KubeletHostnameOverride.py
848 CKV_K8S_146 resource ReplicaSet Ensure that the –hostname-override argument is not set Kubernetes KubeletHostnameOverride.py
849 CKV_K8S_146 resource ReplicationController Ensure that the –hostname-override argument is not set Kubernetes KubeletHostnameOverride.py
850 CKV_K8S_146 resource StatefulSet Ensure that the –hostname-override argument is not set Kubernetes KubeletHostnameOverride.py
851 CKV_K8S_147 resource CronJob Ensure that the –event-qps argument is set to 0 or a level which ensures appropriate event capture Kubernetes KubletEventCapture.py
852 CKV_K8S_147 resource DaemonSet Ensure that the –event-qps argument is set to 0 or a level which ensures appropriate event capture Kubernetes KubletEventCapture.py
853 CKV_K8S_147 resource Deployment Ensure that the –event-qps argument is set to 0 or a level which ensures appropriate event capture Kubernetes KubletEventCapture.py
854 CKV_K8S_147 resource DeploymentConfig Ensure that the –event-qps argument is set to 0 or a level which ensures appropriate event capture Kubernetes KubletEventCapture.py
855 CKV_K8S_147 resource Job Ensure that the –event-qps argument is set to 0 or a level which ensures appropriate event capture Kubernetes KubletEventCapture.py
856 CKV_K8S_147 resource Pod Ensure that the –event-qps argument is set to 0 or a level which ensures appropriate event capture Kubernetes KubletEventCapture.py
857 CKV_K8S_147 resource PodTemplate Ensure that the –event-qps argument is set to 0 or a level which ensures appropriate event capture Kubernetes KubletEventCapture.py
858 CKV_K8S_147 resource ReplicaSet Ensure that the –event-qps argument is set to 0 or a level which ensures appropriate event capture Kubernetes KubletEventCapture.py
859 CKV_K8S_147 resource ReplicationController Ensure that the –event-qps argument is set to 0 or a level which ensures appropriate event capture Kubernetes KubletEventCapture.py
860 CKV_K8S_147 resource StatefulSet Ensure that the –event-qps argument is set to 0 or a level which ensures appropriate event capture Kubernetes KubletEventCapture.py
861 CKV_K8S_148 resource CronJob Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate Kubernetes KubeletKeyFilesSetAppropriate.py
862 CKV_K8S_148 resource DaemonSet Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate Kubernetes KubeletKeyFilesSetAppropriate.py
863 CKV_K8S_148 resource Deployment Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate Kubernetes KubeletKeyFilesSetAppropriate.py
864 CKV_K8S_148 resource DeploymentConfig Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate Kubernetes KubeletKeyFilesSetAppropriate.py
865 CKV_K8S_148 resource Job Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate Kubernetes KubeletKeyFilesSetAppropriate.py
866 CKV_K8S_148 resource Pod Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate Kubernetes KubeletKeyFilesSetAppropriate.py
867 CKV_K8S_148 resource PodTemplate Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate Kubernetes KubeletKeyFilesSetAppropriate.py
868 CKV_K8S_148 resource ReplicaSet Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate Kubernetes KubeletKeyFilesSetAppropriate.py
869 CKV_K8S_148 resource ReplicationController Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate Kubernetes KubeletKeyFilesSetAppropriate.py
870 CKV_K8S_148 resource StatefulSet Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate Kubernetes KubeletKeyFilesSetAppropriate.py
871 CKV_K8S_149 resource CronJob Ensure that the –rotate-certificates argument is not set to false Kubernetes KubletRotateCertificates.py
872 CKV_K8S_149 resource DaemonSet Ensure that the –rotate-certificates argument is not set to false Kubernetes KubletRotateCertificates.py
873 CKV_K8S_149 resource Deployment Ensure that the –rotate-certificates argument is not set to false Kubernetes KubletRotateCertificates.py
