| 0 |
CKV_K8S_1 |
resource |
PodSecurityPolicy |
Do not admit containers wishing to share the host process ID namespace |
Kubernetes |
ShareHostPIDPSP.py |
| 1 |
CKV_K8S_2 |
resource |
PodSecurityPolicy |
Do not admit privileged containers |
Kubernetes |
PrivilegedContainersPSP.py |
| 2 |
CKV_K8S_3 |
resource |
PodSecurityPolicy |
Do not admit containers wishing to share the host IPC namespace |
Kubernetes |
ShareHostIPCPSP.py |
| 3 |
CKV_K8S_4 |
resource |
PodSecurityPolicy |
Do not admit containers wishing to share the host network namespace |
Kubernetes |
SharedHostNetworkNamespacePSP.py |
| 4 |
CKV_K8S_5 |
resource |
PodSecurityPolicy |
Containers should not run with allowPrivilegeEscalation |
Kubernetes |
AllowPrivilegeEscalationPSP.py |
| 5 |
CKV_K8S_6 |
resource |
PodSecurityPolicy |
Do not admit root containers |
Kubernetes |
RootContainersPSP.py |
| 6 |
CKV_K8S_7 |
resource |
PodSecurityPolicy |
Do not admit containers with the NET_RAW capability |
Kubernetes |
DropCapabilitiesPSP.py |
| 7 |
CKV_K8S_8 |
resource |
DaemonSet |
Liveness Probe Should be Configured |
Kubernetes |
LivenessProbe.py |
| 8 |
CKV_K8S_8 |
resource |
Deployment |
Liveness Probe Should be Configured |
Kubernetes |
LivenessProbe.py |
| 9 |
CKV_K8S_8 |
resource |
DeploymentConfig |
Liveness Probe Should be Configured |
Kubernetes |
LivenessProbe.py |
| 10 |
CKV_K8S_8 |
resource |
Pod |
Liveness Probe Should be Configured |
Kubernetes |
LivenessProbe.py |
| 11 |
CKV_K8S_8 |
resource |
PodTemplate |
Liveness Probe Should be Configured |
Kubernetes |
LivenessProbe.py |
| 12 |
CKV_K8S_8 |
resource |
ReplicaSet |
Liveness Probe Should be Configured |
Kubernetes |
LivenessProbe.py |
| 13 |
CKV_K8S_8 |
resource |
ReplicationController |
Liveness Probe Should be Configured |
Kubernetes |
LivenessProbe.py |
| 14 |
CKV_K8S_8 |
resource |
StatefulSet |
Liveness Probe Should be Configured |
Kubernetes |
LivenessProbe.py |
| 15 |
CKV_K8S_9 |
resource |
DaemonSet |
Readiness Probe Should be Configured |
Kubernetes |
ReadinessProbe.py |
| 16 |
CKV_K8S_9 |
resource |
Deployment |
Readiness Probe Should be Configured |
Kubernetes |
ReadinessProbe.py |
| 17 |
CKV_K8S_9 |
resource |
DeploymentConfig |
Readiness Probe Should be Configured |
Kubernetes |
ReadinessProbe.py |
| 18 |
CKV_K8S_9 |
resource |
Pod |
Readiness Probe Should be Configured |
Kubernetes |
ReadinessProbe.py |
| 19 |
CKV_K8S_9 |
resource |
PodTemplate |
Readiness Probe Should be Configured |
Kubernetes |
ReadinessProbe.py |
| 20 |
CKV_K8S_9 |
resource |
ReplicaSet |
Readiness Probe Should be Configured |
Kubernetes |
ReadinessProbe.py |
| 21 |
CKV_K8S_9 |
resource |
ReplicationController |
Readiness Probe Should be Configured |
Kubernetes |
ReadinessProbe.py |
| 22 |
CKV_K8S_9 |
resource |
StatefulSet |
Readiness Probe Should be Configured |
Kubernetes |
ReadinessProbe.py |
| 23 |
CKV_K8S_10 |
resource |
CronJob |
CPU requests should be set |
Kubernetes |
CPURequests.py |
| 24 |
CKV_K8S_10 |
resource |
DaemonSet |
CPU requests should be set |
Kubernetes |
CPURequests.py |
| 25 |
CKV_K8S_10 |
resource |
Deployment |
CPU requests should be set |
Kubernetes |
CPURequests.py |
| 26 |
CKV_K8S_10 |
resource |
DeploymentConfig |
CPU requests should be set |
Kubernetes |
CPURequests.py |
| 27 |
CKV_K8S_10 |
resource |
Job |
CPU requests should be set |
Kubernetes |
CPURequests.py |
| 28 |
CKV_K8S_10 |
resource |
Pod |
CPU requests should be set |
Kubernetes |
CPURequests.py |
| 29 |
CKV_K8S_10 |
resource |
PodTemplate |
CPU requests should be set |
Kubernetes |
CPURequests.py |
| 30 |
CKV_K8S_10 |
resource |
ReplicaSet |
CPU requests should be set |
Kubernetes |
CPURequests.py |
| 31 |
CKV_K8S_10 |
resource |
ReplicationController |
CPU requests should be set |
Kubernetes |
CPURequests.py |
| 32 |
CKV_K8S_10 |
resource |
StatefulSet |
CPU requests should be set |
Kubernetes |
CPURequests.py |
| 33 |
CKV_K8S_11 |
resource |
CronJob |
CPU limits should be set |
Kubernetes |
CPULimits.py |
| 34 |
CKV_K8S_11 |
resource |
DaemonSet |
CPU limits should be set |
Kubernetes |
CPULimits.py |
| 35 |
CKV_K8S_11 |
resource |
Deployment |
CPU limits should be set |
Kubernetes |
CPULimits.py |
| 36 |
CKV_K8S_11 |
resource |
DeploymentConfig |
CPU limits should be set |
Kubernetes |
CPULimits.py |
| 37 |
CKV_K8S_11 |
resource |
Job |
CPU limits should be set |
Kubernetes |
CPULimits.py |
| 38 |
CKV_K8S_11 |
resource |
Pod |
CPU limits should be set |
Kubernetes |
CPULimits.py |
| 39 |
CKV_K8S_11 |
resource |
PodTemplate |
CPU limits should be set |
Kubernetes |
CPULimits.py |
| 40 |
CKV_K8S_11 |
resource |
ReplicaSet |
CPU limits should be set |
Kubernetes |
CPULimits.py |
| 41 |
CKV_K8S_11 |
resource |
ReplicationController |
CPU limits should be set |
Kubernetes |
CPULimits.py |
| 42 |
CKV_K8S_11 |
resource |
StatefulSet |
CPU limits should be set |
Kubernetes |
CPULimits.py |
| 43 |
CKV_K8S_12 |
resource |
CronJob |
Memory requests should be set |
Kubernetes |
MemoryRequests.py |
| 44 |
CKV_K8S_12 |
resource |
DaemonSet |
Memory requests should be set |
Kubernetes |
MemoryRequests.py |
| 45 |
CKV_K8S_12 |
resource |
Deployment |
Memory requests should be set |
Kubernetes |
MemoryRequests.py |
| 46 |
CKV_K8S_12 |
resource |
DeploymentConfig |
Memory requests should be set |
Kubernetes |
MemoryRequests.py |
| 47 |
CKV_K8S_12 |
resource |
Job |
Memory requests should be set |
Kubernetes |
MemoryRequests.py |
| 48 |
CKV_K8S_12 |
resource |
Pod |
Memory requests should be set |
Kubernetes |
MemoryRequests.py |
| 49 |
CKV_K8S_12 |
resource |
PodTemplate |
Memory requests should be set |
Kubernetes |
MemoryRequests.py |
| 50 |
CKV_K8S_12 |
resource |
ReplicaSet |
Memory requests should be set |
Kubernetes |
MemoryRequests.py |
| 51 |
CKV_K8S_12 |
resource |
ReplicationController |
Memory requests should be set |
Kubernetes |
MemoryRequests.py |
| 52 |
CKV_K8S_12 |
resource |
StatefulSet |
Memory requests should be set |
Kubernetes |
MemoryRequests.py |
| 53 |
CKV_K8S_13 |
resource |
CronJob |
Memory limits should be set |
Kubernetes |
MemoryLimits.py |
| 54 |
CKV_K8S_13 |
resource |
DaemonSet |
Memory limits should be set |
Kubernetes |
MemoryLimits.py |
| 55 |
CKV_K8S_13 |
resource |
Deployment |
Memory limits should be set |
Kubernetes |
MemoryLimits.py |
| 56 |
CKV_K8S_13 |
resource |
DeploymentConfig |
Memory limits should be set |
Kubernetes |
MemoryLimits.py |
| 57 |
CKV_K8S_13 |
resource |
Job |
Memory limits should be set |
Kubernetes |
MemoryLimits.py |
| 58 |
CKV_K8S_13 |
resource |
Pod |
Memory limits should be set |
Kubernetes |
MemoryLimits.py |
| 59 |
CKV_K8S_13 |
resource |
PodTemplate |
Memory limits should be set |
Kubernetes |
MemoryLimits.py |
| 60 |
CKV_K8S_13 |
resource |
ReplicaSet |
Memory limits should be set |
Kubernetes |
MemoryLimits.py |
| 61 |
CKV_K8S_13 |
resource |
ReplicationController |
Memory limits should be set |
Kubernetes |
MemoryLimits.py |
| 62 |
CKV_K8S_13 |
resource |
StatefulSet |
Memory limits should be set |
Kubernetes |
MemoryLimits.py |
| 63 |
CKV_K8S_14 |
resource |
CronJob |
Image Tag should be fixed - not latest or blank |
Kubernetes |
ImageTagFixed.py |
| 64 |
CKV_K8S_14 |
resource |
DaemonSet |
Image Tag should be fixed - not latest or blank |
Kubernetes |
ImageTagFixed.py |
| 65 |
CKV_K8S_14 |
resource |
Deployment |
Image Tag should be fixed - not latest or blank |
Kubernetes |
ImageTagFixed.py |
| 66 |
CKV_K8S_14 |
resource |
DeploymentConfig |
Image Tag should be fixed - not latest or blank |
Kubernetes |
ImageTagFixed.py |
| 67 |
CKV_K8S_14 |
resource |
Job |
Image Tag should be fixed - not latest or blank |
Kubernetes |
ImageTagFixed.py |
| 68 |
CKV_K8S_14 |
resource |
Pod |
Image Tag should be fixed - not latest or blank |
Kubernetes |
ImageTagFixed.py |
| 69 |
CKV_K8S_14 |
resource |
PodTemplate |
Image Tag should be fixed - not latest or blank |
Kubernetes |
ImageTagFixed.py |
| 70 |
CKV_K8S_14 |
resource |
ReplicaSet |
Image Tag should be fixed - not latest or blank |
Kubernetes |
ImageTagFixed.py |
| 71 |
CKV_K8S_14 |
resource |
ReplicationController |
Image Tag should be fixed - not latest or blank |
Kubernetes |
ImageTagFixed.py |
| 72 |
CKV_K8S_14 |
resource |
StatefulSet |
Image Tag should be fixed - not latest or blank |
Kubernetes |
ImageTagFixed.py |
| 73 |
CKV_K8S_15 |
resource |
CronJob |
Image Pull Policy should be Always |
Kubernetes |
ImagePullPolicyAlways.py |
| 74 |
CKV_K8S_15 |
resource |
DaemonSet |
Image Pull Policy should be Always |
Kubernetes |
ImagePullPolicyAlways.py |
| 75 |
CKV_K8S_15 |
resource |
Deployment |
Image Pull Policy should be Always |
Kubernetes |
ImagePullPolicyAlways.py |
| 76 |
CKV_K8S_15 |
resource |
DeploymentConfig |
Image Pull Policy should be Always |
Kubernetes |
ImagePullPolicyAlways.py |
| 77 |
CKV_K8S_15 |
resource |
Job |
Image Pull Policy should be Always |
Kubernetes |
ImagePullPolicyAlways.py |
| 78 |
CKV_K8S_15 |
resource |
Pod |
Image Pull Policy should be Always |
Kubernetes |
ImagePullPolicyAlways.py |
| 79 |
CKV_K8S_15 |
resource |
PodTemplate |
Image Pull Policy should be Always |
Kubernetes |
ImagePullPolicyAlways.py |
| 80 |
CKV_K8S_15 |
resource |
ReplicaSet |
Image Pull Policy should be Always |
Kubernetes |
ImagePullPolicyAlways.py |
| 81 |
CKV_K8S_15 |
resource |
ReplicationController |
Image Pull Policy should be Always |
Kubernetes |
ImagePullPolicyAlways.py |
| 82 |
CKV_K8S_15 |
resource |
StatefulSet |
Image Pull Policy should be Always |
Kubernetes |
ImagePullPolicyAlways.py |
| 83 |
CKV_K8S_16 |
resource |
CronJob |
Container should not be privileged |
Kubernetes |
PrivilegedContainers.py |
| 84 |
CKV_K8S_16 |
resource |
DaemonSet |
Container should not be privileged |
Kubernetes |
PrivilegedContainers.py |
| 85 |
CKV_K8S_16 |
resource |
Deployment |
Container should not be privileged |
Kubernetes |
PrivilegedContainers.py |
| 86 |
CKV_K8S_16 |
resource |
DeploymentConfig |
Container should not be privileged |
Kubernetes |
PrivilegedContainers.py |
| 87 |
CKV_K8S_16 |
resource |
Job |
Container should not be privileged |
Kubernetes |
PrivilegedContainers.py |
| 88 |
CKV_K8S_16 |
resource |
Pod |
Container should not be privileged |
Kubernetes |
PrivilegedContainers.py |
| 89 |
CKV_K8S_16 |
resource |
PodTemplate |
Container should not be privileged |
Kubernetes |
PrivilegedContainers.py |
| 90 |
CKV_K8S_16 |
resource |
ReplicaSet |
Container should not be privileged |
Kubernetes |
PrivilegedContainers.py |
| 91 |
CKV_K8S_16 |
resource |
ReplicationController |
Container should not be privileged |
Kubernetes |
PrivilegedContainers.py |
| 92 |
CKV_K8S_16 |
resource |
StatefulSet |
Container should not be privileged |
Kubernetes |
PrivilegedContainers.py |
| 93 |
CKV_K8S_17 |
resource |
CronJob |
Containers should not share the host process ID namespace |
Kubernetes |
ShareHostPID.py |
| 94 |
CKV_K8S_17 |
resource |
DaemonSet |
Containers should not share the host process ID namespace |
Kubernetes |
ShareHostPID.py |
| 95 |
CKV_K8S_17 |
resource |
Deployment |
Containers should not share the host process ID namespace |
Kubernetes |
ShareHostPID.py |
| 96 |
CKV_K8S_17 |
resource |
Job |
Containers should not share the host process ID namespace |
Kubernetes |
ShareHostPID.py |
| 97 |
CKV_K8S_17 |
resource |
Pod |
Containers should not share the host process ID namespace |
Kubernetes |
ShareHostPID.py |
| 98 |
CKV_K8S_17 |
resource |
ReplicaSet |
Containers should not share the host process ID namespace |
Kubernetes |
ShareHostPID.py |
| 99 |
CKV_K8S_17 |
resource |
ReplicationController |
Containers should not share the host process ID namespace |
Kubernetes |
ShareHostPID.py |
| 100 |
CKV_K8S_17 |
resource |
StatefulSet |
Containers should not share the host process ID namespace |
Kubernetes |
ShareHostPID.py |
| 101 |
CKV_K8S_18 |
resource |
CronJob |
Containers should not share the host IPC namespace |
Kubernetes |
ShareHostIPC.py |
| 102 |
CKV_K8S_18 |
resource |
DaemonSet |
Containers should not share the host IPC namespace |
Kubernetes |
ShareHostIPC.py |
| 103 |
CKV_K8S_18 |
resource |
Deployment |
Containers should not share the host IPC namespace |
Kubernetes |
ShareHostIPC.py |
| 104 |
CKV_K8S_18 |
resource |
Job |
Containers should not share the host IPC namespace |
Kubernetes |
ShareHostIPC.py |
| 105 |
CKV_K8S_18 |
resource |
Pod |
Containers should not share the host IPC namespace |
Kubernetes |
ShareHostIPC.py |
| 106 |
CKV_K8S_18 |
resource |
ReplicaSet |
Containers should not share the host IPC namespace |
Kubernetes |
ShareHostIPC.py |
| 107 |
CKV_K8S_18 |
resource |
ReplicationController |
Containers should not share the host IPC namespace |
Kubernetes |
ShareHostIPC.py |
| 108 |
CKV_K8S_18 |
resource |
StatefulSet |
Containers should not share the host IPC namespace |
Kubernetes |
ShareHostIPC.py |
| 109 |
CKV_K8S_19 |
resource |
CronJob |
Containers should not share the host network namespace |
Kubernetes |
SharedHostNetworkNamespace.py |
| 110 |
CKV_K8S_19 |
resource |
DaemonSet |
Containers should not share the host network namespace |
Kubernetes |
SharedHostNetworkNamespace.py |
| 111 |
CKV_K8S_19 |
resource |
Deployment |
Containers should not share the host network namespace |
Kubernetes |
SharedHostNetworkNamespace.py |
| 112 |
CKV_K8S_19 |
resource |
Job |
Containers should not share the host network namespace |
Kubernetes |
SharedHostNetworkNamespace.py |
| 113 |
CKV_K8S_19 |
resource |
Pod |
Containers should not share the host network namespace |
Kubernetes |
SharedHostNetworkNamespace.py |
| 114 |
CKV_K8S_19 |
resource |
ReplicaSet |
Containers should not share the host network namespace |
Kubernetes |
SharedHostNetworkNamespace.py |
| 115 |
CKV_K8S_19 |
resource |
ReplicationController |
Containers should not share the host network namespace |
Kubernetes |
SharedHostNetworkNamespace.py |
| 116 |
CKV_K8S_19 |
resource |
StatefulSet |
Containers should not share the host network namespace |
Kubernetes |
SharedHostNetworkNamespace.py |
| 117 |
CKV_K8S_20 |
resource |
CronJob |
Containers should not run with allowPrivilegeEscalation |
Kubernetes |
AllowPrivilegeEscalation.py |
| 118 |
CKV_K8S_20 |
resource |
DaemonSet |
Containers should not run with allowPrivilegeEscalation |
Kubernetes |
AllowPrivilegeEscalation.py |
| 119 |
CKV_K8S_20 |
resource |
Deployment |
Containers should not run with allowPrivilegeEscalation |
Kubernetes |
AllowPrivilegeEscalation.py |
| 120 |
CKV_K8S_20 |
resource |
DeploymentConfig |
Containers should not run with allowPrivilegeEscalation |
Kubernetes |
AllowPrivilegeEscalation.py |
| 121 |
CKV_K8S_20 |
resource |
Job |
Containers should not run with allowPrivilegeEscalation |
Kubernetes |
AllowPrivilegeEscalation.py |
| 122 |
CKV_K8S_20 |
resource |
Pod |
Containers should not run with allowPrivilegeEscalation |
Kubernetes |
AllowPrivilegeEscalation.py |
| 123 |
CKV_K8S_20 |
resource |
PodTemplate |
Containers should not run with allowPrivilegeEscalation |
Kubernetes |
AllowPrivilegeEscalation.py |
| 124 |
CKV_K8S_20 |
resource |
ReplicaSet |
Containers should not run with allowPrivilegeEscalation |
Kubernetes |
AllowPrivilegeEscalation.py |
| 125 |
CKV_K8S_20 |
resource |
ReplicationController |
Containers should not run with allowPrivilegeEscalation |
Kubernetes |
AllowPrivilegeEscalation.py |
| 126 |
CKV_K8S_20 |
resource |
StatefulSet |
Containers should not run with allowPrivilegeEscalation |
Kubernetes |
AllowPrivilegeEscalation.py |
| 127 |
CKV_K8S_21 |
resource |
ConfigMap |
The default namespace should not be used |
Kubernetes |
DefaultNamespace.py |
| 128 |
CKV_K8S_21 |
resource |
CronJob |
The default namespace should not be used |
Kubernetes |
DefaultNamespace.py |
| 129 |
CKV_K8S_21 |
resource |
DaemonSet |
The default namespace should not be used |
Kubernetes |
DefaultNamespace.py |
| 130 |
CKV_K8S_21 |
resource |
Deployment |
The default namespace should not be used |
Kubernetes |
DefaultNamespace.py |
| 131 |
CKV_K8S_21 |
resource |
Ingress |
The default namespace should not be used |
Kubernetes |
DefaultNamespace.py |
| 132 |
CKV_K8S_21 |
resource |
Job |
The default namespace should not be used |
Kubernetes |
DefaultNamespace.py |
| 133 |
CKV_K8S_21 |
resource |
Pod |
The default namespace should not be used |
Kubernetes |
DefaultNamespace.py |
| 134 |
CKV_K8S_21 |
resource |
ReplicaSet |
The default namespace should not be used |
Kubernetes |
DefaultNamespace.py |
| 135 |
CKV_K8S_21 |
resource |
ReplicationController |
The default namespace should not be used |
Kubernetes |
DefaultNamespace.py |
| 136 |
CKV_K8S_21 |
resource |
Role |
The default namespace should not be used |
Kubernetes |
DefaultNamespace.py |
| 137 |
CKV_K8S_21 |
resource |
RoleBinding |
The default namespace should not be used |
Kubernetes |
DefaultNamespace.py |
| 138 |
CKV_K8S_21 |
resource |
Secret |
The default namespace should not be used |
Kubernetes |
DefaultNamespace.py |
| 139 |
CKV_K8S_21 |
resource |
Service |
The default namespace should not be used |
Kubernetes |
DefaultNamespace.py |
| 140 |
CKV_K8S_21 |
resource |
ServiceAccount |
The default namespace should not be used |
Kubernetes |
DefaultNamespace.py |
| 141 |
CKV_K8S_21 |
resource |
StatefulSet |
The default namespace should not be used |
Kubernetes |
DefaultNamespace.py |
| 142 |
CKV_K8S_22 |
resource |
CronJob |
Use read-only filesystem for containers where possible |
Kubernetes |
ReadOnlyFilesystem.py |
| 143 |
CKV_K8S_22 |
resource |
DaemonSet |
Use read-only filesystem for containers where possible |
Kubernetes |
ReadOnlyFilesystem.py |
| 144 |
CKV_K8S_22 |
resource |
Deployment |
Use read-only filesystem for containers where possible |
Kubernetes |
ReadOnlyFilesystem.py |
| 145 |
CKV_K8S_22 |
resource |
DeploymentConfig |
Use read-only filesystem for containers where possible |
Kubernetes |
ReadOnlyFilesystem.py |
| 146 |
CKV_K8S_22 |
resource |
Job |
Use read-only filesystem for containers where possible |
Kubernetes |
ReadOnlyFilesystem.py |
| 147 |
CKV_K8S_22 |
resource |
Pod |
Use read-only filesystem for containers where possible |
Kubernetes |
ReadOnlyFilesystem.py |
| 148 |
CKV_K8S_22 |
resource |
PodTemplate |
Use read-only filesystem for containers where possible |
Kubernetes |
ReadOnlyFilesystem.py |
| 149 |
CKV_K8S_22 |
resource |
ReplicaSet |
Use read-only filesystem for containers where possible |
Kubernetes |
ReadOnlyFilesystem.py |
| 150 |
CKV_K8S_22 |
resource |
ReplicationController |
Use read-only filesystem for containers where possible |
Kubernetes |
ReadOnlyFilesystem.py |
| 151 |
CKV_K8S_22 |
resource |
StatefulSet |
Use read-only filesystem for containers where possible |
Kubernetes |
ReadOnlyFilesystem.py |
| 152 |
CKV_K8S_23 |
resource |
CronJob |
Minimize the admission of root containers |
Kubernetes |
RootContainers.py |
| 153 |
CKV_K8S_23 |
resource |
DaemonSet |
Minimize the admission of root containers |
Kubernetes |
RootContainers.py |
| 154 |
CKV_K8S_23 |
resource |
Deployment |
Minimize the admission of root containers |
Kubernetes |
RootContainers.py |
| 155 |
CKV_K8S_23 |
resource |
Job |
Minimize the admission of root containers |
Kubernetes |
RootContainers.py |
| 156 |
CKV_K8S_23 |
resource |
Pod |
Minimize the admission of root containers |
Kubernetes |
RootContainers.py |
| 157 |
CKV_K8S_23 |
resource |
ReplicaSet |
Minimize the admission of root containers |
Kubernetes |
RootContainers.py |
| 158 |
CKV_K8S_23 |
resource |
ReplicationController |
Minimize the admission of root containers |
Kubernetes |
RootContainers.py |
| 159 |
CKV_K8S_23 |
resource |
StatefulSet |
Minimize the admission of root containers |
Kubernetes |
RootContainers.py |
| 160 |
CKV_K8S_24 |
resource |
PodSecurityPolicy |
Do not allow containers with added capability |
Kubernetes |
AllowedCapabilitiesPSP.py |
| 161 |
CKV_K8S_25 |
resource |
CronJob |
Minimize the admission of containers with added capability |
Kubernetes |
AllowedCapabilities.py |
| 162 |
CKV_K8S_25 |
resource |
DaemonSet |
Minimize the admission of containers with added capability |
Kubernetes |
AllowedCapabilities.py |
| 163 |
CKV_K8S_25 |
resource |
Deployment |
Minimize the admission of containers with added capability |
Kubernetes |
AllowedCapabilities.py |
| 164 |
CKV_K8S_25 |
resource |
DeploymentConfig |
Minimize the admission of containers with added capability |
Kubernetes |
AllowedCapabilities.py |
| 165 |
CKV_K8S_25 |
resource |
Job |
Minimize the admission of containers with added capability |
Kubernetes |
AllowedCapabilities.py |
| 166 |
CKV_K8S_25 |
resource |
Pod |
Minimize the admission of containers with added capability |
Kubernetes |
AllowedCapabilities.py |
| 167 |
CKV_K8S_25 |
resource |
PodTemplate |
Minimize the admission of containers with added capability |
Kubernetes |
AllowedCapabilities.py |
| 168 |
CKV_K8S_25 |
resource |
ReplicaSet |
Minimize the admission of containers with added capability |
Kubernetes |
AllowedCapabilities.py |
| 169 |
CKV_K8S_25 |
resource |
ReplicationController |
Minimize the admission of containers with added capability |
Kubernetes |
AllowedCapabilities.py |
| 170 |
CKV_K8S_25 |
resource |
StatefulSet |
Minimize the admission of containers with added capability |
Kubernetes |
AllowedCapabilities.py |
| 171 |
CKV_K8S_26 |
resource |
CronJob |
Do not specify hostPort unless absolutely necessary |
Kubernetes |
HostPort.py |
| 172 |
CKV_K8S_26 |
resource |
DaemonSet |
Do not specify hostPort unless absolutely necessary |
Kubernetes |
HostPort.py |
| 173 |
CKV_K8S_26 |
resource |
Deployment |
Do not specify hostPort unless absolutely necessary |
Kubernetes |
HostPort.py |
| 174 |
CKV_K8S_26 |
resource |
DeploymentConfig |
Do not specify hostPort unless absolutely necessary |
Kubernetes |
HostPort.py |
| 175 |
CKV_K8S_26 |
resource |
Job |
Do not specify hostPort unless absolutely necessary |
Kubernetes |
HostPort.py |
| 176 |
CKV_K8S_26 |
resource |
Pod |
Do not specify hostPort unless absolutely necessary |
Kubernetes |
HostPort.py |
| 177 |
CKV_K8S_26 |
resource |
PodTemplate |
Do not specify hostPort unless absolutely necessary |
Kubernetes |
HostPort.py |
| 178 |
CKV_K8S_26 |
resource |
ReplicaSet |
Do not specify hostPort unless absolutely necessary |
Kubernetes |
HostPort.py |
| 179 |
CKV_K8S_26 |
resource |
ReplicationController |
Do not specify hostPort unless absolutely necessary |
Kubernetes |
HostPort.py |
| 180 |
CKV_K8S_26 |
resource |
StatefulSet |
Do not specify hostPort unless absolutely necessary |
Kubernetes |
HostPort.py |
| 181 |
CKV_K8S_27 |
resource |
CronJob |
Do not expose the docker daemon socket to containers |
Kubernetes |
DockerSocketVolume.py |
| 182 |
CKV_K8S_27 |
resource |
DaemonSet |
Do not expose the docker daemon socket to containers |
Kubernetes |
DockerSocketVolume.py |
| 183 |
CKV_K8S_27 |
resource |
Deployment |
Do not expose the docker daemon socket to containers |
Kubernetes |
DockerSocketVolume.py |
| 184 |
CKV_K8S_27 |
resource |
Job |
Do not expose the docker daemon socket to containers |
Kubernetes |
DockerSocketVolume.py |
| 185 |
CKV_K8S_27 |
resource |
Pod |
Do not expose the docker daemon socket to containers |
Kubernetes |
DockerSocketVolume.py |
| 186 |
CKV_K8S_27 |
resource |
ReplicaSet |
Do not expose the docker daemon socket to containers |
Kubernetes |
DockerSocketVolume.py |
| 187 |
CKV_K8S_27 |
resource |
ReplicationController |
Do not expose the docker daemon socket to containers |
Kubernetes |
DockerSocketVolume.py |
| 188 |
CKV_K8S_27 |
resource |
StatefulSet |
Do not expose the docker daemon socket to containers |
Kubernetes |
DockerSocketVolume.py |
| 189 |
CKV_K8S_28 |
resource |
CronJob |
Minimize the admission of containers with the NET_RAW capability |
Kubernetes |
DropCapabilities.py |
| 190 |
CKV_K8S_28 |
resource |
DaemonSet |
Minimize the admission of containers with the NET_RAW capability |
Kubernetes |
DropCapabilities.py |
| 191 |
CKV_K8S_28 |
resource |
Deployment |
Minimize the admission of containers with the NET_RAW capability |
Kubernetes |
DropCapabilities.py |
| 192 |
CKV_K8S_28 |
resource |
DeploymentConfig |
Minimize the admission of containers with the NET_RAW capability |
Kubernetes |
DropCapabilities.py |
| 193 |
CKV_K8S_28 |
resource |
Job |
Minimize the admission of containers with the NET_RAW capability |
Kubernetes |
DropCapabilities.py |
| 194 |
CKV_K8S_28 |
resource |
Pod |
Minimize the admission of containers with the NET_RAW capability |
Kubernetes |
DropCapabilities.py |
| 195 |
CKV_K8S_28 |
resource |
PodTemplate |
Minimize the admission of containers with the NET_RAW capability |
Kubernetes |
DropCapabilities.py |
| 196 |
CKV_K8S_28 |
resource |
ReplicaSet |
Minimize the admission of containers with the NET_RAW capability |
Kubernetes |
DropCapabilities.py |
| 197 |
CKV_K8S_28 |
resource |
ReplicationController |
Minimize the admission of containers with the NET_RAW capability |
Kubernetes |
DropCapabilities.py |
| 198 |
CKV_K8S_28 |
resource |
StatefulSet |
Minimize the admission of containers with the NET_RAW capability |
Kubernetes |
DropCapabilities.py |
| 199 |
CKV_K8S_29 |
resource |
CronJob |
Apply security context to your pods and containers |
Kubernetes |
PodSecurityContext.py |
| 200 |
CKV_K8S_29 |
resource |
DaemonSet |
Apply security context to your pods and containers |
Kubernetes |
PodSecurityContext.py |
| 201 |
CKV_K8S_29 |
resource |
Deployment |
Apply security context to your pods and containers |
Kubernetes |
PodSecurityContext.py |
| 202 |
CKV_K8S_29 |
resource |
Job |
Apply security context to your pods and containers |
Kubernetes |
PodSecurityContext.py |
| 203 |
CKV_K8S_29 |
resource |
Pod |
Apply security context to your pods and containers |
Kubernetes |
PodSecurityContext.py |
| 204 |
CKV_K8S_29 |
resource |
ReplicaSet |
Apply security context to your pods and containers |
Kubernetes |
PodSecurityContext.py |
| 205 |
CKV_K8S_29 |
resource |
ReplicationController |
Apply security context to your pods and containers |
Kubernetes |
PodSecurityContext.py |
| 206 |
CKV_K8S_29 |
resource |
StatefulSet |
Apply security context to your pods and containers |
Kubernetes |
PodSecurityContext.py |
| 207 |
CKV_K8S_30 |
resource |
CronJob |
Apply security context to your containers |
Kubernetes |
ContainerSecurityContext.py |
| 208 |
CKV_K8S_30 |
resource |
DaemonSet |
Apply security context to your containers |
Kubernetes |
ContainerSecurityContext.py |
| 209 |
CKV_K8S_30 |
resource |
Deployment |
Apply security context to your containers |
Kubernetes |
ContainerSecurityContext.py |
| 210 |
CKV_K8S_30 |
resource |
DeploymentConfig |
Apply security context to your containers |
Kubernetes |
ContainerSecurityContext.py |
| 211 |
CKV_K8S_30 |
resource |
Job |
Apply security context to your containers |
Kubernetes |
ContainerSecurityContext.py |
| 212 |
CKV_K8S_30 |
resource |
Pod |
Apply security context to your containers |
Kubernetes |
ContainerSecurityContext.py |
| 213 |
CKV_K8S_30 |
resource |
PodTemplate |
Apply security context to your containers |
Kubernetes |
ContainerSecurityContext.py |
| 214 |
CKV_K8S_30 |
resource |
ReplicaSet |
Apply security context to your containers |
Kubernetes |
ContainerSecurityContext.py |
| 215 |
CKV_K8S_30 |
resource |
ReplicationController |
Apply security context to your containers |
Kubernetes |
ContainerSecurityContext.py |
| 216 |
CKV_K8S_30 |
resource |
StatefulSet |
Apply security context to your containers |
Kubernetes |
ContainerSecurityContext.py |
| 217 |
CKV_K8S_31 |
resource |
CronJob |
Ensure that the seccomp profile is set to docker/default or runtime/default |
Kubernetes |
Seccomp.py |
| 218 |
CKV_K8S_31 |
resource |
DaemonSet |
Ensure that the seccomp profile is set to docker/default or runtime/default |
Kubernetes |
Seccomp.py |
| 219 |
CKV_K8S_31 |
resource |
Deployment |
Ensure that the seccomp profile is set to docker/default or runtime/default |
Kubernetes |
Seccomp.py |
| 220 |
CKV_K8S_31 |
resource |
Job |
Ensure that the seccomp profile is set to docker/default or runtime/default |
Kubernetes |
Seccomp.py |
| 221 |
CKV_K8S_31 |
resource |
Pod |
Ensure that the seccomp profile is set to docker/default or runtime/default |
Kubernetes |
Seccomp.py |
| 222 |
CKV_K8S_31 |
resource |
ReplicaSet |
Ensure that the seccomp profile is set to docker/default or runtime/default |
Kubernetes |
Seccomp.py |
| 223 |
CKV_K8S_31 |
resource |
ReplicationController |
Ensure that the seccomp profile is set to docker/default or runtime/default |
Kubernetes |
Seccomp.py |
| 224 |
CKV_K8S_31 |
resource |
StatefulSet |
Ensure that the seccomp profile is set to docker/default or runtime/default |
Kubernetes |
Seccomp.py |
| 225 |
CKV_K8S_32 |
resource |
PodSecurityPolicy |
Ensure default seccomp profile set to docker/default or runtime/default |
Kubernetes |
SeccompPSP.py |
| 226 |
CKV_K8S_33 |
resource |
CronJob |
Ensure the Kubernetes dashboard is not deployed |
Kubernetes |
KubernetesDashboard.py |
| 227 |
CKV_K8S_33 |
resource |
DaemonSet |
Ensure the Kubernetes dashboard is not deployed |
Kubernetes |
KubernetesDashboard.py |
| 228 |
CKV_K8S_33 |
resource |
Deployment |
Ensure the Kubernetes dashboard is not deployed |
Kubernetes |
KubernetesDashboard.py |
| 229 |
CKV_K8S_33 |
resource |
DeploymentConfig |
Ensure the Kubernetes dashboard is not deployed |
Kubernetes |
KubernetesDashboard.py |
| 230 |
CKV_K8S_33 |
resource |
Job |
Ensure the Kubernetes dashboard is not deployed |
Kubernetes |
KubernetesDashboard.py |
| 231 |
CKV_K8S_33 |
resource |
Pod |
Ensure the Kubernetes dashboard is not deployed |
Kubernetes |
KubernetesDashboard.py |
| 232 |
CKV_K8S_33 |
resource |
PodTemplate |
Ensure the Kubernetes dashboard is not deployed |
Kubernetes |
KubernetesDashboard.py |
| 233 |
CKV_K8S_33 |
resource |
ReplicaSet |
Ensure the Kubernetes dashboard is not deployed |
Kubernetes |
KubernetesDashboard.py |
| 234 |
CKV_K8S_33 |
resource |
ReplicationController |
Ensure the Kubernetes dashboard is not deployed |
Kubernetes |
KubernetesDashboard.py |
| 235 |
CKV_K8S_33 |
resource |
StatefulSet |
Ensure the Kubernetes dashboard is not deployed |
Kubernetes |
KubernetesDashboard.py |
| 236 |
CKV_K8S_34 |
resource |
CronJob |
Ensure that Tiller (Helm v2) is not deployed |
Kubernetes |
Tiller.py |
| 237 |
CKV_K8S_34 |
resource |
DaemonSet |
Ensure that Tiller (Helm v2) is not deployed |
Kubernetes |
Tiller.py |
| 238 |
CKV_K8S_34 |
resource |
Deployment |
Ensure that Tiller (Helm v2) is not deployed |
Kubernetes |
Tiller.py |
| 239 |
CKV_K8S_34 |
resource |
DeploymentConfig |
Ensure that Tiller (Helm v2) is not deployed |
Kubernetes |
Tiller.py |
| 240 |
CKV_K8S_34 |
resource |
Job |
Ensure that Tiller (Helm v2) is not deployed |
Kubernetes |
Tiller.py |
| 241 |
CKV_K8S_34 |
resource |
Pod |
Ensure that Tiller (Helm v2) is not deployed |
Kubernetes |
Tiller.py |
| 242 |
CKV_K8S_34 |
resource |
PodTemplate |
Ensure that Tiller (Helm v2) is not deployed |
Kubernetes |
Tiller.py |
| 243 |
CKV_K8S_34 |
resource |
ReplicaSet |
Ensure that Tiller (Helm v2) is not deployed |
Kubernetes |
Tiller.py |
| 244 |
CKV_K8S_34 |
resource |
ReplicationController |
Ensure that Tiller (Helm v2) is not deployed |
Kubernetes |
Tiller.py |
| 245 |
CKV_K8S_34 |
resource |
StatefulSet |
Ensure that Tiller (Helm v2) is not deployed |
Kubernetes |
Tiller.py |
| 246 |
CKV_K8S_35 |
resource |
CronJob |
Prefer using secrets as files over secrets as environment variables |
Kubernetes |
Secrets.py |
| 247 |
CKV_K8S_35 |
resource |
DaemonSet |
Prefer using secrets as files over secrets as environment variables |
Kubernetes |
Secrets.py |
| 248 |
CKV_K8S_35 |
resource |
Deployment |
Prefer using secrets as files over secrets as environment variables |
Kubernetes |
Secrets.py |
| 249 |
CKV_K8S_35 |
resource |
DeploymentConfig |
Prefer using secrets as files over secrets as environment variables |
Kubernetes |
Secrets.py |
| 250 |
CKV_K8S_35 |
resource |
Job |
Prefer using secrets as files over secrets as environment variables |
Kubernetes |
Secrets.py |
| 251 |
CKV_K8S_35 |
resource |
Pod |
Prefer using secrets as files over secrets as environment variables |
Kubernetes |
Secrets.py |
| 252 |
CKV_K8S_35 |
resource |
PodTemplate |
Prefer using secrets as files over secrets as environment variables |
Kubernetes |
Secrets.py |
| 253 |
CKV_K8S_35 |
resource |
ReplicaSet |
Prefer using secrets as files over secrets as environment variables |
Kubernetes |
Secrets.py |
| 254 |
CKV_K8S_35 |
resource |
ReplicationController |
Prefer using secrets as files over secrets as environment variables |
Kubernetes |
Secrets.py |
| 255 |
CKV_K8S_35 |
resource |
StatefulSet |
Prefer using secrets as files over secrets as environment variables |
Kubernetes |
Secrets.py |
| 256 |
CKV_K8S_36 |
resource |
PodSecurityPolicy |
Minimize the admission of containers with capabilities assigned |
Kubernetes |
MinimizeCapabilitiesPSP.py |
| 257 |
CKV_K8S_37 |
resource |
CronJob |
Minimize the admission of containers with capabilities assigned |
Kubernetes |
MinimizeCapabilities.py |
| 258 |
CKV_K8S_37 |
resource |
DaemonSet |
Minimize the admission of containers with capabilities assigned |
Kubernetes |
MinimizeCapabilities.py |
| 259 |
CKV_K8S_37 |
resource |
Deployment |
Minimize the admission of containers with capabilities assigned |
Kubernetes |
MinimizeCapabilities.py |
| 260 |
CKV_K8S_37 |
resource |
DeploymentConfig |
Minimize the admission of containers with capabilities assigned |
Kubernetes |
MinimizeCapabilities.py |
| 261 |
CKV_K8S_37 |
resource |
Job |
Minimize the admission of containers with capabilities assigned |
Kubernetes |
MinimizeCapabilities.py |
| 262 |
CKV_K8S_37 |
resource |
Pod |
Minimize the admission of containers with capabilities assigned |
Kubernetes |
MinimizeCapabilities.py |
| 263 |
CKV_K8S_37 |
resource |
PodTemplate |
Minimize the admission of containers with capabilities assigned |
Kubernetes |
MinimizeCapabilities.py |
| 264 |
CKV_K8S_37 |
resource |
ReplicaSet |
Minimize the admission of containers with capabilities assigned |
Kubernetes |
MinimizeCapabilities.py |
| 265 |
CKV_K8S_37 |
resource |
ReplicationController |
Minimize the admission of containers with capabilities assigned |
Kubernetes |
MinimizeCapabilities.py |
| 266 |
CKV_K8S_37 |
resource |
StatefulSet |
Minimize the admission of containers with capabilities assigned |
Kubernetes |
MinimizeCapabilities.py |
| 267 |
CKV_K8S_38 |
resource |
CronJob |
Ensure that Service Account Tokens are only mounted where necessary |
Kubernetes |
ServiceAccountTokens.py |
| 268 |
CKV_K8S_38 |
resource |
DaemonSet |
Ensure that Service Account Tokens are only mounted where necessary |
Kubernetes |
ServiceAccountTokens.py |
| 269 |
CKV_K8S_38 |
resource |
Deployment |
Ensure that Service Account Tokens are only mounted where necessary |
Kubernetes |
ServiceAccountTokens.py |
| 270 |
CKV_K8S_38 |