874 CKV_K8S_149 resource DeploymentConfig Ensure that the –rotate-certificates argument is not set to false Kubernetes KubletRotateCertificates.py
875 CKV_K8S_149 resource Job Ensure that the –rotate-certificates argument is not set to false Kubernetes KubletRotateCertificates.py
876 CKV_K8S_149 resource Pod Ensure that the –rotate-certificates argument is not set to false Kubernetes KubletRotateCertificates.py
877 CKV_K8S_149 resource PodTemplate Ensure that the –rotate-certificates argument is not set to false Kubernetes KubletRotateCertificates.py
878 CKV_K8S_149 resource ReplicaSet Ensure that the –rotate-certificates argument is not set to false Kubernetes KubletRotateCertificates.py
879 CKV_K8S_149 resource ReplicationController Ensure that the –rotate-certificates argument is not set to false Kubernetes KubletRotateCertificates.py
880 CKV_K8S_149 resource StatefulSet Ensure that the –rotate-certificates argument is not set to false Kubernetes KubletRotateCertificates.py
881 CKV_K8S_151 resource CronJob Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers Kubernetes KubeletCryptographicCiphers.py
882 CKV_K8S_151 resource DaemonSet Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers Kubernetes KubeletCryptographicCiphers.py
883 CKV_K8S_151 resource Deployment Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers Kubernetes KubeletCryptographicCiphers.py
884 CKV_K8S_151 resource DeploymentConfig Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers Kubernetes KubeletCryptographicCiphers.py
885 CKV_K8S_151 resource Job Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers Kubernetes KubeletCryptographicCiphers.py
886 CKV_K8S_151 resource Pod Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers Kubernetes KubeletCryptographicCiphers.py
887 CKV_K8S_151 resource PodTemplate Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers Kubernetes KubeletCryptographicCiphers.py
888 CKV_K8S_151 resource ReplicaSet Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers Kubernetes KubeletCryptographicCiphers.py
889 CKV_K8S_151 resource ReplicationController Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers Kubernetes KubeletCryptographicCiphers.py
890 CKV_K8S_151 resource StatefulSet Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers Kubernetes KubeletCryptographicCiphers.py
891 CKV_K8S_152 resource Ingress Prevent NGINX Ingress annotation snippets which contain LUA code execution. See CVE-2021-25742 Kubernetes NginxIngressCVE202125742Lua.py
892 CKV_K8S_153 resource Ingress Prevent All NGINX Ingress annotation snippets. See CVE-2021-25742 Kubernetes NginxIngressCVE202125742AllSnippets.py
893 CKV_K8S_154 resource Ingress Prevent NGINX Ingress annotation snippets which contain alias statements See CVE-2021-25742 Kubernetes NginxIngressCVE202125742Alias.py
894 CKV_K8S_155 resource ClusterRole Minimize ClusterRoles that grant control over validating or mutating admission webhook configurations Kubernetes RbacControlWebhooks.py
895 CKV_K8S_156 resource ClusterRole Minimize ClusterRoles that grant permissions to approve CertificateSigningRequests Kubernetes RbacApproveCertificateSigningRequests.py
896 CKV_K8S_157 resource ClusterRole Minimize Roles and ClusterRoles that grant permissions to bind RoleBindings or ClusterRoleBindings Kubernetes RbacBindRoleBindings.py
897 CKV_K8S_157 resource Role Minimize Roles and ClusterRoles that grant permissions to bind RoleBindings or ClusterRoleBindings Kubernetes RbacBindRoleBindings.py
898 CKV_K8S_158 resource ClusterRole Minimize Roles and ClusterRoles that grant permissions to escalate Roles or ClusterRoles Kubernetes RbacEscalateRoles.py
899 CKV_K8S_158 resource Role Minimize Roles and ClusterRoles that grant permissions to escalate Roles or ClusterRoles Kubernetes RbacEscalateRoles.py
900 CKV2_K8S_1 resource ClusterRole RoleBinding should not allow privilege escalation to a ServiceAccount or Node on other RoleBinding Kubernetes RoleBindingPE.yaml