resource |
Job |
Ensure that Service Account Tokens are only mounted where necessary |
Kubernetes |
ServiceAccountTokens.py |
| 271 |
CKV_K8S_38 |
resource |
Pod |
Ensure that Service Account Tokens are only mounted where necessary |
Kubernetes |
ServiceAccountTokens.py |
| 272 |
CKV_K8S_38 |
resource |
ReplicaSet |
Ensure that Service Account Tokens are only mounted where necessary |
Kubernetes |
ServiceAccountTokens.py |
| 273 |
CKV_K8S_38 |
resource |
ReplicationController |
Ensure that Service Account Tokens are only mounted where necessary |
Kubernetes |
ServiceAccountTokens.py |
| 274 |
CKV_K8S_38 |
resource |
StatefulSet |
Ensure that Service Account Tokens are only mounted where necessary |
Kubernetes |
ServiceAccountTokens.py |
| 275 |
CKV_K8S_39 |
resource |
CronJob |
Do not use the CAP_SYS_ADMIN linux capability |
Kubernetes |
AllowedCapabilitiesSysAdmin.py |
| 276 |
CKV_K8S_39 |
resource |
DaemonSet |
Do not use the CAP_SYS_ADMIN linux capability |
Kubernetes |
AllowedCapabilitiesSysAdmin.py |
| 277 |
CKV_K8S_39 |
resource |
Deployment |
Do not use the CAP_SYS_ADMIN linux capability |
Kubernetes |
AllowedCapabilitiesSysAdmin.py |
| 278 |
CKV_K8S_39 |
resource |
DeploymentConfig |
Do not use the CAP_SYS_ADMIN linux capability |
Kubernetes |
AllowedCapabilitiesSysAdmin.py |
| 279 |
CKV_K8S_39 |
resource |
Job |
Do not use the CAP_SYS_ADMIN linux capability |
Kubernetes |
AllowedCapabilitiesSysAdmin.py |
| 280 |
CKV_K8S_39 |
resource |
Pod |
Do not use the CAP_SYS_ADMIN linux capability |
Kubernetes |
AllowedCapabilitiesSysAdmin.py |
| 281 |
CKV_K8S_39 |
resource |
PodTemplate |
Do not use the CAP_SYS_ADMIN linux capability |
Kubernetes |
AllowedCapabilitiesSysAdmin.py |
| 282 |
CKV_K8S_39 |
resource |
ReplicaSet |
Do not use the CAP_SYS_ADMIN linux capability |
Kubernetes |
AllowedCapabilitiesSysAdmin.py |
| 283 |
CKV_K8S_39 |
resource |
ReplicationController |
Do not use the CAP_SYS_ADMIN linux capability |
Kubernetes |
AllowedCapabilitiesSysAdmin.py |
| 284 |
CKV_K8S_39 |
resource |
StatefulSet |
Do not use the CAP_SYS_ADMIN linux capability |
Kubernetes |
AllowedCapabilitiesSysAdmin.py |
| 285 |
CKV_K8S_40 |
resource |
CronJob |
Containers should run as a high UID to avoid host conflict |
Kubernetes |
RootContainersHighUID.py |
| 286 |
CKV_K8S_40 |
resource |
DaemonSet |
Containers should run as a high UID to avoid host conflict |
Kubernetes |
RootContainersHighUID.py |
| 287 |
CKV_K8S_40 |
resource |
Deployment |
Containers should run as a high UID to avoid host conflict |
Kubernetes |
RootContainersHighUID.py |
| 288 |
CKV_K8S_40 |
resource |
Job |
Containers should run as a high UID to avoid host conflict |
Kubernetes |
RootContainersHighUID.py |
| 289 |
CKV_K8S_40 |
resource |
Pod |
Containers should run as a high UID to avoid host conflict |
Kubernetes |
RootContainersHighUID.py |
| 290 |
CKV_K8S_40 |
resource |
ReplicaSet |
Containers should run as a high UID to avoid host conflict |
Kubernetes |
RootContainersHighUID.py |
| 291 |
CKV_K8S_40 |
resource |
ReplicationController |
Containers should run as a high UID to avoid host conflict |
Kubernetes |
RootContainersHighUID.py |
| 292 |
CKV_K8S_40 |
resource |
StatefulSet |
Containers should run as a high UID to avoid host conflict |
Kubernetes |
RootContainersHighUID.py |
| 293 |
CKV_K8S_41 |
resource |
ServiceAccount |
Ensure that default service accounts are not actively used |
Kubernetes |
DefaultServiceAccount.py |
| 294 |
CKV_K8S_42 |
resource |
ClusterRoleBinding |
Ensure that default service accounts are not actively used |
Kubernetes |
DefaultServiceAccountBinding.py |
| 295 |
CKV_K8S_42 |
resource |
RoleBinding |
Ensure that default service accounts are not actively used |
Kubernetes |
DefaultServiceAccountBinding.py |
| 296 |
CKV_K8S_43 |
resource |
CronJob |
Image should use digest |
Kubernetes |
ImageDigest.py |
| 297 |
CKV_K8S_43 |
resource |
DaemonSet |
Image should use digest |
Kubernetes |
ImageDigest.py |
| 298 |
CKV_K8S_43 |
resource |
Deployment |
Image should use digest |
Kubernetes |
ImageDigest.py |
| 299 |
CKV_K8S_43 |
resource |
DeploymentConfig |
Image should use digest |
Kubernetes |
ImageDigest.py |
| 300 |
CKV_K8S_43 |
resource |
Job |
Image should use digest |
Kubernetes |
ImageDigest.py |
| 301 |
CKV_K8S_43 |
resource |
Pod |
Image should use digest |
Kubernetes |
ImageDigest.py |
| 302 |
CKV_K8S_43 |
resource |
PodTemplate |
Image should use digest |
Kubernetes |
ImageDigest.py |
| 303 |
CKV_K8S_43 |
resource |
ReplicaSet |
Image should use digest |
Kubernetes |
ImageDigest.py |
| 304 |
CKV_K8S_43 |
resource |
ReplicationController |
Image should use digest |
Kubernetes |
ImageDigest.py |
| 305 |
CKV_K8S_43 |
resource |
StatefulSet |
Image should use digest |
Kubernetes |
ImageDigest.py |
| 306 |
CKV_K8S_44 |
resource |
Service |
Ensure that the Tiller Service (Helm v2) is deleted |
Kubernetes |
TillerService.py |
| 307 |
CKV_K8S_45 |
resource |
CronJob |
Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster |
Kubernetes |
TillerDeploymentListener.py |
| 308 |
CKV_K8S_45 |
resource |
DaemonSet |
Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster |
Kubernetes |
TillerDeploymentListener.py |
| 309 |
CKV_K8S_45 |
resource |
Deployment |
Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster |
Kubernetes |
TillerDeploymentListener.py |
| 310 |
CKV_K8S_45 |
resource |
DeploymentConfig |
Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster |
Kubernetes |
TillerDeploymentListener.py |
| 311 |
CKV_K8S_45 |
resource |
Job |
Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster |
Kubernetes |
TillerDeploymentListener.py |
| 312 |
CKV_K8S_45 |
resource |
Pod |
Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster |
Kubernetes |
TillerDeploymentListener.py |
| 313 |
CKV_K8S_45 |
resource |
PodTemplate |
Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster |
Kubernetes |
TillerDeploymentListener.py |
| 314 |
CKV_K8S_45 |
resource |
ReplicaSet |
Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster |
Kubernetes |
TillerDeploymentListener.py |
| 315 |
CKV_K8S_45 |
resource |
ReplicationController |
Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster |
Kubernetes |
TillerDeploymentListener.py |
| 316 |
CKV_K8S_45 |
resource |
StatefulSet |
Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster |
Kubernetes |
TillerDeploymentListener.py |
| 317 |
CKV_K8S_49 |
resource |
ClusterRole |
Minimize wildcard use in Roles and ClusterRoles |
Kubernetes |
WildcardRoles.py |
| 318 |
CKV_K8S_49 |
resource |
Role |
Minimize wildcard use in Roles and ClusterRoles |
Kubernetes |
WildcardRoles.py |
| 319 |
CKV_K8S_68 |
resource |
CronJob |
Ensure that the –anonymous-auth argument is set to false |
Kubernetes |
ApiServerAnonymousAuth.py |
| 320 |
CKV_K8S_68 |
resource |
DaemonSet |
Ensure that the –anonymous-auth argument is set to false |
Kubernetes |
ApiServerAnonymousAuth.py |
| 321 |
CKV_K8S_68 |
resource |
Deployment |
Ensure that the –anonymous-auth argument is set to false |
Kubernetes |
ApiServerAnonymousAuth.py |
| 322 |
CKV_K8S_68 |
resource |
DeploymentConfig |
Ensure that the –anonymous-auth argument is set to false |
Kubernetes |
ApiServerAnonymousAuth.py |
| 323 |
CKV_K8S_68 |
resource |
Job |
Ensure that the –anonymous-auth argument is set to false |
Kubernetes |
ApiServerAnonymousAuth.py |
| 324 |
CKV_K8S_68 |
resource |
Pod |
Ensure that the –anonymous-auth argument is set to false |
Kubernetes |
ApiServerAnonymousAuth.py |
| 325 |
CKV_K8S_68 |
resource |
PodTemplate |
Ensure that the –anonymous-auth argument is set to false |
Kubernetes |
ApiServerAnonymousAuth.py |
| 326 |
CKV_K8S_68 |
resource |
ReplicaSet |
Ensure that the –anonymous-auth argument is set to false |
Kubernetes |
ApiServerAnonymousAuth.py |
| 327 |
CKV_K8S_68 |
resource |
ReplicationController |
Ensure that the –anonymous-auth argument is set to false |
Kubernetes |
ApiServerAnonymousAuth.py |
| 328 |
CKV_K8S_68 |
resource |
StatefulSet |
Ensure that the –anonymous-auth argument is set to false |
Kubernetes |
ApiServerAnonymousAuth.py |
| 329 |
CKV_K8S_69 |
resource |
CronJob |
Ensure that the –basic-auth-file argument is not set |
Kubernetes |
ApiServerBasicAuthFile.py |
| 330 |
CKV_K8S_69 |
resource |
DaemonSet |
Ensure that the –basic-auth-file argument is not set |
Kubernetes |
ApiServerBasicAuthFile.py |
| 331 |
CKV_K8S_69 |
resource |
Deployment |
Ensure that the –basic-auth-file argument is not set |
Kubernetes |
ApiServerBasicAuthFile.py |
| 332 |
CKV_K8S_69 |
resource |
DeploymentConfig |
Ensure that the –basic-auth-file argument is not set |
Kubernetes |
ApiServerBasicAuthFile.py |
| 333 |
CKV_K8S_69 |
resource |
Job |
Ensure that the –basic-auth-file argument is not set |
Kubernetes |
ApiServerBasicAuthFile.py |
| 334 |
CKV_K8S_69 |
resource |
Pod |
Ensure that the –basic-auth-file argument is not set |
Kubernetes |
ApiServerBasicAuthFile.py |
| 335 |
CKV_K8S_69 |
resource |
PodTemplate |
Ensure that the –basic-auth-file argument is not set |
Kubernetes |
ApiServerBasicAuthFile.py |
| 336 |
CKV_K8S_69 |
resource |
ReplicaSet |
Ensure that the –basic-auth-file argument is not set |
Kubernetes |
ApiServerBasicAuthFile.py |
| 337 |
CKV_K8S_69 |
resource |
ReplicationController |
Ensure that the –basic-auth-file argument is not set |
Kubernetes |
ApiServerBasicAuthFile.py |
| 338 |
CKV_K8S_69 |
resource |
StatefulSet |
Ensure that the –basic-auth-file argument is not set |
Kubernetes |
ApiServerBasicAuthFile.py |
| 339 |
CKV_K8S_70 |
resource |
CronJob |
Ensure that the –token-auth-file argument is not set |
Kubernetes |
ApiServerTokenAuthFile.py |
| 340 |
CKV_K8S_70 |
resource |
DaemonSet |
Ensure that the –token-auth-file argument is not set |
Kubernetes |
ApiServerTokenAuthFile.py |
| 341 |
CKV_K8S_70 |
resource |
Deployment |
Ensure that the –token-auth-file argument is not set |
Kubernetes |
ApiServerTokenAuthFile.py |
| 342 |
CKV_K8S_70 |
resource |
DeploymentConfig |
Ensure that the –token-auth-file argument is not set |
Kubernetes |
ApiServerTokenAuthFile.py |
| 343 |
CKV_K8S_70 |
resource |
Job |
Ensure that the –token-auth-file argument is not set |
Kubernetes |
ApiServerTokenAuthFile.py |
| 344 |
CKV_K8S_70 |
resource |
Pod |
Ensure that the –token-auth-file argument is not set |
Kubernetes |
ApiServerTokenAuthFile.py |
| 345 |
CKV_K8S_70 |
resource |
PodTemplate |
Ensure that the –token-auth-file argument is not set |
Kubernetes |
ApiServerTokenAuthFile.py |
| 346 |
CKV_K8S_70 |
resource |
ReplicaSet |
Ensure that the –token-auth-file argument is not set |
Kubernetes |
ApiServerTokenAuthFile.py |
| 347 |
CKV_K8S_70 |
resource |
ReplicationController |
Ensure that the –token-auth-file argument is not set |
Kubernetes |
ApiServerTokenAuthFile.py |
| 348 |
CKV_K8S_70 |
resource |
StatefulSet |
Ensure that the –token-auth-file argument is not set |
Kubernetes |
ApiServerTokenAuthFile.py |
| 349 |
CKV_K8S_71 |
resource |
CronJob |
Ensure that the –kubelet-https argument is set to true |
Kubernetes |
ApiServerKubeletHttps.py |
| 350 |
CKV_K8S_71 |
resource |
DaemonSet |
Ensure that the –kubelet-https argument is set to true |
Kubernetes |
ApiServerKubeletHttps.py |
| 351 |
CKV_K8S_71 |
resource |
Deployment |
Ensure that the –kubelet-https argument is set to true |
Kubernetes |
ApiServerKubeletHttps.py |
| 352 |
CKV_K8S_71 |
resource |
DeploymentConfig |
Ensure that the –kubelet-https argument is set to true |
Kubernetes |
ApiServerKubeletHttps.py |
| 353 |
CKV_K8S_71 |
resource |
Job |
Ensure that the –kubelet-https argument is set to true |
Kubernetes |
ApiServerKubeletHttps.py |
| 354 |
CKV_K8S_71 |
resource |
Pod |
Ensure that the –kubelet-https argument is set to true |
Kubernetes |
ApiServerKubeletHttps.py |
| 355 |
CKV_K8S_71 |
resource |
PodTemplate |
Ensure that the –kubelet-https argument is set to true |
Kubernetes |
ApiServerKubeletHttps.py |
| 356 |
CKV_K8S_71 |
resource |
ReplicaSet |
Ensure that the –kubelet-https argument is set to true |
Kubernetes |
ApiServerKubeletHttps.py |
| 357 |
CKV_K8S_71 |
resource |
ReplicationController |
Ensure that the –kubelet-https argument is set to true |
Kubernetes |
ApiServerKubeletHttps.py |
| 358 |
CKV_K8S_71 |
resource |
StatefulSet |
Ensure that the –kubelet-https argument is set to true |
Kubernetes |
ApiServerKubeletHttps.py |
| 359 |
CKV_K8S_72 |
resource |
CronJob |
Ensure that the –kubelet-client-certificate and –kubelet-client-key arguments are set as appropriate |
Kubernetes |
ApiServerKubeletClientCertAndKey.py |
| 360 |
CKV_K8S_72 |
resource |
DaemonSet |
Ensure that the –kubelet-client-certificate and –kubelet-client-key arguments are set as appropriate |
Kubernetes |
ApiServerKubeletClientCertAndKey.py |
| 361 |
CKV_K8S_72 |
resource |
Deployment |
Ensure that the –kubelet-client-certificate and –kubelet-client-key arguments are set as appropriate |
Kubernetes |
ApiServerKubeletClientCertAndKey.py |
| 362 |
CKV_K8S_72 |
resource |
DeploymentConfig |
Ensure that the –kubelet-client-certificate and –kubelet-client-key arguments are set as appropriate |
Kubernetes |
ApiServerKubeletClientCertAndKey.py |
| 363 |
CKV_K8S_72 |
resource |
Job |
Ensure that the –kubelet-client-certificate and –kubelet-client-key arguments are set as appropriate |
Kubernetes |
ApiServerKubeletClientCertAndKey.py |
| 364 |
CKV_K8S_72 |
resource |
Pod |
Ensure that the –kubelet-client-certificate and –kubelet-client-key arguments are set as appropriate |
Kubernetes |
ApiServerKubeletClientCertAndKey.py |
| 365 |
CKV_K8S_72 |
resource |
PodTemplate |
Ensure that the –kubelet-client-certificate and –kubelet-client-key arguments are set as appropriate |
Kubernetes |
ApiServerKubeletClientCertAndKey.py |
| 366 |
CKV_K8S_72 |
resource |
ReplicaSet |
Ensure that the –kubelet-client-certificate and –kubelet-client-key arguments are set as appropriate |
Kubernetes |
ApiServerKubeletClientCertAndKey.py |
| 367 |
CKV_K8S_72 |
resource |
ReplicationController |
Ensure that the –kubelet-client-certificate and –kubelet-client-key arguments are set as appropriate |
Kubernetes |
ApiServerKubeletClientCertAndKey.py |
| 368 |
CKV_K8S_72 |
resource |
StatefulSet |
Ensure that the –kubelet-client-certificate and –kubelet-client-key arguments are set as appropriate |
Kubernetes |
ApiServerKubeletClientCertAndKey.py |
| 369 |
CKV_K8S_73 |
resource |
CronJob |
Ensure that the –kubelet-certificate-authority argument is set as appropriate |
Kubernetes |
ApiServerkubeletCertificateAuthority.py |
| 370 |
CKV_K8S_73 |
resource |
DaemonSet |
Ensure that the –kubelet-certificate-authority argument is set as appropriate |
Kubernetes |
ApiServerkubeletCertificateAuthority.py |
| 371 |
CKV_K8S_73 |
resource |
Deployment |
Ensure that the –kubelet-certificate-authority argument is set as appropriate |
Kubernetes |
ApiServerkubeletCertificateAuthority.py |
| 372 |
CKV_K8S_73 |
resource |
DeploymentConfig |
Ensure that the –kubelet-certificate-authority argument is set as appropriate |
Kubernetes |
ApiServerkubeletCertificateAuthority.py |
| 373 |
CKV_K8S_73 |
resource |
Job |
Ensure that the –kubelet-certificate-authority argument is set as appropriate |
Kubernetes |
ApiServerkubeletCertificateAuthority.py |
| 374 |
CKV_K8S_73 |
resource |
Pod |
Ensure that the –kubelet-certificate-authority argument is set as appropriate |
Kubernetes |
ApiServerkubeletCertificateAuthority.py |
| 375 |
CKV_K8S_73 |
resource |
PodTemplate |
Ensure that the –kubelet-certificate-authority argument is set as appropriate |
Kubernetes |
ApiServerkubeletCertificateAuthority.py |
| 376 |
CKV_K8S_73 |
resource |
ReplicaSet |
Ensure that the –kubelet-certificate-authority argument is set as appropriate |
Kubernetes |
ApiServerkubeletCertificateAuthority.py |
| 377 |
CKV_K8S_73 |
resource |
ReplicationController |
Ensure that the –kubelet-certificate-authority argument is set as appropriate |
Kubernetes |
ApiServerkubeletCertificateAuthority.py |
| 378 |
CKV_K8S_73 |
resource |
StatefulSet |
Ensure that the –kubelet-certificate-authority argument is set as appropriate |
Kubernetes |
ApiServerkubeletCertificateAuthority.py |
| 379 |
CKV_K8S_74 |
resource |
CronJob |
Ensure that the –authorization-mode argument is not set to AlwaysAllow |
Kubernetes |
ApiServerAuthorizationModeNotAlwaysAllow.py |
| 380 |
CKV_K8S_74 |
resource |
DaemonSet |
Ensure that the –authorization-mode argument is not set to AlwaysAllow |
Kubernetes |
ApiServerAuthorizationModeNotAlwaysAllow.py |
| 381 |
CKV_K8S_74 |
resource |
Deployment |
Ensure that the –authorization-mode argument is not set to AlwaysAllow |
Kubernetes |
ApiServerAuthorizationModeNotAlwaysAllow.py |
| 382 |
CKV_K8S_74 |
resource |
DeploymentConfig |
Ensure that the –authorization-mode argument is not set to AlwaysAllow |
Kubernetes |
ApiServerAuthorizationModeNotAlwaysAllow.py |
| 383 |
CKV_K8S_74 |
resource |
Job |
Ensure that the –authorization-mode argument is not set to AlwaysAllow |
Kubernetes |
ApiServerAuthorizationModeNotAlwaysAllow.py |
| 384 |
CKV_K8S_74 |
resource |
Pod |
Ensure that the –authorization-mode argument is not set to AlwaysAllow |
Kubernetes |
ApiServerAuthorizationModeNotAlwaysAllow.py |
| 385 |
CKV_K8S_74 |
resource |
PodTemplate |
Ensure that the –authorization-mode argument is not set to AlwaysAllow |
Kubernetes |
ApiServerAuthorizationModeNotAlwaysAllow.py |
| 386 |
CKV_K8S_74 |
resource |
ReplicaSet |
Ensure that the –authorization-mode argument is not set to AlwaysAllow |
Kubernetes |
ApiServerAuthorizationModeNotAlwaysAllow.py |
| 387 |
CKV_K8S_74 |
resource |
ReplicationController |
Ensure that the –authorization-mode argument is not set to AlwaysAllow |
Kubernetes |
ApiServerAuthorizationModeNotAlwaysAllow.py |
| 388 |
CKV_K8S_74 |
resource |
StatefulSet |
Ensure that the –authorization-mode argument is not set to AlwaysAllow |
Kubernetes |
ApiServerAuthorizationModeNotAlwaysAllow.py |
| 389 |
CKV_K8S_75 |
resource |
CronJob |
Ensure that the –authorization-mode argument includes Node |
Kubernetes |
ApiServerAuthorizationModeNode.py |
| 390 |
CKV_K8S_75 |
resource |
DaemonSet |
Ensure that the –authorization-mode argument includes Node |
Kubernetes |
ApiServerAuthorizationModeNode.py |
| 391 |
CKV_K8S_75 |
resource |
Deployment |
Ensure that the –authorization-mode argument includes Node |
Kubernetes |
ApiServerAuthorizationModeNode.py |
| 392 |
CKV_K8S_75 |
resource |
DeploymentConfig |
Ensure that the –authorization-mode argument includes Node |
Kubernetes |
ApiServerAuthorizationModeNode.py |
| 393 |
CKV_K8S_75 |
resource |
Job |
Ensure that the –authorization-mode argument includes Node |
Kubernetes |
ApiServerAuthorizationModeNode.py |
| 394 |
CKV_K8S_75 |
resource |
Pod |
Ensure that the –authorization-mode argument includes Node |
Kubernetes |
ApiServerAuthorizationModeNode.py |
| 395 |
CKV_K8S_75 |
resource |
PodTemplate |
Ensure that the –authorization-mode argument includes Node |
Kubernetes |
ApiServerAuthorizationModeNode.py |
| 396 |
CKV_K8S_75 |
resource |
ReplicaSet |
Ensure that the –authorization-mode argument includes Node |
Kubernetes |
ApiServerAuthorizationModeNode.py |
| 397 |
CKV_K8S_75 |
resource |
ReplicationController |
Ensure that the –authorization-mode argument includes Node |
Kubernetes |
ApiServerAuthorizationModeNode.py |
| 398 |
CKV_K8S_75 |
resource |
StatefulSet |
Ensure that the –authorization-mode argument includes Node |
Kubernetes |
ApiServerAuthorizationModeNode.py |
| 399 |
CKV_K8S_77 |
resource |
CronJob |
Ensure that the –authorization-mode argument includes RBAC |
Kubernetes |
ApiServerAuthorizationModeRBAC.py |
| 400 |
CKV_K8S_77 |
resource |
DaemonSet |
Ensure that the –authorization-mode argument includes RBAC |
Kubernetes |
ApiServerAuthorizationModeRBAC.py |
| 401 |
CKV_K8S_77 |
resource |
Deployment |
Ensure that the –authorization-mode argument includes RBAC |
Kubernetes |
ApiServerAuthorizationModeRBAC.py |
| 402 |
CKV_K8S_77 |
resource |
DeploymentConfig |
Ensure that the –authorization-mode argument includes RBAC |
Kubernetes |
ApiServerAuthorizationModeRBAC.py |
| 403 |
CKV_K8S_77 |
resource |
Job |
Ensure that the –authorization-mode argument includes RBAC |
Kubernetes |
ApiServerAuthorizationModeRBAC.py |
| 404 |
CKV_K8S_77 |
resource |
Pod |
Ensure that the –authorization-mode argument includes RBAC |
Kubernetes |
ApiServerAuthorizationModeRBAC.py |
| 405 |
CKV_K8S_77 |
resource |
PodTemplate |
Ensure that the –authorization-mode argument includes RBAC |
Kubernetes |
ApiServerAuthorizationModeRBAC.py |
| 406 |
CKV_K8S_77 |
resource |
ReplicaSet |
Ensure that the –authorization-mode argument includes RBAC |
Kubernetes |
ApiServerAuthorizationModeRBAC.py |
| 407 |
CKV_K8S_77 |
resource |
ReplicationController |
Ensure that the –authorization-mode argument includes RBAC |
Kubernetes |
ApiServerAuthorizationModeRBAC.py |
| 408 |
CKV_K8S_77 |
resource |
StatefulSet |
Ensure that the –authorization-mode argument includes RBAC |
Kubernetes |
ApiServerAuthorizationModeRBAC.py |
| 409 |
CKV_K8S_78 |
resource |
AdmissionConfiguration |
Ensure that the admission control plugin EventRateLimit is set |
Kubernetes |
ApiServerAdmissionControlEventRateLimit.py |
| 410 |
CKV_K8S_79 |
resource |
CronJob |
Ensure that the admission control plugin AlwaysAdmit is not set |
Kubernetes |
ApiServerAdmissionControlAlwaysAdmit.py |
| 411 |
CKV_K8S_79 |
resource |
DaemonSet |
Ensure that the admission control plugin AlwaysAdmit is not set |
Kubernetes |
ApiServerAdmissionControlAlwaysAdmit.py |
| 412 |
CKV_K8S_79 |
resource |
Deployment |
Ensure that the admission control plugin AlwaysAdmit is not set |
Kubernetes |
ApiServerAdmissionControlAlwaysAdmit.py |
| 413 |
CKV_K8S_79 |
resource |
DeploymentConfig |
Ensure that the admission control plugin AlwaysAdmit is not set |
Kubernetes |
ApiServerAdmissionControlAlwaysAdmit.py |
| 414 |
CKV_K8S_79 |
resource |
Job |
Ensure that the admission control plugin AlwaysAdmit is not set |
Kubernetes |
ApiServerAdmissionControlAlwaysAdmit.py |
| 415 |
CKV_K8S_79 |
resource |
Pod |
Ensure that the admission control plugin AlwaysAdmit is not set |
Kubernetes |
ApiServerAdmissionControlAlwaysAdmit.py |
| 416 |
CKV_K8S_79 |
resource |
PodTemplate |
Ensure that the admission control plugin AlwaysAdmit is not set |
Kubernetes |
ApiServerAdmissionControlAlwaysAdmit.py |
| 417 |
CKV_K8S_79 |
resource |
ReplicaSet |
Ensure that the admission control plugin AlwaysAdmit is not set |
Kubernetes |
ApiServerAdmissionControlAlwaysAdmit.py |
| 418 |
CKV_K8S_79 |
resource |
ReplicationController |
Ensure that the admission control plugin AlwaysAdmit is not set |
Kubernetes |
ApiServerAdmissionControlAlwaysAdmit.py |
| 419 |
CKV_K8S_79 |
resource |
StatefulSet |
Ensure that the admission control plugin AlwaysAdmit is not set |
Kubernetes |
ApiServerAdmissionControlAlwaysAdmit.py |
| 420 |
CKV_K8S_80 |
resource |
CronJob |
Ensure that the admission control plugin AlwaysPullImages is set |
Kubernetes |
ApiServerAlwaysPullImagesPlugin.py |
| 421 |
CKV_K8S_80 |
resource |
DaemonSet |
Ensure that the admission control plugin AlwaysPullImages is set |
Kubernetes |
ApiServerAlwaysPullImagesPlugin.py |
| 422 |
CKV_K8S_80 |
resource |
Deployment |
Ensure that the admission control plugin AlwaysPullImages is set |
Kubernetes |
ApiServerAlwaysPullImagesPlugin.py |
| 423 |
CKV_K8S_80 |
resource |
DeploymentConfig |
Ensure that the admission control plugin AlwaysPullImages is set |
Kubernetes |
ApiServerAlwaysPullImagesPlugin.py |
| 424 |
CKV_K8S_80 |
resource |
Job |
Ensure that the admission control plugin AlwaysPullImages is set |
Kubernetes |
ApiServerAlwaysPullImagesPlugin.py |
| 425 |
CKV_K8S_80 |
resource |
Pod |
Ensure that the admission control plugin AlwaysPullImages is set |
Kubernetes |
ApiServerAlwaysPullImagesPlugin.py |
| 426 |
CKV_K8S_80 |
resource |
PodTemplate |
Ensure that the admission control plugin AlwaysPullImages is set |
Kubernetes |
ApiServerAlwaysPullImagesPlugin.py |
| 427 |
CKV_K8S_80 |
resource |
ReplicaSet |
Ensure that the admission control plugin AlwaysPullImages is set |
Kubernetes |
ApiServerAlwaysPullImagesPlugin.py |
| 428 |
CKV_K8S_80 |
resource |
ReplicationController |
Ensure that the admission control plugin AlwaysPullImages is set |
Kubernetes |
ApiServerAlwaysPullImagesPlugin.py |
| 429 |
CKV_K8S_80 |
resource |
StatefulSet |
Ensure that the admission control plugin AlwaysPullImages is set |
Kubernetes |
ApiServerAlwaysPullImagesPlugin.py |
| 430 |
CKV_K8S_81 |
resource |
CronJob |
Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used |
Kubernetes |
ApiServerSecurityContextDenyPlugin.py |
| 431 |
CKV_K8S_81 |
resource |
DaemonSet |
Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used |
Kubernetes |
ApiServerSecurityContextDenyPlugin.py |
| 432 |
CKV_K8S_81 |
resource |
Deployment |
Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used |
Kubernetes |
ApiServerSecurityContextDenyPlugin.py |
| 433 |
CKV_K8S_81 |
resource |
DeploymentConfig |
Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used |
Kubernetes |
ApiServerSecurityContextDenyPlugin.py |
| 434 |
CKV_K8S_81 |
resource |
Job |
Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used |
Kubernetes |
ApiServerSecurityContextDenyPlugin.py |
| 435 |
CKV_K8S_81 |
resource |
Pod |
Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used |
Kubernetes |
ApiServerSecurityContextDenyPlugin.py |
| 436 |
CKV_K8S_81 |
resource |
PodTemplate |
Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used |
Kubernetes |
ApiServerSecurityContextDenyPlugin.py |
| 437 |
CKV_K8S_81 |
resource |
ReplicaSet |
Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used |
Kubernetes |
ApiServerSecurityContextDenyPlugin.py |
| 438 |
CKV_K8S_81 |
resource |
ReplicationController |
Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used |
Kubernetes |
ApiServerSecurityContextDenyPlugin.py |
| 439 |
CKV_K8S_81 |
resource |
StatefulSet |
Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used |
Kubernetes |
ApiServerSecurityContextDenyPlugin.py |
| 440 |
CKV_K8S_82 |
resource |
CronJob |
Ensure that the admission control plugin ServiceAccount is set |
Kubernetes |
ApiServerServiceAccountPlugin.py |
| 441 |
CKV_K8S_82 |
resource |
DaemonSet |
Ensure that the admission control plugin ServiceAccount is set |
Kubernetes |
ApiServerServiceAccountPlugin.py |
| 442 |
CKV_K8S_82 |
resource |
Deployment |
Ensure that the admission control plugin ServiceAccount is set |
Kubernetes |
ApiServerServiceAccountPlugin.py |
| 443 |
CKV_K8S_82 |
resource |
DeploymentConfig |
Ensure that the admission control plugin ServiceAccount is set |
Kubernetes |
ApiServerServiceAccountPlugin.py |
| 444 |
CKV_K8S_82 |
resource |
Job |
Ensure that the admission control plugin ServiceAccount is set |
Kubernetes |
ApiServerServiceAccountPlugin.py |
| 445 |
CKV_K8S_82 |
resource |
Pod |
Ensure that the admission control plugin ServiceAccount is set |
Kubernetes |
ApiServerServiceAccountPlugin.py |
| 446 |
CKV_K8S_82 |
resource |
PodTemplate |
Ensure that the admission control plugin ServiceAccount is set |
Kubernetes |
ApiServerServiceAccountPlugin.py |
| 447 |
CKV_K8S_82 |
resource |
ReplicaSet |
Ensure that the admission control plugin ServiceAccount is set |
Kubernetes |
ApiServerServiceAccountPlugin.py |
| 448 |
CKV_K8S_82 |
resource |
ReplicationController |
Ensure that the admission control plugin ServiceAccount is set |
Kubernetes |
ApiServerServiceAccountPlugin.py |
| 449 |
CKV_K8S_82 |
resource |
StatefulSet |
Ensure that the admission control plugin ServiceAccount is set |
Kubernetes |
ApiServerServiceAccountPlugin.py |
| 450 |
CKV_K8S_83 |
resource |
CronJob |
Ensure that the admission control plugin NamespaceLifecycle is set |
Kubernetes |
ApiServerNamespaceLifecyclePlugin.py |
| 451 |
CKV_K8S_83 |
resource |
DaemonSet |
Ensure that the admission control plugin NamespaceLifecycle is set |
Kubernetes |
ApiServerNamespaceLifecyclePlugin.py |
| 452 |
CKV_K8S_83 |
resource |
Deployment |
Ensure that the admission control plugin NamespaceLifecycle is set |
Kubernetes |
ApiServerNamespaceLifecyclePlugin.py |
| 453 |
CKV_K8S_83 |
resource |
DeploymentConfig |
Ensure that the admission control plugin NamespaceLifecycle is set |
Kubernetes |
ApiServerNamespaceLifecyclePlugin.py |
| 454 |
CKV_K8S_83 |
resource |
Job |
Ensure that the admission control plugin NamespaceLifecycle is set |
Kubernetes |
ApiServerNamespaceLifecyclePlugin.py |
| 455 |
CKV_K8S_83 |
resource |
Pod |
Ensure that the admission control plugin NamespaceLifecycle is set |
Kubernetes |
ApiServerNamespaceLifecyclePlugin.py |
| 456 |
CKV_K8S_83 |
resource |
PodTemplate |
Ensure that the admission control plugin NamespaceLifecycle is set |
Kubernetes |
ApiServerNamespaceLifecyclePlugin.py |
| 457 |
CKV_K8S_83 |
resource |
ReplicaSet |
Ensure that the admission control plugin NamespaceLifecycle is set |
Kubernetes |
ApiServerNamespaceLifecyclePlugin.py |
| 458 |
CKV_K8S_83 |
resource |
ReplicationController |
Ensure that the admission control plugin NamespaceLifecycle is set |
Kubernetes |
ApiServerNamespaceLifecyclePlugin.py |
| 459 |
CKV_K8S_83 |
resource |
StatefulSet |
Ensure that the admission control plugin NamespaceLifecycle is set |
Kubernetes |
ApiServerNamespaceLifecyclePlugin.py |
| 460 |
CKV_K8S_84 |
resource |
CronJob |
Ensure that the admission control plugin PodSecurityPolicy is set |
Kubernetes |
ApiServerPodSecurityPolicyPlugin.py |
| 461 |
CKV_K8S_84 |
resource |
DaemonSet |
Ensure that the admission control plugin PodSecurityPolicy is set |
Kubernetes |
ApiServerPodSecurityPolicyPlugin.py |
| 462 |
CKV_K8S_84 |
resource |
Deployment |
Ensure that the admission control plugin PodSecurityPolicy is set |
Kubernetes |
ApiServerPodSecurityPolicyPlugin.py |
| 463 |
CKV_K8S_84 |
resource |
DeploymentConfig |
Ensure that the admission control plugin PodSecurityPolicy is set |
Kubernetes |
ApiServerPodSecurityPolicyPlugin.py |
| 464 |
CKV_K8S_84 |
resource |
Job |
Ensure that the admission control plugin PodSecurityPolicy is set |
Kubernetes |
ApiServerPodSecurityPolicyPlugin.py |
| 465 |
CKV_K8S_84 |
resource |
Pod |
Ensure that the admission control plugin PodSecurityPolicy is set |
Kubernetes |
ApiServerPodSecurityPolicyPlugin.py |
| 466 |
CKV_K8S_84 |
resource |
PodTemplate |
Ensure that the admission control plugin PodSecurityPolicy is set |
Kubernetes |
ApiServerPodSecurityPolicyPlugin.py |
| 467 |
CKV_K8S_84 |
resource |
ReplicaSet |
Ensure that the admission control plugin PodSecurityPolicy is set |
Kubernetes |
ApiServerPodSecurityPolicyPlugin.py |
| 468 |
CKV_K8S_84 |
resource |
ReplicationController |
Ensure that the admission control plugin PodSecurityPolicy is set |
Kubernetes |
ApiServerPodSecurityPolicyPlugin.py |
| 469 |
CKV_K8S_84 |
resource |
StatefulSet |
Ensure that the admission control plugin PodSecurityPolicy is set |
Kubernetes |
ApiServerPodSecurityPolicyPlugin.py |
| 470 |
CKV_K8S_85 |
resource |
CronJob |
Ensure that the admission control plugin NodeRestriction is set |
Kubernetes |
ApiServerNodeRestrictionPlugin.py |
| 471 |
CKV_K8S_85 |
resource |
DaemonSet |
Ensure that the admission control plugin NodeRestriction is set |
Kubernetes |
ApiServerNodeRestrictionPlugin.py |
| 472 |
CKV_K8S_85 |
resource |
Deployment |
Ensure that the admission control plugin NodeRestriction is set |
Kubernetes |
ApiServerNodeRestrictionPlugin.py |
| 473 |
CKV_K8S_85 |
resource |
DeploymentConfig |
Ensure that the admission control plugin NodeRestriction is set |
Kubernetes |
ApiServerNodeRestrictionPlugin.py |
| 474 |
CKV_K8S_85 |
resource |
Job |
Ensure that the admission control plugin NodeRestriction is set |
Kubernetes |
ApiServerNodeRestrictionPlugin.py |
| 475 |
CKV_K8S_85 |
resource |
Pod |
Ensure that the admission control plugin NodeRestriction is set |
Kubernetes |
ApiServerNodeRestrictionPlugin.py |
| 476 |
CKV_K8S_85 |
resource |
PodTemplate |
Ensure that the admission control plugin NodeRestriction is set |
Kubernetes |
ApiServerNodeRestrictionPlugin.py |
| 477 |
CKV_K8S_85 |
resource |
ReplicaSet |
Ensure that the admission control plugin NodeRestriction is set |
Kubernetes |
ApiServerNodeRestrictionPlugin.py |
| 478 |
CKV_K8S_85 |
resource |
ReplicationController |
Ensure that the admission control plugin NodeRestriction is set |
Kubernetes |
ApiServerNodeRestrictionPlugin.py |
| 479 |
CKV_K8S_85 |
resource |
StatefulSet |
Ensure that the admission control plugin NodeRestriction is set |
Kubernetes |
ApiServerNodeRestrictionPlugin.py |
| 480 |
CKV_K8S_86 |
resource |
CronJob |
Ensure that the –insecure-bind-address argument is not set |
Kubernetes |
ApiServerInsecureBindAddress.py |
| 481 |
CKV_K8S_86 |
resource |
DaemonSet |
Ensure that the –insecure-bind-address argument is not set |
Kubernetes |
ApiServerInsecureBindAddress.py |
| 482 |
CKV_K8S_86 |
resource |
Deployment |
Ensure that the –insecure-bind-address argument is not set |
Kubernetes |
ApiServerInsecureBindAddress.py |
| 483 |
CKV_K8S_86 |
resource |
DeploymentConfig |
Ensure that the –insecure-bind-address argument is not set |
Kubernetes |
ApiServerInsecureBindAddress.py |
| 484 |
CKV_K8S_86 |
resource |
Job |
Ensure that the –insecure-bind-address argument is not set |
Kubernetes |
ApiServerInsecureBindAddress.py |
| 485 |
CKV_K8S_86 |
resource |
Pod |
Ensure that the –insecure-bind-address argument is not set |
Kubernetes |
ApiServerInsecureBindAddress.py |
| 486 |
CKV_K8S_86 |
resource |
PodTemplate |
Ensure that the –insecure-bind-address argument is not set |
Kubernetes |
ApiServerInsecureBindAddress.py |
| 487 |
CKV_K8S_86 |
resource |
ReplicaSet |
Ensure that the –insecure-bind-address argument is not set |
Kubernetes |
ApiServerInsecureBindAddress.py |
| 488 |
CKV_K8S_86 |
resource |
ReplicationController |
Ensure that the –insecure-bind-address argument is not set |
Kubernetes |
ApiServerInsecureBindAddress.py |
| 489 |
CKV_K8S_86 |
resource |
StatefulSet |
Ensure that the –insecure-bind-address argument is not set |
Kubernetes |
ApiServerInsecureBindAddress.py |
| 490 |
CKV_K8S_88 |
resource |
CronJob |
Ensure that the –insecure-port argument is set to 0 |
Kubernetes |
ApiServerInsecurePort.py |
| 491 |
CKV_K8S_88 |
resource |
DaemonSet |
Ensure that the –insecure-port argument is set to 0 |
Kubernetes |
ApiServerInsecurePort.py |
| 492 |
CKV_K8S_88 |
resource |
Deployment |
Ensure that the –insecure-port argument is set to 0 |
Kubernetes |
ApiServerInsecurePort.py |
| 493 |
CKV_K8S_88 |
resource |
DeploymentConfig |
Ensure that the –insecure-port argument is set to 0 |
Kubernetes |
ApiServerInsecurePort.py |
| 494 |
CKV_K8S_88 |
resource |
Job |
Ensure that the –insecure-port argument is set to 0 |
Kubernetes |
ApiServerInsecurePort.py |
| 495 |
CKV_K8S_88 |
resource |
Pod |