901 CKV2_K8S_1 resource ClusterRoleBinding RoleBinding should not allow privilege escalation to a ServiceAccount or Node on other RoleBinding Kubernetes RoleBindingPE.yaml
902 CKV2_K8S_1 resource Role RoleBinding should not allow privilege escalation to a ServiceAccount or Node on other RoleBinding Kubernetes RoleBindingPE.yaml
903 CKV2_K8S_1 resource RoleBinding RoleBinding should not allow privilege escalation to a ServiceAccount or Node on other RoleBinding Kubernetes RoleBindingPE.yaml
904 CKV2_K8S_2 resource ClusterRole Granting create permissions to nodes/proxy or pods/exec sub resources allows potential privilege escalation Kubernetes NoCreateNodesProxyOrPodsExec.yaml
905 CKV2_K8S_2 resource ClusterRoleBinding Granting create permissions to nodes/proxy or pods/exec sub resources allows potential privilege escalation Kubernetes NoCreateNodesProxyOrPodsExec.yaml
906 CKV2_K8S_2 resource Role Granting create permissions to nodes/proxy or pods/exec sub resources allows potential privilege escalation Kubernetes NoCreateNodesProxyOrPodsExec.yaml
907 CKV2_K8S_2 resource RoleBinding Granting create permissions to nodes/proxy or pods/exec sub resources allows potential privilege escalation Kubernetes NoCreateNodesProxyOrPodsExec.yaml
908 CKV2_K8S_3 resource ClusterRole No ServiceAccount/Node should have impersonate permissions for groups/users/service-accounts Kubernetes ImpersonatePermissions.yaml
909 CKV2_K8S_3 resource ClusterRoleBinding No ServiceAccount/Node should have impersonate permissions for groups/users/service-accounts Kubernetes ImpersonatePermissions.yaml
910 CKV2_K8S_3 resource Role No ServiceAccount/Node should have impersonate permissions for groups/users/service-accounts Kubernetes ImpersonatePermissions.yaml
911 CKV2_K8S_3 resource RoleBinding No ServiceAccount/Node should have impersonate permissions for groups/users/service-accounts Kubernetes ImpersonatePermissions.yaml
912 CKV2_K8S_4 resource ClusterRole ServiceAccounts and nodes that can modify services/status may set the status.loadBalancer.ingress.ip field to exploit the unfixed CVE-2020-8554 and launch MiTM attacks against the cluster. Kubernetes ModifyServicesStatus.yaml
913 CKV2_K8S_4 resource ClusterRoleBinding ServiceAccounts and nodes that can modify services/status may set the status.loadBalancer.ingress.ip field to exploit the unfixed CVE-2020-8554 and launch MiTM attacks against the cluster. Kubernetes ModifyServicesStatus.yaml
914 CKV2_K8S_4 resource Role ServiceAccounts and nodes that can modify services/status may set the status.loadBalancer.ingress.ip field to exploit the unfixed CVE-2020-8554 and launch MiTM attacks against the cluster. Kubernetes ModifyServicesStatus.yaml
915 CKV2_K8S_4 resource RoleBinding ServiceAccounts and nodes that can modify services/status may set the status.loadBalancer.ingress.ip field to exploit the unfixed CVE-2020-8554 and launch MiTM attacks against the cluster. Kubernetes ModifyServicesStatus.yaml
916 CKV2_K8S_5 resource ClusterRole No ServiceAccount/Node should be able to read all secrets Kubernetes ReadAllSecrets.yaml
917 CKV2_K8S_5 resource ClusterRoleBinding No ServiceAccount/Node should be able to read all secrets Kubernetes ReadAllSecrets.yaml
918 CKV2_K8S_5 resource Role No ServiceAccount/Node should be able to read all secrets Kubernetes ReadAllSecrets.yaml
919 CKV2_K8S_5 resource RoleBinding No ServiceAccount/Node should be able to read all secrets Kubernetes ReadAllSecrets.yaml
920 CKV2_K8S_6 resource Deployment Minimize the admission of pods which lack an associated NetworkPolicy Kubernetes RequireAllPodsToHaveNetworkPolicy.yaml
921 CKV2_K8S_6 resource Pod Minimize the admission of pods which lack an associated NetworkPolicy Kubernetes RequireAllPodsToHaveNetworkPolicy.yaml

Powered By

  • Slack Community
  • About Bridgecrew
  • Platform
  • Terms of use
  • GitHub
  • Docs
  • Contact Us
  • Privacy policy