Ensure that the –insecure-port argument is set to 0 |
Kubernetes |
ApiServerInsecurePort.py |
| 496 |
CKV_K8S_88 |
resource |
PodTemplate |
Ensure that the –insecure-port argument is set to 0 |
Kubernetes |
ApiServerInsecurePort.py |
| 497 |
CKV_K8S_88 |
resource |
ReplicaSet |
Ensure that the –insecure-port argument is set to 0 |
Kubernetes |
ApiServerInsecurePort.py |
| 498 |
CKV_K8S_88 |
resource |
ReplicationController |
Ensure that the –insecure-port argument is set to 0 |
Kubernetes |
ApiServerInsecurePort.py |
| 499 |
CKV_K8S_88 |
resource |
StatefulSet |
Ensure that the –insecure-port argument is set to 0 |
Kubernetes |
ApiServerInsecurePort.py |
| 500 |
CKV_K8S_89 |
resource |
CronJob |
Ensure that the –secure-port argument is not set to 0 |
Kubernetes |
ApiServerSecurePort.py |
| 501 |
CKV_K8S_89 |
resource |
DaemonSet |
Ensure that the –secure-port argument is not set to 0 |
Kubernetes |
ApiServerSecurePort.py |
| 502 |
CKV_K8S_89 |
resource |
Deployment |
Ensure that the –secure-port argument is not set to 0 |
Kubernetes |
ApiServerSecurePort.py |
| 503 |
CKV_K8S_89 |
resource |
DeploymentConfig |
Ensure that the –secure-port argument is not set to 0 |
Kubernetes |
ApiServerSecurePort.py |
| 504 |
CKV_K8S_89 |
resource |
Job |
Ensure that the –secure-port argument is not set to 0 |
Kubernetes |
ApiServerSecurePort.py |
| 505 |
CKV_K8S_89 |
resource |
Pod |
Ensure that the –secure-port argument is not set to 0 |
Kubernetes |
ApiServerSecurePort.py |
| 506 |
CKV_K8S_89 |
resource |
PodTemplate |
Ensure that the –secure-port argument is not set to 0 |
Kubernetes |
ApiServerSecurePort.py |
| 507 |
CKV_K8S_89 |
resource |
ReplicaSet |
Ensure that the –secure-port argument is not set to 0 |
Kubernetes |
ApiServerSecurePort.py |
| 508 |
CKV_K8S_89 |
resource |
ReplicationController |
Ensure that the –secure-port argument is not set to 0 |
Kubernetes |
ApiServerSecurePort.py |
| 509 |
CKV_K8S_89 |
resource |
StatefulSet |
Ensure that the –secure-port argument is not set to 0 |
Kubernetes |
ApiServerSecurePort.py |
| 510 |
CKV_K8S_90 |
resource |
CronJob |
Ensure that the –profiling argument is set to false |
Kubernetes |
ApiServerProfiling.py |
| 511 |
CKV_K8S_90 |
resource |
DaemonSet |
Ensure that the –profiling argument is set to false |
Kubernetes |
ApiServerProfiling.py |
| 512 |
CKV_K8S_90 |
resource |
Deployment |
Ensure that the –profiling argument is set to false |
Kubernetes |
ApiServerProfiling.py |
| 513 |
CKV_K8S_90 |
resource |
DeploymentConfig |
Ensure that the –profiling argument is set to false |
Kubernetes |
ApiServerProfiling.py |
| 514 |
CKV_K8S_90 |
resource |
Job |
Ensure that the –profiling argument is set to false |
Kubernetes |
ApiServerProfiling.py |
| 515 |
CKV_K8S_90 |
resource |
Pod |
Ensure that the –profiling argument is set to false |
Kubernetes |
ApiServerProfiling.py |
| 516 |
CKV_K8S_90 |
resource |
PodTemplate |
Ensure that the –profiling argument is set to false |
Kubernetes |
ApiServerProfiling.py |
| 517 |
CKV_K8S_90 |
resource |
ReplicaSet |
Ensure that the –profiling argument is set to false |
Kubernetes |
ApiServerProfiling.py |
| 518 |
CKV_K8S_90 |
resource |
ReplicationController |
Ensure that the –profiling argument is set to false |
Kubernetes |
ApiServerProfiling.py |
| 519 |
CKV_K8S_90 |
resource |
StatefulSet |
Ensure that the –profiling argument is set to false |
Kubernetes |
ApiServerProfiling.py |
| 520 |
CKV_K8S_91 |
resource |
CronJob |
Ensure that the –audit-log-path argument is set |
Kubernetes |
ApiServerAuditLog.py |
| 521 |
CKV_K8S_91 |
resource |
DaemonSet |
Ensure that the –audit-log-path argument is set |
Kubernetes |
ApiServerAuditLog.py |
| 522 |
CKV_K8S_91 |
resource |
Deployment |
Ensure that the –audit-log-path argument is set |
Kubernetes |
ApiServerAuditLog.py |
| 523 |
CKV_K8S_91 |
resource |
DeploymentConfig |
Ensure that the –audit-log-path argument is set |
Kubernetes |
ApiServerAuditLog.py |
| 524 |
CKV_K8S_91 |
resource |
Job |
Ensure that the –audit-log-path argument is set |
Kubernetes |
ApiServerAuditLog.py |
| 525 |
CKV_K8S_91 |
resource |
Pod |
Ensure that the –audit-log-path argument is set |
Kubernetes |
ApiServerAuditLog.py |
| 526 |
CKV_K8S_91 |
resource |
PodTemplate |
Ensure that the –audit-log-path argument is set |
Kubernetes |
ApiServerAuditLog.py |
| 527 |
CKV_K8S_91 |
resource |
ReplicaSet |
Ensure that the –audit-log-path argument is set |
Kubernetes |
ApiServerAuditLog.py |
| 528 |
CKV_K8S_91 |
resource |
ReplicationController |
Ensure that the –audit-log-path argument is set |
Kubernetes |
ApiServerAuditLog.py |
| 529 |
CKV_K8S_91 |
resource |
StatefulSet |
Ensure that the –audit-log-path argument is set |
Kubernetes |
ApiServerAuditLog.py |
| 530 |
CKV_K8S_92 |
resource |
CronJob |
Ensure that the –audit-log-maxage argument is set to 30 or as appropriate |
Kubernetes |
ApiServerAuditLogMaxAge.py |
| 531 |
CKV_K8S_92 |
resource |
DaemonSet |
Ensure that the –audit-log-maxage argument is set to 30 or as appropriate |
Kubernetes |
ApiServerAuditLogMaxAge.py |
| 532 |
CKV_K8S_92 |
resource |
Deployment |
Ensure that the –audit-log-maxage argument is set to 30 or as appropriate |
Kubernetes |
ApiServerAuditLogMaxAge.py |
| 533 |
CKV_K8S_92 |
resource |
DeploymentConfig |
Ensure that the –audit-log-maxage argument is set to 30 or as appropriate |
Kubernetes |
ApiServerAuditLogMaxAge.py |
| 534 |
CKV_K8S_92 |
resource |
Job |
Ensure that the –audit-log-maxage argument is set to 30 or as appropriate |
Kubernetes |
ApiServerAuditLogMaxAge.py |
| 535 |
CKV_K8S_92 |
resource |
Pod |
Ensure that the –audit-log-maxage argument is set to 30 or as appropriate |
Kubernetes |
ApiServerAuditLogMaxAge.py |
| 536 |
CKV_K8S_92 |
resource |
PodTemplate |
Ensure that the –audit-log-maxage argument is set to 30 or as appropriate |
Kubernetes |
ApiServerAuditLogMaxAge.py |
| 537 |
CKV_K8S_92 |
resource |
ReplicaSet |
Ensure that the –audit-log-maxage argument is set to 30 or as appropriate |
Kubernetes |
ApiServerAuditLogMaxAge.py |
| 538 |
CKV_K8S_92 |
resource |
ReplicationController |
Ensure that the –audit-log-maxage argument is set to 30 or as appropriate |
Kubernetes |
ApiServerAuditLogMaxAge.py |
| 539 |
CKV_K8S_92 |
resource |
StatefulSet |
Ensure that the –audit-log-maxage argument is set to 30 or as appropriate |
Kubernetes |
ApiServerAuditLogMaxAge.py |
| 540 |
CKV_K8S_93 |
resource |
CronJob |
Ensure that the –audit-log-maxbackup argument is set to 10 or as appropriate |
Kubernetes |
ApiServerAuditLogMaxBackup.py |
| 541 |
CKV_K8S_93 |
resource |
DaemonSet |
Ensure that the –audit-log-maxbackup argument is set to 10 or as appropriate |
Kubernetes |
ApiServerAuditLogMaxBackup.py |
| 542 |
CKV_K8S_93 |
resource |
Deployment |
Ensure that the –audit-log-maxbackup argument is set to 10 or as appropriate |
Kubernetes |
ApiServerAuditLogMaxBackup.py |
| 543 |
CKV_K8S_93 |
resource |
DeploymentConfig |
Ensure that the –audit-log-maxbackup argument is set to 10 or as appropriate |
Kubernetes |
ApiServerAuditLogMaxBackup.py |
| 544 |
CKV_K8S_93 |
resource |
Job |
Ensure that the –audit-log-maxbackup argument is set to 10 or as appropriate |
Kubernetes |
ApiServerAuditLogMaxBackup.py |
| 545 |
CKV_K8S_93 |
resource |
Pod |
Ensure that the –audit-log-maxbackup argument is set to 10 or as appropriate |
Kubernetes |
ApiServerAuditLogMaxBackup.py |
| 546 |
CKV_K8S_93 |
resource |
PodTemplate |
Ensure that the –audit-log-maxbackup argument is set to 10 or as appropriate |
Kubernetes |
ApiServerAuditLogMaxBackup.py |
| 547 |
CKV_K8S_93 |
resource |
ReplicaSet |
Ensure that the –audit-log-maxbackup argument is set to 10 or as appropriate |
Kubernetes |
ApiServerAuditLogMaxBackup.py |
| 548 |
CKV_K8S_93 |
resource |
ReplicationController |
Ensure that the –audit-log-maxbackup argument is set to 10 or as appropriate |
Kubernetes |
ApiServerAuditLogMaxBackup.py |
| 549 |
CKV_K8S_93 |
resource |
StatefulSet |
Ensure that the –audit-log-maxbackup argument is set to 10 or as appropriate |
Kubernetes |
ApiServerAuditLogMaxBackup.py |
| 550 |
CKV_K8S_94 |
resource |
CronJob |
Ensure that the –audit-log-maxsize argument is set to 100 or as appropriate |
Kubernetes |
ApiServerAuditLogMaxSize.py |
| 551 |
CKV_K8S_94 |
resource |
DaemonSet |
Ensure that the –audit-log-maxsize argument is set to 100 or as appropriate |
Kubernetes |
ApiServerAuditLogMaxSize.py |
| 552 |
CKV_K8S_94 |
resource |
Deployment |
Ensure that the –audit-log-maxsize argument is set to 100 or as appropriate |
Kubernetes |
ApiServerAuditLogMaxSize.py |
| 553 |
CKV_K8S_94 |
resource |
DeploymentConfig |
Ensure that the –audit-log-maxsize argument is set to 100 or as appropriate |
Kubernetes |
ApiServerAuditLogMaxSize.py |
| 554 |
CKV_K8S_94 |
resource |
Job |
Ensure that the –audit-log-maxsize argument is set to 100 or as appropriate |
Kubernetes |
ApiServerAuditLogMaxSize.py |
| 555 |
CKV_K8S_94 |
resource |
Pod |
Ensure that the –audit-log-maxsize argument is set to 100 or as appropriate |
Kubernetes |
ApiServerAuditLogMaxSize.py |
| 556 |
CKV_K8S_94 |
resource |
PodTemplate |
Ensure that the –audit-log-maxsize argument is set to 100 or as appropriate |
Kubernetes |
ApiServerAuditLogMaxSize.py |
| 557 |
CKV_K8S_94 |
resource |
ReplicaSet |
Ensure that the –audit-log-maxsize argument is set to 100 or as appropriate |
Kubernetes |
ApiServerAuditLogMaxSize.py |
| 558 |
CKV_K8S_94 |
resource |
ReplicationController |
Ensure that the –audit-log-maxsize argument is set to 100 or as appropriate |
Kubernetes |
ApiServerAuditLogMaxSize.py |
| 559 |
CKV_K8S_94 |
resource |
StatefulSet |
Ensure that the –audit-log-maxsize argument is set to 100 or as appropriate |
Kubernetes |
ApiServerAuditLogMaxSize.py |
| 560 |
CKV_K8S_95 |
resource |
CronJob |
Ensure that the –request-timeout argument is set as appropriate |
Kubernetes |
ApiServerRequestTimeout.py |
| 561 |
CKV_K8S_95 |
resource |
DaemonSet |
Ensure that the –request-timeout argument is set as appropriate |
Kubernetes |
ApiServerRequestTimeout.py |
| 562 |
CKV_K8S_95 |
resource |
Deployment |
Ensure that the –request-timeout argument is set as appropriate |
Kubernetes |
ApiServerRequestTimeout.py |
| 563 |
CKV_K8S_95 |
resource |
DeploymentConfig |
Ensure that the –request-timeout argument is set as appropriate |
Kubernetes |
ApiServerRequestTimeout.py |
| 564 |
CKV_K8S_95 |
resource |
Job |
Ensure that the –request-timeout argument is set as appropriate |
Kubernetes |
ApiServerRequestTimeout.py |
| 565 |
CKV_K8S_95 |
resource |
Pod |
Ensure that the –request-timeout argument is set as appropriate |
Kubernetes |
ApiServerRequestTimeout.py |
| 566 |
CKV_K8S_95 |
resource |
PodTemplate |
Ensure that the –request-timeout argument is set as appropriate |
Kubernetes |
ApiServerRequestTimeout.py |
| 567 |
CKV_K8S_95 |
resource |
ReplicaSet |
Ensure that the –request-timeout argument is set as appropriate |
Kubernetes |
ApiServerRequestTimeout.py |
| 568 |
CKV_K8S_95 |
resource |
ReplicationController |
Ensure that the –request-timeout argument is set as appropriate |
Kubernetes |
ApiServerRequestTimeout.py |
| 569 |
CKV_K8S_95 |
resource |
StatefulSet |
Ensure that the –request-timeout argument is set as appropriate |
Kubernetes |
ApiServerRequestTimeout.py |
| 570 |
CKV_K8S_96 |
resource |
CronJob |
Ensure that the –service-account-lookup argument is set to true |
Kubernetes |
ApiServerServiceAccountLookup.py |
| 571 |
CKV_K8S_96 |
resource |
DaemonSet |
Ensure that the –service-account-lookup argument is set to true |
Kubernetes |
ApiServerServiceAccountLookup.py |
| 572 |
CKV_K8S_96 |
resource |
Deployment |
Ensure that the –service-account-lookup argument is set to true |
Kubernetes |
ApiServerServiceAccountLookup.py |
| 573 |
CKV_K8S_96 |
resource |
DeploymentConfig |
Ensure that the –service-account-lookup argument is set to true |
Kubernetes |
ApiServerServiceAccountLookup.py |
| 574 |
CKV_K8S_96 |
resource |
Job |
Ensure that the –service-account-lookup argument is set to true |
Kubernetes |
ApiServerServiceAccountLookup.py |
| 575 |
CKV_K8S_96 |
resource |
Pod |
Ensure that the –service-account-lookup argument is set to true |
Kubernetes |
ApiServerServiceAccountLookup.py |
| 576 |
CKV_K8S_96 |
resource |
PodTemplate |
Ensure that the –service-account-lookup argument is set to true |
Kubernetes |
ApiServerServiceAccountLookup.py |
| 577 |
CKV_K8S_96 |
resource |
ReplicaSet |
Ensure that the –service-account-lookup argument is set to true |
Kubernetes |
ApiServerServiceAccountLookup.py |
| 578 |
CKV_K8S_96 |
resource |
ReplicationController |
Ensure that the –service-account-lookup argument is set to true |
Kubernetes |
ApiServerServiceAccountLookup.py |
| 579 |
CKV_K8S_96 |
resource |
StatefulSet |
Ensure that the –service-account-lookup argument is set to true |
Kubernetes |
ApiServerServiceAccountLookup.py |
| 580 |
CKV_K8S_97 |
resource |
CronJob |
Ensure that the –service-account-key-file argument is set as appropriate |
Kubernetes |
ApiServerServiceAccountKeyFile.py |
| 581 |
CKV_K8S_97 |
resource |
DaemonSet |
Ensure that the –service-account-key-file argument is set as appropriate |
Kubernetes |
ApiServerServiceAccountKeyFile.py |
| 582 |
CKV_K8S_97 |
resource |
Deployment |
Ensure that the –service-account-key-file argument is set as appropriate |
Kubernetes |
ApiServerServiceAccountKeyFile.py |
| 583 |
CKV_K8S_97 |
resource |
DeploymentConfig |
Ensure that the –service-account-key-file argument is set as appropriate |
Kubernetes |
ApiServerServiceAccountKeyFile.py |
| 584 |
CKV_K8S_97 |
resource |
Job |
Ensure that the –service-account-key-file argument is set as appropriate |
Kubernetes |
ApiServerServiceAccountKeyFile.py |
| 585 |
CKV_K8S_97 |
resource |
Pod |
Ensure that the –service-account-key-file argument is set as appropriate |
Kubernetes |
ApiServerServiceAccountKeyFile.py |
| 586 |
CKV_K8S_97 |
resource |
PodTemplate |
Ensure that the –service-account-key-file argument is set as appropriate |
Kubernetes |
ApiServerServiceAccountKeyFile.py |
| 587 |
CKV_K8S_97 |
resource |
ReplicaSet |
Ensure that the –service-account-key-file argument is set as appropriate |
Kubernetes |
ApiServerServiceAccountKeyFile.py |
| 588 |
CKV_K8S_97 |
resource |
ReplicationController |
Ensure that the –service-account-key-file argument is set as appropriate |
Kubernetes |
ApiServerServiceAccountKeyFile.py |
| 589 |
CKV_K8S_97 |
resource |
StatefulSet |
Ensure that the –service-account-key-file argument is set as appropriate |
Kubernetes |
ApiServerServiceAccountKeyFile.py |
| 590 |
CKV_K8S_99 |
resource |
CronJob |
Ensure that the –etcd-certfile and –etcd-keyfile arguments are set as appropriate |
Kubernetes |
ApiServerEtcdCertAndKey.py |
| 591 |
CKV_K8S_99 |
resource |
DaemonSet |
Ensure that the –etcd-certfile and –etcd-keyfile arguments are set as appropriate |
Kubernetes |
ApiServerEtcdCertAndKey.py |
| 592 |
CKV_K8S_99 |
resource |
Deployment |
Ensure that the –etcd-certfile and –etcd-keyfile arguments are set as appropriate |
Kubernetes |
ApiServerEtcdCertAndKey.py |
| 593 |
CKV_K8S_99 |
resource |
DeploymentConfig |
Ensure that the –etcd-certfile and –etcd-keyfile arguments are set as appropriate |
Kubernetes |
ApiServerEtcdCertAndKey.py |
| 594 |
CKV_K8S_99 |
resource |
Job |
Ensure that the –etcd-certfile and –etcd-keyfile arguments are set as appropriate |
Kubernetes |
ApiServerEtcdCertAndKey.py |
| 595 |
CKV_K8S_99 |
resource |
Pod |
Ensure that the –etcd-certfile and –etcd-keyfile arguments are set as appropriate |
Kubernetes |
ApiServerEtcdCertAndKey.py |
| 596 |
CKV_K8S_99 |
resource |
PodTemplate |
Ensure that the –etcd-certfile and –etcd-keyfile arguments are set as appropriate |
Kubernetes |
ApiServerEtcdCertAndKey.py |
| 597 |
CKV_K8S_99 |
resource |
ReplicaSet |
Ensure that the –etcd-certfile and –etcd-keyfile arguments are set as appropriate |
Kubernetes |
ApiServerEtcdCertAndKey.py |
| 598 |
CKV_K8S_99 |
resource |
ReplicationController |
Ensure that the –etcd-certfile and –etcd-keyfile arguments are set as appropriate |
Kubernetes |
ApiServerEtcdCertAndKey.py |
| 599 |
CKV_K8S_99 |
resource |
StatefulSet |
Ensure that the –etcd-certfile and –etcd-keyfile arguments are set as appropriate |
Kubernetes |
ApiServerEtcdCertAndKey.py |
| 600 |
CKV_K8S_100 |
resource |
CronJob |
Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate |
Kubernetes |
ApiServerTlsCertAndKey.py |
| 601 |
CKV_K8S_100 |
resource |
DaemonSet |
Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate |
Kubernetes |
ApiServerTlsCertAndKey.py |
| 602 |
CKV_K8S_100 |
resource |
Deployment |
Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate |
Kubernetes |
ApiServerTlsCertAndKey.py |
| 603 |
CKV_K8S_100 |
resource |
DeploymentConfig |
Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate |
Kubernetes |
ApiServerTlsCertAndKey.py |
| 604 |
CKV_K8S_100 |
resource |
Job |
Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate |
Kubernetes |
ApiServerTlsCertAndKey.py |
| 605 |
CKV_K8S_100 |
resource |
Pod |
Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate |
Kubernetes |
ApiServerTlsCertAndKey.py |
| 606 |
CKV_K8S_100 |
resource |
PodTemplate |
Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate |
Kubernetes |
ApiServerTlsCertAndKey.py |
| 607 |
CKV_K8S_100 |
resource |
ReplicaSet |
Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate |
Kubernetes |
ApiServerTlsCertAndKey.py |
| 608 |
CKV_K8S_100 |
resource |
ReplicationController |
Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate |
Kubernetes |
ApiServerTlsCertAndKey.py |
| 609 |
CKV_K8S_100 |
resource |
StatefulSet |
Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate |
Kubernetes |
ApiServerTlsCertAndKey.py |
| 610 |
CKV_K8S_102 |
resource |
CronJob |
Ensure that the –etcd-cafile argument is set as appropriate |
Kubernetes |
ApiServerEtcdCaFile.py |
| 611 |
CKV_K8S_102 |
resource |
DaemonSet |
Ensure that the –etcd-cafile argument is set as appropriate |
Kubernetes |
ApiServerEtcdCaFile.py |
| 612 |
CKV_K8S_102 |
resource |
Deployment |
Ensure that the –etcd-cafile argument is set as appropriate |
Kubernetes |
ApiServerEtcdCaFile.py |
| 613 |
CKV_K8S_102 |
resource |
DeploymentConfig |
Ensure that the –etcd-cafile argument is set as appropriate |
Kubernetes |
ApiServerEtcdCaFile.py |
| 614 |
CKV_K8S_102 |
resource |
Job |
Ensure that the –etcd-cafile argument is set as appropriate |
Kubernetes |
ApiServerEtcdCaFile.py |
| 615 |
CKV_K8S_102 |
resource |
Pod |
Ensure that the –etcd-cafile argument is set as appropriate |
Kubernetes |
ApiServerEtcdCaFile.py |
| 616 |
CKV_K8S_102 |
resource |
PodTemplate |
Ensure that the –etcd-cafile argument is set as appropriate |
Kubernetes |
ApiServerEtcdCaFile.py |
| 617 |
CKV_K8S_102 |
resource |
ReplicaSet |
Ensure that the –etcd-cafile argument is set as appropriate |
Kubernetes |
ApiServerEtcdCaFile.py |
| 618 |
CKV_K8S_102 |
resource |
ReplicationController |
Ensure that the –etcd-cafile argument is set as appropriate |
Kubernetes |
ApiServerEtcdCaFile.py |
| 619 |
CKV_K8S_102 |
resource |
StatefulSet |
Ensure that the –etcd-cafile argument is set as appropriate |
Kubernetes |
ApiServerEtcdCaFile.py |
| 620 |
CKV_K8S_104 |
resource |
CronJob |
Ensure that encryption providers are appropriately configured |
Kubernetes |
ApiServerEncryptionProviders.py |
| 621 |
CKV_K8S_104 |
resource |
DaemonSet |
Ensure that encryption providers are appropriately configured |
Kubernetes |
ApiServerEncryptionProviders.py |
| 622 |
CKV_K8S_104 |
resource |
Deployment |
Ensure that encryption providers are appropriately configured |
Kubernetes |
ApiServerEncryptionProviders.py |
| 623 |
CKV_K8S_104 |
resource |
DeploymentConfig |
Ensure that encryption providers are appropriately configured |
Kubernetes |
ApiServerEncryptionProviders.py |
| 624 |
CKV_K8S_104 |
resource |
Job |
Ensure that encryption providers are appropriately configured |
Kubernetes |
ApiServerEncryptionProviders.py |
| 625 |
CKV_K8S_104 |
resource |
Pod |
Ensure that encryption providers are appropriately configured |
Kubernetes |
ApiServerEncryptionProviders.py |
| 626 |
CKV_K8S_104 |
resource |
PodTemplate |
Ensure that encryption providers are appropriately configured |
Kubernetes |
ApiServerEncryptionProviders.py |
| 627 |
CKV_K8S_104 |
resource |
ReplicaSet |
Ensure that encryption providers are appropriately configured |
Kubernetes |
ApiServerEncryptionProviders.py |
| 628 |
CKV_K8S_104 |
resource |
ReplicationController |
Ensure that encryption providers are appropriately configured |
Kubernetes |
ApiServerEncryptionProviders.py |
| 629 |
CKV_K8S_104 |
resource |
StatefulSet |
Ensure that encryption providers are appropriately configured |
Kubernetes |
ApiServerEncryptionProviders.py |
| 630 |
CKV_K8S_105 |
resource |
CronJob |
Ensure that the API Server only makes use of Strong Cryptographic Ciphers |
Kubernetes |
ApiServerStrongCryptographicCiphers.py |
| 631 |
CKV_K8S_105 |
resource |
DaemonSet |
Ensure that the API Server only makes use of Strong Cryptographic Ciphers |
Kubernetes |
ApiServerStrongCryptographicCiphers.py |
| 632 |
CKV_K8S_105 |
resource |
Deployment |
Ensure that the API Server only makes use of Strong Cryptographic Ciphers |
Kubernetes |
ApiServerStrongCryptographicCiphers.py |
| 633 |
CKV_K8S_105 |
resource |
DeploymentConfig |
Ensure that the API Server only makes use of Strong Cryptographic Ciphers |
Kubernetes |
ApiServerStrongCryptographicCiphers.py |
| 634 |
CKV_K8S_105 |
resource |
Job |
Ensure that the API Server only makes use of Strong Cryptographic Ciphers |
Kubernetes |
ApiServerStrongCryptographicCiphers.py |
| 635 |
CKV_K8S_105 |
resource |
Pod |
Ensure that the API Server only makes use of Strong Cryptographic Ciphers |
Kubernetes |
ApiServerStrongCryptographicCiphers.py |
| 636 |
CKV_K8S_105 |
resource |
PodTemplate |
Ensure that the API Server only makes use of Strong Cryptographic Ciphers |
Kubernetes |
ApiServerStrongCryptographicCiphers.py |
| 637 |
CKV_K8S_105 |
resource |
ReplicaSet |
Ensure that the API Server only makes use of Strong Cryptographic Ciphers |
Kubernetes |
ApiServerStrongCryptographicCiphers.py |
| 638 |
CKV_K8S_105 |
resource |
ReplicationController |
Ensure that the API Server only makes use of Strong Cryptographic Ciphers |
Kubernetes |
ApiServerStrongCryptographicCiphers.py |
| 639 |
CKV_K8S_105 |
resource |
StatefulSet |
Ensure that the API Server only makes use of Strong Cryptographic Ciphers |
Kubernetes |
ApiServerStrongCryptographicCiphers.py |
| 640 |
CKV_K8S_106 |
resource |
CronJob |
Ensure that the –terminated-pod-gc-threshold argument is set as appropriate |
Kubernetes |
KubeControllerManagerTerminatedPods.py |
| 641 |
CKV_K8S_106 |
resource |
DaemonSet |
Ensure that the –terminated-pod-gc-threshold argument is set as appropriate |
Kubernetes |
KubeControllerManagerTerminatedPods.py |
| 642 |
CKV_K8S_106 |
resource |
Deployment |
Ensure that the –terminated-pod-gc-threshold argument is set as appropriate |
Kubernetes |
KubeControllerManagerTerminatedPods.py |
| 643 |
CKV_K8S_106 |
resource |
DeploymentConfig |
Ensure that the –terminated-pod-gc-threshold argument is set as appropriate |
Kubernetes |
KubeControllerManagerTerminatedPods.py |
| 644 |
CKV_K8S_106 |
resource |
Job |
Ensure that the –terminated-pod-gc-threshold argument is set as appropriate |
Kubernetes |
KubeControllerManagerTerminatedPods.py |
| 645 |
CKV_K8S_106 |
resource |
Pod |
Ensure that the –terminated-pod-gc-threshold argument is set as appropriate |
Kubernetes |
KubeControllerManagerTerminatedPods.py |
| 646 |
CKV_K8S_106 |
resource |
PodTemplate |
Ensure that the –terminated-pod-gc-threshold argument is set as appropriate |
Kubernetes |
KubeControllerManagerTerminatedPods.py |
| 647 |
CKV_K8S_106 |
resource |
ReplicaSet |
Ensure that the –terminated-pod-gc-threshold argument is set as appropriate |
Kubernetes |
KubeControllerManagerTerminatedPods.py |
| 648 |
CKV_K8S_106 |
resource |
ReplicationController |
Ensure that the –terminated-pod-gc-threshold argument is set as appropriate |
Kubernetes |
KubeControllerManagerTerminatedPods.py |
| 649 |
CKV_K8S_106 |
resource |
StatefulSet |
Ensure that the –terminated-pod-gc-threshold argument is set as appropriate |
Kubernetes |
KubeControllerManagerTerminatedPods.py |
| 650 |
CKV_K8S_107 |
resource |
CronJob |
Ensure that the –profiling argument is set to false |
Kubernetes |
KubeControllerManagerBlockProfiles.py |
| 651 |
CKV_K8S_107 |
resource |
DaemonSet |
Ensure that the –profiling argument is set to false |
Kubernetes |
KubeControllerManagerBlockProfiles.py |
| 652 |
CKV_K8S_107 |
resource |
Deployment |
Ensure that the –profiling argument is set to false |
Kubernetes |
KubeControllerManagerBlockProfiles.py |
| 653 |
CKV_K8S_107 |
resource |
DeploymentConfig |
Ensure that the –profiling argument is set to false |
Kubernetes |
KubeControllerManagerBlockProfiles.py |
| 654 |
CKV_K8S_107 |
resource |
Job |
Ensure that the –profiling argument is set to false |
Kubernetes |
KubeControllerManagerBlockProfiles.py |
| 655 |
CKV_K8S_107 |
resource |
Pod |
Ensure that the –profiling argument is set to false |
Kubernetes |
KubeControllerManagerBlockProfiles.py |
| 656 |
CKV_K8S_107 |
resource |
PodTemplate |
Ensure that the –profiling argument is set to false |
Kubernetes |
KubeControllerManagerBlockProfiles.py |
| 657 |
CKV_K8S_107 |
resource |
ReplicaSet |
Ensure that the –profiling argument is set to false |
Kubernetes |
KubeControllerManagerBlockProfiles.py |
| 658 |
CKV_K8S_107 |
resource |
ReplicationController |
Ensure that the –profiling argument is set to false |
Kubernetes |
KubeControllerManagerBlockProfiles.py |
| 659 |
CKV_K8S_107 |
resource |
StatefulSet |
Ensure that the –profiling argument is set to false |
Kubernetes |
KubeControllerManagerBlockProfiles.py |
| 660 |
CKV_K8S_108 |
resource |
CronJob |
Ensure that the –use-service-account-credentials argument is set to true |
Kubernetes |
KubeControllerManagerServiceAccountCredentials.py |
| 661 |
CKV_K8S_108 |
resource |
DaemonSet |
Ensure that the –use-service-account-credentials argument is set to true |
Kubernetes |
KubeControllerManagerServiceAccountCredentials.py |
| 662 |
CKV_K8S_108 |
resource |
Deployment |
Ensure that the –use-service-account-credentials argument is set to true |
Kubernetes |
KubeControllerManagerServiceAccountCredentials.py |
| 663 |
CKV_K8S_108 |
resource |
DeploymentConfig |
Ensure that the –use-service-account-credentials argument is set to true |
Kubernetes |
KubeControllerManagerServiceAccountCredentials.py |
| 664 |
CKV_K8S_108 |
resource |
Job |
Ensure that the –use-service-account-credentials argument is set to true |
Kubernetes |
KubeControllerManagerServiceAccountCredentials.py |
| 665 |
CKV_K8S_108 |
resource |
Pod |
Ensure that the –use-service-account-credentials argument is set to true |
Kubernetes |
KubeControllerManagerServiceAccountCredentials.py |
| 666 |
CKV_K8S_108 |
resource |
PodTemplate |
Ensure that the –use-service-account-credentials argument is set to true |
Kubernetes |
KubeControllerManagerServiceAccountCredentials.py |
| 667 |
CKV_K8S_108 |
resource |
ReplicaSet |
Ensure that the –use-service-account-credentials argument is set to true |
Kubernetes |
KubeControllerManagerServiceAccountCredentials.py |
| 668 |
CKV_K8S_108 |
resource |
ReplicationController |
Ensure that the –use-service-account-credentials argument is set to true |
Kubernetes |
KubeControllerManagerServiceAccountCredentials.py |
| 669 |
CKV_K8S_108 |
resource |
StatefulSet |
Ensure that the –use-service-account-credentials argument is set to true |
Kubernetes |
KubeControllerManagerServiceAccountCredentials.py |
| 670 |
CKV_K8S_110 |
resource |
CronJob |
Ensure that the –service-account-private-key-file argument is set as appropriate |
Kubernetes |
KubeControllerManagerServiceAccountPrivateKeyFile.py |
| 671 |
CKV_K8S_110 |
resource |
DaemonSet |
Ensure that the –service-account-private-key-file argument is set as appropriate |
Kubernetes |
KubeControllerManagerServiceAccountPrivateKeyFile.py |
| 672 |
CKV_K8S_110 |
resource |
Deployment |
Ensure that the –service-account-private-key-file argument is set as appropriate |
Kubernetes |
KubeControllerManagerServiceAccountPrivateKeyFile.py |
| 673 |
CKV_K8S_110 |
resource |
DeploymentConfig |
Ensure that the –service-account-private-key-file argument is set as appropriate |
Kubernetes |
KubeControllerManagerServiceAccountPrivateKeyFile.py |
| 674 |
CKV_K8S_110 |
resource |
Job |
Ensure that the –service-account-private-key-file argument is set as appropriate |
Kubernetes |
KubeControllerManagerServiceAccountPrivateKeyFile.py |
| 675 |
CKV_K8S_110 |
resource |
Pod |
Ensure that the –service-account-private-key-file argument is set as appropriate |
Kubernetes |
KubeControllerManagerServiceAccountPrivateKeyFile.py |
| 676 |
CKV_K8S_110 |
resource |
PodTemplate |
Ensure that the –service-account-private-key-file argument is set as appropriate |
Kubernetes |
KubeControllerManagerServiceAccountPrivateKeyFile.py |
| 677 |
CKV_K8S_110 |
resource |
ReplicaSet |
Ensure that the –service-account-private-key-file argument is set as appropriate |
Kubernetes |
KubeControllerManagerServiceAccountPrivateKeyFile.py |
| 678 |
CKV_K8S_110 |
resource |
ReplicationController |
Ensure that the –service-account-private-key-file argument is set as appropriate |
Kubernetes |
KubeControllerManagerServiceAccountPrivateKeyFile.py |
| 679 |
CKV_K8S_110 |
resource |
StatefulSet |
Ensure that the –service-account-private-key-file argument is set as appropriate |
Kubernetes |
KubeControllerManagerServiceAccountPrivateKeyFile.py |
| 680 |
CKV_K8S_111 |
resource |
CronJob |
Ensure that the –root-ca-file argument is set as appropriate |
Kubernetes |
KubeControllerManagerRootCAFile.py |
| 681 |
CKV_K8S_111 |
resource |
DaemonSet |
Ensure that the –root-ca-file argument is set as appropriate |
Kubernetes |
KubeControllerManagerRootCAFile.py |
| 682 |
CKV_K8S_111 |
resource |
Deployment |
Ensure that the –root-ca-file argument is set as appropriate |
Kubernetes |
KubeControllerManagerRootCAFile.py |
| 683 |
CKV_K8S_111 |
resource |
DeploymentConfig |
Ensure that the –root-ca-file argument is set as appropriate |
Kubernetes |
KubeControllerManagerRootCAFile.py |
| 684 |
CKV_K8S_111 |
resource |
Job |
Ensure that the –root-ca-file argument is set as appropriate |
Kubernetes |
KubeControllerManagerRootCAFile.py |
| 685 |
CKV_K8S_111 |
resource |
Pod |
Ensure that the –root-ca-file argument is set as appropriate |
Kubernetes |
KubeControllerManagerRootCAFile.py |
| 686 |
CKV_K8S_111 |
resource |
PodTemplate |
Ensure that the –root-ca-file argument is set as appropriate |
Kubernetes |
KubeControllerManagerRootCAFile.py |
| 687 |
CKV_K8S_111 |
resource |
ReplicaSet |
Ensure that the –root-ca-file argument is set as appropriate |
Kubernetes |
KubeControllerManagerRootCAFile.py |
| 688 |
CKV_K8S_111 |
resource |
ReplicationController |
Ensure that the –root-ca-file argument is set as appropriate |
Kubernetes |
KubeControllerManagerRootCAFile.py |
| 689 |
CKV_K8S_111 |
resource |
StatefulSet |
Ensure that the –root-ca-file argument is set as appropriate |
Kubernetes |
KubeControllerManagerRootCAFile.py |
| 690 |
CKV_K8S_112 |
resource |
CronJob |
Ensure that the RotateKubeletServerCertificate argument is set to true |
Kubernetes |
RotateKubeletServerCertificate.py |
| 691 |
CKV_K8S_112 |
resource |
DaemonSet |
Ensure that the RotateKubeletServerCertificate argument is set to true |
Kubernetes |
RotateKubeletServerCertificate.py |
| 692 |
CKV_K8S_112 |
resource |
Deployment |
Ensure that the RotateKubeletServerCertificate argument is set to true |
Kubernetes |
RotateKubeletServerCertificate.py |
| 693 |
CKV_K8S_112 |
resource |
DeploymentConfig |
Ensure that the RotateKubeletServerCertificate argument is set to true |
Kubernetes |
RotateKubeletServerCertificate.py |
| 694 |
CKV_K8S_112 |
resource |
Job |
Ensure that the RotateKubeletServerCertificate argument is set to true |
Kubernetes |
RotateKubeletServerCertificate.py |
| 695 |
CKV_K8S_112 |
resource |
Pod |
Ensure that the RotateKubeletServerCertificate argument is set to true |
Kubernetes |
RotateKubeletServerCertificate.py |
| 696 |
CKV_K8S_112 |
resource |
PodTemplate |
Ensure that the RotateKubeletServerCertificate argument is set to true |
Kubernetes |
RotateKubeletServerCertificate.py |
| 697 |
CKV_K8S_112 |
resource |
ReplicaSet |
Ensure that the RotateKubeletServerCertificate argument is set to true |
Kubernetes |
RotateKubeletServerCertificate.py |
| 698 |
CKV_K8S_112 |
resource |
ReplicationController |
Ensure that the RotateKubeletServerCertificate argument is set to true |
Kubernetes |
RotateKubeletServerCertificate.py |
| 699 |
CKV_K8S_112 |
resource |
StatefulSet |
Ensure that the RotateKubeletServerCertificate argument is set to true |
Kubernetes |
RotateKubeletServerCertificate.py |
| 700 |
CKV_K8S_113 |
resource |
CronJob |
Ensure that the –bind-address argument is set to 127.0.0.1 |
Kubernetes |
ControllerManagerBindAddress.py |
| 701 |
CKV_K8S_113 |
resource |
DaemonSet |
Ensure that the –bind-address argument is set to 127.0.0.1 |
Kubernetes |
ControllerManagerBindAddress.py |
| 702 |
CKV_K8S_113 |
resource |
Deployment |
Ensure that the –bind-address argument is set to 127.0.0.1 |
Kubernetes |
ControllerManagerBindAddress.py |
| 703 |
CKV_K8S_113 |
resource |
DeploymentConfig |
Ensure that the –bind-address argument is set to 127.0.0.1 |
Kubernetes |
ControllerManagerBindAddress.py |
| 704 |
CKV_K8S_113 |
resource |
Job |
Ensure that the –bind-address argument is set to 127.0.0.1 |
Kubernetes |
ControllerManagerBindAddress.py |
| 705 |
CKV_K8S_113 |
resource |
Pod |
Ensure that the –bind-address argument is set to 127.0.0.1 |
Kubernetes |
ControllerManagerBindAddress.py |
| 706 |
CKV_K8S_113 |
resource |
PodTemplate |
Ensure that the –bind-address argument is set to 127.0.0.1 |
Kubernetes |
ControllerManagerBindAddress.py |
| 707 |
CKV_K8S_113 |
resource |
ReplicaSet |
Ensure that the –bind-address argument is set to 127.0.0.1 |
Kubernetes |
ControllerManagerBindAddress.py |
| 708 |
CKV_K8S_113 |
resource |
ReplicationController |
Ensure that the –bind-address argument is set to 127.0.0.1 |
Kubernetes |
ControllerManagerBindAddress.py |
| 709 |
CKV_K8S_113 |
resource |
StatefulSet |
Ensure that the –bind-address argument is set to 127.0.0.1 |
Kubernetes |
ControllerManagerBindAddress.py |
| 710 |
CKV_K8S_114 |
resource |
CronJob |
Ensure that the –profiling argument is set to false |
Kubernetes |
SchedulerProfiling.py |
| 711 |
CKV_K8S_114 |
resource |
DaemonSet |
Ensure that the –profiling argument is set to false |
Kubernetes |
SchedulerProfiling.py |
| 712 |
CKV_K8S_114 |
resource |
Deployment |
Ensure that the –profiling argument is set to false |
Kubernetes |
SchedulerProfiling.py |
| 713 |
CKV_K8S_114 |
resource |
DeploymentConfig |
Ensure that the –profiling argument is set to false |
Kubernetes |
SchedulerProfiling.py |
| 714 |
CKV_K8S_114 |
resource |
Job |
Ensure that the –profiling argument is set to false |
Kubernetes |
SchedulerProfiling.py |
| 715 |
CKV_K8S_114 |
resource |
Pod |
Ensure that the –profiling argument is set to false |
Kubernetes |
SchedulerProfiling.py |
| 716 |
CKV_K8S_114 |
resource |
PodTemplate |
Ensure that the –profiling argument is set to false |
Kubernetes |
SchedulerProfiling.py |
| 717 |
CKV_K8S_114 |
resource |
ReplicaSet |
Ensure that the –profiling argument is set to false |
Kubernetes |
SchedulerProfiling.py |
| 718 |
CKV_K8S_114 |
resource |
ReplicationController |
Ensure that the –profiling argument is set to false |
Kubernetes |
SchedulerProfiling.py |
| 719 |
CKV_K8S_114 |
resource |
StatefulSet |
Ensure that the –profiling argument is set to false |
Kubernetes |
SchedulerProfiling.py |
| 720 |
CKV_K8S_115 |
resource |
CronJob |
Ensure that the –bind-address argument is set to 127.0.0.1 |
Kubernetes |
SchedulerBindAddress.py |
| 721 |
CKV_K8S_115 |
resource |
DaemonSet |
Ensure that the –bind-address argument is set to 127.0.0.1 |
Kubernetes |
SchedulerBindAddress.py |
| 722 |
CKV_K8S_115 |
resource |
Deployment |
Ensure that the –bind-address argument is set to 127.0.0.1 |
Kubernetes |
SchedulerBindAddress.py |
| 723 |
CKV_K8S_115 |
resource |
DeploymentConfig |
Ensure that the –bind-address argument is set to 127.0.0.1 |
Kubernetes |
SchedulerBindAddress.py |
| 724 |
CKV_K8S_115 |
resource |
Job |
Ensure that the –bind-address argument is set to 127.0.0.1 |
Kubernetes |
SchedulerBindAddress.py |
| 725 |
CKV_K8S_115 |
resource |
Pod |
Ensure that the –bind-address argument is set to 127.0.0.1 |
Kubernetes |
SchedulerBindAddress.py |
| 726 |
CKV_K8S_115 |
resource |
PodTemplate |
Ensure that the –bind-address argument is set to 127.0.0.1 |
Kubernetes |
SchedulerBindAddress.py |
| 727 |
CKV_K8S_115 |
resource |
ReplicaSet |
Ensure that the –bind-address argument is set to 127.0.0.1 |
Kubernetes |
SchedulerBindAddress.py |
| 728 |
CKV_K8S_115 |
resource |
ReplicationController |
Ensure that the –bind-address argument is set to 127.0.0.1 |
Kubernetes |
SchedulerBindAddress.py |
| 729 |
CKV_K8S_115 |
resource |
StatefulSet |
Ensure that the –bind-address argument is set to 127.0.0.1 |
Kubernetes |
SchedulerBindAddress.py |
| 730 |
CKV_K8S_116 |
resource |
CronJob |
Ensure that the –cert-file and –key-file arguments are set as appropriate |
Kubernetes |
EtcdCertAndKey.py |
| 731 |
CKV_K8S_116 |
resource |
DaemonSet |
Ensure that the –cert-file and –key-file arguments are set as appropriate |
Kubernetes |
EtcdCertAndKey.py |
| 732 |
CKV_K8S_116 |
resource |
Deployment |
Ensure that the –cert-file and –key-file arguments are set as appropriate |
Kubernetes |
EtcdCertAndKey.py |
| 733 |
CKV_K8S_116 |
resource |
DeploymentConfig |
Ensure that the –cert-file and –key-file arguments are set as appropriate |
Kubernetes |
EtcdCertAndKey.py |
| 734 |
CKV_K8S_116 |
resource |
Job |
Ensure that the –cert-file and –key-file arguments are set as appropriate |
Kubernetes |
EtcdCertAndKey.py |
| 735 |
CKV_K8S_116 |
resource |
Pod |
Ensure that the –cert-file and –key-file arguments are set as appropriate |
Kubernetes |
EtcdCertAndKey.py |
| 736 |
CKV_K8S_116 |
resource |
PodTemplate |
Ensure that the –cert-file and –key-file arguments are set as appropriate |
Kubernetes |
EtcdCertAndKey.py |
| 737 |
CKV_K8S_116 |
resource |
ReplicaSet |
Ensure that the –cert-file and –key-file arguments are set as appropriate |
Kubernetes |
EtcdCertAndKey.py |
| 738 |
CKV_K8S_116 |
resource |
ReplicationController |
Ensure that the –cert-file and –key-file arguments are set as appropriate |
Kubernetes |
EtcdCertAndKey.py |
| 739 |
CKV_K8S_116 |
resource |
StatefulSet |
Ensure that the –cert-file and –key-file arguments are set as appropriate |
Kubernetes |
EtcdCertAndKey.py |
| 740 |
CKV_K8S_117 |
resource |
CronJob |
Ensure that the –client-cert-auth argument is set to true |
Kubernetes |
EtcdClientCertAuth.py |
| 741 |
CKV_K8S_117 |
resource |
DaemonSet |
Ensure that the –client-cert-auth argument is set to true |
Kubernetes |
EtcdClientCertAuth.py |
| 742 |
CKV_K8S_117 |
resource |
Deployment |
Ensure that the –client-cert-auth argument is set to true |
Kubernetes |
EtcdClientCertAuth.py |
| 743 |
CKV_K8S_117 |
resource |
DeploymentConfig |
Ensure that the –client-cert-auth argument is set to true |
Kubernetes |
EtcdClientCertAuth.py |
| 744 |
CKV_K8S_117 |
resource |
Job |
Ensure that the –client-cert-auth argument is set to true |
Kubernetes |
EtcdClientCertAuth.py |
| 745 |
CKV_K8S_117 |
resource |
Pod |
Ensure that the –client-cert-auth argument is set to true |
Kubernetes |
EtcdClientCertAuth.py |
| 746 |
CKV_K8S_117 |
resource |
PodTemplate |
Ensure that the –client-cert-auth argument is set to true |
Kubernetes |
EtcdClientCertAuth.py |
| 747 |
CKV_K8S_117 |
resource |
ReplicaSet |
Ensure that the –client-cert-auth argument is set to true |
Kubernetes |
EtcdClientCertAuth.py |
| 748 |
CKV_K8S_117 |
resource |
ReplicationController |
Ensure that the –client-cert-auth argument is set to true |
Kubernetes |
EtcdClientCertAuth.py |
| 749 |
CKV_K8S_117 |
resource |
StatefulSet |
Ensure that the –client-cert-auth argument is set to true |
Kubernetes |
EtcdClientCertAuth.py |
| 750 |
CKV_K8S_118 |
resource |
CronJob |
Ensure that the –auto-tls argument is not set to true |
Kubernetes |
EtcdAutoTls.py |
| 751 |
CKV_K8S_118 |
resource |
DaemonSet |
Ensure that the –auto-tls argument is not set to true |
Kubernetes |
EtcdAutoTls.py |
| 752 |
CKV_K8S_118 |
resource |
Deployment |
Ensure that the –auto-tls argument is not set to true |
Kubernetes |
EtcdAutoTls.py |
| 753 |
CKV_K8S_118 |
resource |
DeploymentConfig |
Ensure that the –auto-tls argument is not set to true |
Kubernetes |
EtcdAutoTls.py |
| 754 |
CKV_K8S_118 |
resource |
Job |
Ensure that the –auto-tls argument is not set to true |
Kubernetes |
EtcdAutoTls.py |
| 755 |
CKV_K8S_118 |
resource |
Pod |
Ensure that the –auto-tls argument is not set to true |
Kubernetes |
EtcdAutoTls.py |
| 756 |
CKV_K8S_118 |
resource |
PodTemplate |
Ensure that the –auto-tls argument is not set to true |
Kubernetes |
EtcdAutoTls.py |
| 757 |
CKV_K8S_118 |
resource |
ReplicaSet |
Ensure that the –auto-tls argument is not set to true |
Kubernetes |
EtcdAutoTls.py |
| 758 |
CKV_K8S_118 |
resource |
ReplicationController |
Ensure that the –auto-tls argument is not set to true |
Kubernetes |
EtcdAutoTls.py |
| 759 |
CKV_K8S_118 |
resource |
StatefulSet |
Ensure that the –auto-tls argument is not set to true |
Kubernetes |
EtcdAutoTls.py |
| 760 |
CKV_K8S_119 |
resource |
CronJob |
Ensure that the –peer-cert-file and –peer-key-file arguments are set as appropriate |
Kubernetes |
EtcdPeerFiles.py |
| 761 |
CKV_K8S_119 |
resource |
DaemonSet |
Ensure that the –peer-cert-file and –peer-key-file arguments are set as appropriate |
Kubernetes |
EtcdPeerFiles.py |
| 762 |
CKV_K8S_119 |
resource |
Deployment |
Ensure that the –peer-cert-file and –peer-key-file arguments are set as appropriate |
Kubernetes |
EtcdPeerFiles.py |
| 763 |
CKV_K8S_119 |
resource |
DeploymentConfig |
Ensure that the –peer-cert-file and –peer-key-file arguments are set as appropriate |
Kubernetes |
EtcdPeerFiles.py |
| 764 |
CKV_K8S_119 |
resource |
Job |
Ensure that the –peer-cert-file and –peer-key-file arguments are set as appropriate |
Kubernetes |
EtcdPeerFiles.py |
| 765 |
CKV_K8S_119 |
resource |
Pod |
Ensure that the –peer-cert-file and –peer-key-file arguments are set as appropriate |
Kubernetes |
EtcdPeerFiles.py |
| 766 |
CKV_K8S_119 |
resource |
PodTemplate |
Ensure that the –peer-cert-file and –peer-key-file arguments are set as appropriate |
Kubernetes |
EtcdPeerFiles.py |
| 767 |
CKV_K8S_119 |
resource |
ReplicaSet |
Ensure that the –peer-cert-file and –peer-key-file arguments are set as appropriate |
Kubernetes |
EtcdPeerFiles.py |
| 768 |
CKV_K8S_119 |
resource |
ReplicationController |
Ensure that the –peer-cert-file and –peer-key-file arguments are set as appropriate |
Kubernetes |
EtcdPeerFiles.py |
| 769 |
CKV_K8S_119 |
resource |
StatefulSet |
Ensure that the –peer-cert-file and –peer-key-file arguments are set as appropriate |
Kubernetes |
EtcdPeerFiles.py |
| 770 |
CKV_K8S_121 |
resource |
Pod |
Ensure that the –peer-client-cert-auth argument is set to true |
Kubernetes |
PeerClientCertAuthTrue.py |
| 771 |
CKV_K8S_138 |
resource |
CronJob |
Ensure that the –anonymous-auth argument is set to false |
Kubernetes |
KubeletAnonymousAuth.py |
| 772 |
CKV_K8S_138 |
resource |
DaemonSet |
Ensure that the –anonymous-auth argument is set to false |
Kubernetes |
KubeletAnonymousAuth.py |
| 773 |
CKV_K8S_138 |
resource |
Deployment |
Ensure that the –anonymous-auth argument is set to false |
Kubernetes |
KubeletAnonymousAuth.py |
| 774 |
CKV_K8S_138 |
resource |
DeploymentConfig |
Ensure that the –anonymous-auth argument is set to false |
Kubernetes |
KubeletAnonymousAuth.py |
| 775 |
CKV_K8S_138 |
resource |
Job |
Ensure that the –anonymous-auth argument is set to false |
Kubernetes |
KubeletAnonymousAuth.py |
| 776 |
CKV_K8S_138 |
resource |
Pod |
Ensure that the –anonymous-auth argument is set to false |
Kubernetes |
KubeletAnonymousAuth.py |
| 777 |
CKV_K8S_138 |
resource |
PodTemplate |
Ensure that the –anonymous-auth argument is set to false |
Kubernetes |
KubeletAnonymousAuth.py |
| 778 |
CKV_K8S_138 |
resource |
ReplicaSet |
Ensure that the –anonymous-auth argument is set to false |
Kubernetes |
KubeletAnonymousAuth.py |
| 779 |
CKV_K8S_138 |
resource |
ReplicationController |
Ensure that the –anonymous-auth argument is set to false |
Kubernetes |
KubeletAnonymousAuth.py |
| 780 |
CKV_K8S_138 |
resource |
StatefulSet |
Ensure that the –anonymous-auth argument is set to false |
Kubernetes |
KubeletAnonymousAuth.py |
| 781 |
CKV_K8S_139 |
resource |
CronJob |
Ensure that the –authorization-mode argument is not set to AlwaysAllow |
Kubernetes |
KubeletAuthorizationModeNotAlwaysAllow.py |
| 782 |
CKV_K8S_139 |
resource |
DaemonSet |
Ensure that the –authorization-mode argument is not set to AlwaysAllow |
Kubernetes |
KubeletAuthorizationModeNotAlwaysAllow.py |
| 783 |
CKV_K8S_139 |
resource |
Deployment |
Ensure that the –authorization-mode argument is not set to AlwaysAllow |
Kubernetes |
KubeletAuthorizationModeNotAlwaysAllow.py |
| 784 |
CKV_K8S_139 |
resource |
DeploymentConfig |
Ensure that the –authorization-mode argument is not set to AlwaysAllow |
Kubernetes |
KubeletAuthorizationModeNotAlwaysAllow.py |
| 785 |
CKV_K8S_139 |
resource |
Job |
Ensure that the –authorization-mode argument is not set to AlwaysAllow |
Kubernetes |
KubeletAuthorizationModeNotAlwaysAllow.py |
| 786 |
CKV_K8S_139 |
resource |
Pod |
Ensure that the –authorization-mode argument is not set to AlwaysAllow |
Kubernetes |
KubeletAuthorizationModeNotAlwaysAllow.py |
| 787 |
CKV_K8S_139 |
resource |
PodTemplate |
Ensure that the –authorization-mode argument is not set to AlwaysAllow |
Kubernetes |
KubeletAuthorizationModeNotAlwaysAllow.py |
| 788 |
CKV_K8S_139 |
resource |
ReplicaSet |
Ensure that the –authorization-mode argument is not set to AlwaysAllow |
Kubernetes |
KubeletAuthorizationModeNotAlwaysAllow.py |
| 789 |
CKV_K8S_139 |
resource |
ReplicationController |
Ensure that the –authorization-mode argument is not set to AlwaysAllow |
Kubernetes |
KubeletAuthorizationModeNotAlwaysAllow.py |
| 790 |
CKV_K8S_139 |
resource |
StatefulSet |
Ensure that the –authorization-mode argument is not set to AlwaysAllow |
Kubernetes |
KubeletAuthorizationModeNotAlwaysAllow.py |
| 791 |
CKV_K8S_140 |
resource |
CronJob |
Ensure that the –client-ca-file argument is set as appropriate |
Kubernetes |
KubeletClientCa.py |
| 792 |
CKV_K8S_140 |
resource |
DaemonSet |
Ensure that the –client-ca-file argument is set as appropriate |
Kubernetes |
KubeletClientCa.py |
| 793 |
CKV_K8S_140 |
resource |
Deployment |
Ensure that the –client-ca-file argument is set as appropriate |
Kubernetes |
KubeletClientCa.py |
| 794 |
CKV_K8S_140 |
resource |
DeploymentConfig |
Ensure that the –client-ca-file argument is set as appropriate |
Kubernetes |
KubeletClientCa.py |
| 795 |
CKV_K8S_140 |
resource |
Job |
Ensure that the –client-ca-file argument is set as appropriate |
Kubernetes |
KubeletClientCa.py |
| 796 |
CKV_K8S_140 |
resource |
Pod |
Ensure that the –client-ca-file argument is set as appropriate |
Kubernetes |
KubeletClientCa.py |
| 797 |
CKV_K8S_140 |
resource |
PodTemplate |
Ensure that the –client-ca-file argument is set as appropriate |
Kubernetes |
KubeletClientCa.py |
| 798 |
CKV_K8S_140 |
resource |
ReplicaSet |
Ensure that the –client-ca-file argument is set as appropriate |
Kubernetes |
KubeletClientCa.py |
| 799 |
CKV_K8S_140 |
resource |
ReplicationController |
Ensure that the –client-ca-file argument is set as appropriate |
Kubernetes |
KubeletClientCa.py |
| 800 |
CKV_K8S_140 |
resource |
StatefulSet |
Ensure that the –client-ca-file argument is set as appropriate |
Kubernetes |
KubeletClientCa.py |
| 801 |
CKV_K8S_141 |
resource |
CronJob |
Ensure that the –read-only-port argument is set to 0 |
Kubernetes |
KubeletReadOnlyPort.py |
| 802 |
CKV_K8S_141 |
resource |
DaemonSet |
Ensure that the –read-only-port argument is set to 0 |
Kubernetes |
KubeletReadOnlyPort.py |
| 803 |
CKV_K8S_141 |
resource |
Deployment |
Ensure that the –read-only-port argument is set to 0 |
Kubernetes |
KubeletReadOnlyPort.py |
| 804 |
CKV_K8S_141 |
resource |
DeploymentConfig |
Ensure that the –read-only-port argument is set to 0 |
Kubernetes |
KubeletReadOnlyPort.py |
| 805 |
CKV_K8S_141 |
resource |
Job |
Ensure that the –read-only-port argument is set to 0 |
Kubernetes |
KubeletReadOnlyPort.py |
| 806 |
CKV_K8S_141 |
resource |
Pod |
Ensure that the –read-only-port argument is set to 0 |
Kubernetes |
KubeletReadOnlyPort.py |
| 807 |
CKV_K8S_141 |
resource |
PodTemplate |
Ensure that the –read-only-port argument is set to 0 |
Kubernetes |
KubeletReadOnlyPort.py |
| 808 |
CKV_K8S_141 |
resource |
ReplicaSet |
Ensure that the –read-only-port argument is set to 0 |
Kubernetes |
KubeletReadOnlyPort.py |
| 809 |
CKV_K8S_141 |
resource |
ReplicationController |
Ensure that the –read-only-port argument is set to 0 |
Kubernetes |
KubeletReadOnlyPort.py |
| 810 |
CKV_K8S_141 |
resource |
StatefulSet |
Ensure that the –read-only-port argument is set to 0 |
Kubernetes |
KubeletReadOnlyPort.py |
| 811 |
CKV_K8S_143 |
resource |
CronJob |
Ensure that the –streaming-connection-idle-timeout argument is not set to 0 |
Kubernetes |
KubeletStreamingConnectionIdleTimeout.py |
| 812 |
CKV_K8S_143 |
resource |
DaemonSet |
Ensure that the –streaming-connection-idle-timeout argument is not set to 0 |
Kubernetes |
KubeletStreamingConnectionIdleTimeout.py |
| 813 |
CKV_K8S_143 |
resource |
Deployment |
Ensure that the –streaming-connection-idle-timeout argument is not set to 0 |
Kubernetes |
KubeletStreamingConnectionIdleTimeout.py |
| 814 |
CKV_K8S_143 |
resource |
DeploymentConfig |
Ensure that the –streaming-connection-idle-timeout argument is not set to 0 |
Kubernetes |
KubeletStreamingConnectionIdleTimeout.py |
| 815 |
CKV_K8S_143 |
resource |
Job |
Ensure that the –streaming-connection-idle-timeout argument is not set to 0 |
Kubernetes |
KubeletStreamingConnectionIdleTimeout.py |
| 816 |
CKV_K8S_143 |
resource |
Pod |
Ensure that the –streaming-connection-idle-timeout argument is not set to 0 |
Kubernetes |
KubeletStreamingConnectionIdleTimeout.py |
| 817 |
CKV_K8S_143 |
resource |
PodTemplate |
Ensure that the –streaming-connection-idle-timeout argument is not set to 0 |
Kubernetes |
KubeletStreamingConnectionIdleTimeout.py |
| 818 |
CKV_K8S_143 |
resource |
ReplicaSet |
Ensure that the –streaming-connection-idle-timeout argument is not set to 0 |
Kubernetes |
KubeletStreamingConnectionIdleTimeout.py |
| 819 |
CKV_K8S_143 |
resource |
ReplicationController |
Ensure that the –streaming-connection-idle-timeout argument is not set to 0 |
Kubernetes |
KubeletStreamingConnectionIdleTimeout.py |
| 820 |
CKV_K8S_143 |
resource |
StatefulSet |
Ensure that the –streaming-connection-idle-timeout argument is not set to 0 |
Kubernetes |
KubeletStreamingConnectionIdleTimeout.py |
| 821 |
CKV_K8S_144 |
resource |
CronJob |
Ensure that the –protect-kernel-defaults argument is set to true |
Kubernetes |
KubeletProtectKernelDefaults.py |
| 822 |
CKV_K8S_144 |
resource |
DaemonSet |
Ensure that the –protect-kernel-defaults argument is set to true |
Kubernetes |
KubeletProtectKernelDefaults.py |
| 823 |
CKV_K8S_144 |
resource |
Deployment |
Ensure that the –protect-kernel-defaults argument is set to true |
Kubernetes |
KubeletProtectKernelDefaults.py |
| 824 |
CKV_K8S_144 |
resource |
DeploymentConfig |
Ensure that the –protect-kernel-defaults argument is set to true |
Kubernetes |
KubeletProtectKernelDefaults.py |
| 825 |
CKV_K8S_144 |
resource |
Job |
Ensure that the –protect-kernel-defaults argument is set to true |
Kubernetes |
KubeletProtectKernelDefaults.py |
| 826 |
CKV_K8S_144 |
resource |
Pod |
Ensure that the –protect-kernel-defaults argument is set to true |
Kubernetes |
KubeletProtectKernelDefaults.py |
| 827 |
CKV_K8S_144 |
resource |
PodTemplate |
Ensure that the –protect-kernel-defaults argument is set to true |
Kubernetes |
KubeletProtectKernelDefaults.py |
| 828 |
CKV_K8S_144 |
resource |
ReplicaSet |
Ensure that the –protect-kernel-defaults argument is set to true |
Kubernetes |
KubeletProtectKernelDefaults.py |
| 829 |
CKV_K8S_144 |
resource |
ReplicationController |
Ensure that the –protect-kernel-defaults argument is set to true |
Kubernetes |
KubeletProtectKernelDefaults.py |
| 830 |
CKV_K8S_144 |
resource |
StatefulSet |
Ensure that the –protect-kernel-defaults argument is set to true |
Kubernetes |
KubeletProtectKernelDefaults.py |
| 831 |
CKV_K8S_145 |
resource |
CronJob |
Ensure that the –make-iptables-util-chains argument is set to true |
Kubernetes |
KubeletMakeIptablesUtilChains.py |
| 832 |
CKV_K8S_145 |
resource |
DaemonSet |
Ensure that the –make-iptables-util-chains argument is set to true |
Kubernetes |
KubeletMakeIptablesUtilChains.py |
| 833 |
CKV_K8S_145 |
resource |
Deployment |
Ensure that the –make-iptables-util-chains argument is set to true |
Kubernetes |
KubeletMakeIptablesUtilChains.py |
| 834 |
CKV_K8S_145 |
resource |
DeploymentConfig |
Ensure that the –make-iptables-util-chains argument is set to true |
Kubernetes |
KubeletMakeIptablesUtilChains.py |
| 835 |
CKV_K8S_145 |
resource |
Job |
Ensure that the –make-iptables-util-chains argument is set to true |
Kubernetes |
KubeletMakeIptablesUtilChains.py |
| 836 |
CKV_K8S_145 |
resource |
Pod |
Ensure that the –make-iptables-util-chains argument is set to true |
Kubernetes |
KubeletMakeIptablesUtilChains.py |
| 837 |
CKV_K8S_145 |
resource |
PodTemplate |
Ensure that the –make-iptables-util-chains argument is set to true |
Kubernetes |
KubeletMakeIptablesUtilChains.py |
| 838 |
CKV_K8S_145 |
resource |
ReplicaSet |
Ensure that the –make-iptables-util-chains argument is set to true |
Kubernetes |
KubeletMakeIptablesUtilChains.py |
| 839 |
CKV_K8S_145 |
resource |
ReplicationController |
Ensure that the –make-iptables-util-chains argument is set to true |
Kubernetes |
KubeletMakeIptablesUtilChains.py |
| 840 |
CKV_K8S_145 |
resource |
StatefulSet |
Ensure that the –make-iptables-util-chains argument is set to true |
Kubernetes |
KubeletMakeIptablesUtilChains.py |
| 841 |
CKV_K8S_146 |
resource |
CronJob |
Ensure that the –hostname-override argument is not set |
Kubernetes |
KubeletHostnameOverride.py |
| 842 |
CKV_K8S_146 |
resource |
DaemonSet |
Ensure that the –hostname-override argument is not set |
Kubernetes |
KubeletHostnameOverride.py |
| 843 |
CKV_K8S_146 |
resource |
Deployment |
Ensure that the –hostname-override argument is not set |
Kubernetes |
KubeletHostnameOverride.py |
| 844 |
CKV_K8S_146 |
resource |
DeploymentConfig |
Ensure that the –hostname-override argument is not set |
Kubernetes |
KubeletHostnameOverride.py |
| 845 |
CKV_K8S_146 |
resource |
Job |
Ensure that the –hostname-override argument is not set |
Kubernetes |
KubeletHostnameOverride.py |
| 846 |
CKV_K8S_146 |
resource |
Pod |
Ensure that the –hostname-override argument is not set |
Kubernetes |
KubeletHostnameOverride.py |
| 847 |
CKV_K8S_146 |
resource |
PodTemplate |
Ensure that the –hostname-override argument is not set |
Kubernetes |
KubeletHostnameOverride.py |
| 848 |
CKV_K8S_146 |
resource |
ReplicaSet |
Ensure that the –hostname-override argument is not set |
Kubernetes |
KubeletHostnameOverride.py |
| 849 |
CKV_K8S_146 |
resource |
ReplicationController |
Ensure that the –hostname-override argument is not set |
Kubernetes |
KubeletHostnameOverride.py |
| 850 |
CKV_K8S_146 |
resource |
StatefulSet |
Ensure that the –hostname-override argument is not set |
Kubernetes |
KubeletHostnameOverride.py |
| 851 |
CKV_K8S_147 |
resource |
CronJob |
Ensure that the –event-qps argument is set to 0 or a level which ensures appropriate event capture |
Kubernetes |
KubletEventCapture.py |
| 852 |
CKV_K8S_147 |
resource |
DaemonSet |
Ensure that the –event-qps argument is set to 0 or a level which ensures appropriate event capture |
Kubernetes |
KubletEventCapture.py |
| 853 |
CKV_K8S_147 |
resource |
Deployment |
Ensure that the –event-qps argument is set to 0 or a level which ensures appropriate event capture |
Kubernetes |
KubletEventCapture.py |
| 854 |
CKV_K8S_147 |
resource |
DeploymentConfig |
Ensure that the –event-qps argument is set to 0 or a level which ensures appropriate event capture |
Kubernetes |
KubletEventCapture.py |
| 855 |
CKV_K8S_147 |
resource |
Job |
Ensure that the –event-qps argument is set to 0 or a level which ensures appropriate event capture |
Kubernetes |
KubletEventCapture.py |
| 856 |
CKV_K8S_147 |
resource |
Pod |
Ensure that the –event-qps argument is set to 0 or a level which ensures appropriate event capture |
Kubernetes |
KubletEventCapture.py |
| 857 |
CKV_K8S_147 |
resource |
PodTemplate |
Ensure that the –event-qps argument is set to 0 or a level which ensures appropriate event capture |
Kubernetes |
KubletEventCapture.py |
| 858 |
CKV_K8S_147 |
resource |
ReplicaSet |
Ensure that the –event-qps argument is set to 0 or a level which ensures appropriate event capture |
Kubernetes |
KubletEventCapture.py |
| 859 |
CKV_K8S_147 |
resource |
ReplicationController |
Ensure that the –event-qps argument is set to 0 or a level which ensures appropriate event capture |
Kubernetes |
KubletEventCapture.py |
| 860 |
CKV_K8S_147 |
resource |
StatefulSet |
Ensure that the –event-qps argument is set to 0 or a level which ensures appropriate event capture |
Kubernetes |
KubletEventCapture.py |
| 861 |
CKV_K8S_148 |
resource |
CronJob |
Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate |
Kubernetes |
KubeletKeyFilesSetAppropriate.py |
| 862 |
CKV_K8S_148 |
resource |
DaemonSet |
Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate |
Kubernetes |
KubeletKeyFilesSetAppropriate.py |
| 863 |
CKV_K8S_148 |
resource |
Deployment |
Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate |
Kubernetes |
KubeletKeyFilesSetAppropriate.py |
| 864 |
CKV_K8S_148 |
resource |
DeploymentConfig |
Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate |
Kubernetes |
KubeletKeyFilesSetAppropriate.py |
| 865 |
CKV_K8S_148 |
resource |
Job |
Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate |
Kubernetes |
KubeletKeyFilesSetAppropriate.py |
| 866 |
CKV_K8S_148 |
resource |
Pod |
Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate |
Kubernetes |
KubeletKeyFilesSetAppropriate.py |
| 867 |
CKV_K8S_148 |
resource |
PodTemplate |
Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate |
Kubernetes |
KubeletKeyFilesSetAppropriate.py |
| 868 |
CKV_K8S_148 |
resource |
ReplicaSet |
Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate |
Kubernetes |
KubeletKeyFilesSetAppropriate.py |
| 869 |
CKV_K8S_148 |
resource |
ReplicationController |
Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate |
Kubernetes |
KubeletKeyFilesSetAppropriate.py |
| 870 |
CKV_K8S_148 |
resource |
StatefulSet |
Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate |
Kubernetes |
KubeletKeyFilesSetAppropriate.py |
| 871 |
CKV_K8S_149 |
resource |
CronJob |
Ensure that the –rotate-certificates argument is not set to false |
Kubernetes |
KubletRotateCertificates.py |
| 872 |
CKV_K8S_149 |
resource |
DaemonSet |
Ensure that the –rotate-certificates argument is not set to false |
Kubernetes |
KubletRotateCertificates.py |
| 873 |
CKV_K8S_149 |
resource |
Deployment |
Ensure that the –rotate-certificates argument is not set to false |
Kubernetes |
KubletRotateCertificates.py |
| 874 |
CKV_K8S_149 |
resource |
DeploymentConfig |
Ensure that the –rotate-certificates argument is not set to false |
Kubernetes |
KubletRotateCertificates.py |
| 875 |
CKV_K8S_149 |
resource |
Job |
Ensure that the –rotate-certificates argument is not set to false |
Kubernetes |
KubletRotateCertificates.py |
| 876 |
CKV_K8S_149 |
resource |
Pod |
Ensure that the –rotate-certificates argument is not set to false |
Kubernetes |
KubletRotateCertificates.py |
| 877 |
CKV_K8S_149 |
resource |
PodTemplate |
Ensure that the –rotate-certificates argument is not set to false |
Kubernetes |
KubletRotateCertificates.py |
| 878 |
CKV_K8S_149 |
resource |
ReplicaSet |
Ensure that the –rotate-certificates argument is not set to false |
Kubernetes |
KubletRotateCertificates.py |
| 879 |
CKV_K8S_149 |
resource |
ReplicationController |
Ensure that the –rotate-certificates argument is not set to false |
Kubernetes |
KubletRotateCertificates.py |
| 880 |
CKV_K8S_149 |
resource |
StatefulSet |
Ensure that the –rotate-certificates argument is not set to false |
Kubernetes |
KubletRotateCertificates.py |
| 881 |
CKV_K8S_151 |
resource |
CronJob |
Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers |
Kubernetes |
KubeletCryptographicCiphers.py |
| 882 |
CKV_K8S_151 |
resource |
DaemonSet |
Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers |
Kubernetes |
KubeletCryptographicCiphers.py |
| 883 |
CKV_K8S_151 |
resource |
Deployment |
Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers |
Kubernetes |
KubeletCryptographicCiphers.py |
| 884 |
CKV_K8S_151 |
resource |
DeploymentConfig |
Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers |
Kubernetes |
KubeletCryptographicCiphers.py |
| 885 |
CKV_K8S_151 |
resource |
Job |
Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers |
Kubernetes |
KubeletCryptographicCiphers.py |
| 886 |
CKV_K8S_151 |
resource |
Pod |
Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers |
Kubernetes |
KubeletCryptographicCiphers.py |
| 887 |
CKV_K8S_151 |
resource |
PodTemplate |
Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers |
Kubernetes |
KubeletCryptographicCiphers.py |
| 888 |
CKV_K8S_151 |
resource |
ReplicaSet |
Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers |
Kubernetes |
KubeletCryptographicCiphers.py |
| 889 |
CKV_K8S_151 |
resource |
ReplicationController |
Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers |
Kubernetes |
KubeletCryptographicCiphers.py |
| 890 |
CKV_K8S_151 |
resource |
StatefulSet |
Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers |
Kubernetes |
KubeletCryptographicCiphers.py |
| 891 |
CKV_K8S_152 |
resource |
Ingress |
Prevent NGINX Ingress annotation snippets which contain LUA code execution. See CVE-2021-25742 |
Kubernetes |
NginxIngressCVE202125742Lua.py |
| 892 |
CKV_K8S_153 |
resource |
Ingress |
Prevent All NGINX Ingress annotation snippets. See CVE-2021-25742 |
Kubernetes |
NginxIngressCVE202125742AllSnippets.py |
| 893 |
CKV_K8S_154 |
resource |
Ingress |
Prevent NGINX Ingress annotation snippets which contain alias statements See CVE-2021-25742 |
Kubernetes |
NginxIngressCVE202125742Alias.py |
| 894 |
CKV_K8S_155 |
resource |
ClusterRole |
Minimize ClusterRoles that grant control over validating or mutating admission webhook configurations |
Kubernetes |
RbacControlWebhooks.py |
| 895 |
CKV_K8S_156 |
resource |
ClusterRole |
Minimize ClusterRoles that grant permissions to approve CertificateSigningRequests |
Kubernetes |
RbacApproveCertificateSigningRequests.py |
| 896 |
CKV_K8S_157 |
resource |
ClusterRole |
Minimize Roles and ClusterRoles that grant permissions to bind RoleBindings or ClusterRoleBindings |
Kubernetes |
RbacBindRoleBindings.py |
| 897 |
CKV_K8S_157 |
resource |
Role |
Minimize Roles and ClusterRoles that grant permissions to bind RoleBindings or ClusterRoleBindings |
Kubernetes |
RbacBindRoleBindings.py |
| 898 |
CKV_K8S_158 |
resource |
ClusterRole |
Minimize Roles and ClusterRoles that grant permissions to escalate Roles or ClusterRoles |
Kubernetes |
RbacEscalateRoles.py |
| 899 |
CKV_K8S_158 |
resource |
Role |
Minimize Roles and ClusterRoles that grant permissions to escalate Roles or ClusterRoles |
Kubernetes |
RbacEscalateRoles.py |
| 900 |
CKV_K8S_159 |
resource |
CronJob |
Limit the use of git-sync to prevent code injection |
Kubernetes |
DangerousGitSync.py |
| 901 |
CKV_K8S_159 |
resource |
DaemonSet |
Limit the use of git-sync to prevent code injection |
Kubernetes |
DangerousGitSync.py |
| 902 |
CKV_K8S_159 |
resource |
Deployment |
Limit the use of git-sync to prevent code injection |
Kubernetes |
DangerousGitSync.py |
| 903 |
CKV_K8S_159 |
resource |
DeploymentConfig |
Limit the use of git-sync to prevent code injection |
Kubernetes |
DangerousGitSync.py |
| 904 |
CKV_K8S_159 |
resource |
Job |
Limit the use of git-sync to prevent code injection |
Kubernetes |
DangerousGitSync.py |
| 905 |
CKV_K8S_159 |
resource |
Pod |
Limit the use of git-sync to prevent code injection |
Kubernetes |
DangerousGitSync.py |
| 906 |
CKV_K8S_159 |
resource |
PodTemplate |
Limit the use of git-sync to prevent code injection |
Kubernetes |
DangerousGitSync.py |
| 907 |
CKV_K8S_159 |
resource |
ReplicaSet |
Limit the use of git-sync to prevent code injection |
Kubernetes |
DangerousGitSync.py |
| 908 |
CKV_K8S_159 |
resource |
ReplicationController |
Limit the use of git-sync to prevent code injection |
Kubernetes |
DangerousGitSync.py |
| 909 |
CKV_K8S_159 |
resource |
StatefulSet |
Limit the use of git-sync to prevent code injection |
Kubernetes |
DangerousGitSync.py |
| 910 |
CKV2_K8S_1 |
resource |
ClusterRole |
RoleBinding should not allow privilege escalation to a ServiceAccount or Node on other RoleBinding |
Kubernetes |
RoleBindingPE.yaml |
| 911 |
CKV2_K8S_1 |
resource |
ClusterRoleBinding |
RoleBinding should not allow privilege escalation to a ServiceAccount or Node on other RoleBinding |
Kubernetes |
RoleBindingPE.yaml |
| 912 |
CKV2_K8S_1 |
resource |
Role |
RoleBinding should not allow privilege escalation to a ServiceAccount or Node on other RoleBinding |
Kubernetes |
RoleBindingPE.yaml |
| 913 |
CKV2_K8S_1 |
resource |
RoleBinding |
RoleBinding should not allow privilege escalation to a ServiceAccount or Node on other RoleBinding |
Kubernetes |
RoleBindingPE.yaml |
| 914 |
CKV2_K8S_2 |
resource |
ClusterRole |
Granting create permissions to nodes/proxy or pods/exec sub resources allows potential privilege escalation |
Kubernetes |
NoCreateNodesProxyOrPodsExec.yaml |
| 915 |
CKV2_K8S_2 |
resource |
ClusterRoleBinding |
Granting create permissions to nodes/proxy or pods/exec sub resources allows potential privilege escalation |
Kubernetes |
NoCreateNodesProxyOrPodsExec.yaml |
| 916 |
CKV2_K8S_2 |
resource |
Role |
Granting create permissions to nodes/proxy or pods/exec sub resources allows potential privilege escalation |
Kubernetes |
NoCreateNodesProxyOrPodsExec.yaml |
| 917 |
CKV2_K8S_2 |
resource |
RoleBinding |
Granting create permissions to nodes/proxy or pods/exec sub resources allows potential privilege escalation |
Kubernetes |
NoCreateNodesProxyOrPodsExec.yaml |
| 918 |
CKV2_K8S_3 |
resource |
ClusterRole |
No ServiceAccount/Node should have impersonate permissions for groups/users/service-accounts |
Kubernetes |
ImpersonatePermissions.yaml |
| 919 |
CKV2_K8S_3 |
resource |
ClusterRoleBinding |
No ServiceAccount/Node should have impersonate permissions for groups/users/service-accounts |
Kubernetes |
ImpersonatePermissions.yaml |
| 920 |
CKV2_K8S_3 |
resource |
Role |
No ServiceAccount/Node should have impersonate permissions for groups/users/service-accounts |
Kubernetes |
ImpersonatePermissions.yaml |
| 921 |
CKV2_K8S_3 |
resource |
RoleBinding |
No ServiceAccount/Node should have impersonate permissions for groups/users/service-accounts |
Kubernetes |
ImpersonatePermissions.yaml |
| 922 |
CKV2_K8S_4 |
resource |
ClusterRole |
ServiceAccounts and nodes that can modify services/status may set the status.loadBalancer.ingress.ip field to exploit the unfixed CVE-2020-8554 and launch MiTM attacks against the cluster. |
Kubernetes |
ModifyServicesStatus.yaml |
| 923 |
CKV2_K8S_4 |
resource |
ClusterRoleBinding |
ServiceAccounts and nodes that can modify services/status may set the status.loadBalancer.ingress.ip field to exploit the unfixed CVE-2020-8554 and launch MiTM attacks against the cluster. |
Kubernetes |
ModifyServicesStatus.yaml |
| 924 |
CKV2_K8S_4 |
resource |
Role |
ServiceAccounts and nodes that can modify services/status may set the status.loadBalancer.ingress.ip field to exploit the unfixed CVE-2020-8554 and launch MiTM attacks against the cluster. |
Kubernetes |
ModifyServicesStatus.yaml |
| 925 |
CKV2_K8S_4 |
resource |
RoleBinding |
ServiceAccounts and nodes that can modify services/status may set the status.loadBalancer.ingress.ip field to exploit the unfixed CVE-2020-8554 and launch MiTM attacks against the cluster. |
Kubernetes |
ModifyServicesStatus.yaml |
| 926 |
CKV2_K8S_5 |
resource |
ClusterRole |
No ServiceAccount/Node should be able to read all secrets |
Kubernetes |
ReadAllSecrets.yaml |
| 927 |
CKV2_K8S_5 |
resource |
ClusterRoleBinding |
No ServiceAccount/Node should be able to read all secrets |
Kubernetes |
ReadAllSecrets.yaml |
| 928 |
CKV2_K8S_5 |
resource |
Role |
No ServiceAccount/Node should be able to read all secrets |
Kubernetes |
ReadAllSecrets.yaml |
| 929 |
CKV2_K8S_5 |
resource |
RoleBinding |
No ServiceAccount/Node should be able to read all secrets |
Kubernetes |
ReadAllSecrets.yaml |
| 930 |
CKV2_K8S_6 |
resource |
Deployment |
Minimize the admission of pods which lack an associated NetworkPolicy |
Kubernetes |
RequireAllPodsToHaveNetworkPolicy.yaml |
| 931 |
CKV2_K8S_6 |
resource |
Pod |
Minimize the admission of pods which lack an associated NetworkPolicy |
Kubernetes |
RequireAllPodsToHaveNetworkPolicy.yaml |