Merge pull request #17 from bci-oss/bugfix/KICS_Privilege_Escalation_…

…Allowed_Fix fix:KICS Privilege Escalation Allowed violation
eclipse-tractusx · Jun 27, 2023 · b980877 · b980877
2 parents 9f4b32e + 2e229ec
commit b980877
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/charts/discoveryfinder/templates/deployment.yaml b/charts/discoveryfinder/templates/deployment.yaml
@@ -15,6 +15,8 @@ spec:
       labels:
         app: {{ $deployment_name }}
     spec:
+      securityContext:
+        runAsUser: 100
       containers:
         - name: {{ $deployment_name }}
           image: {{ .Values.discoveryfinder.image.registry }}/{{ .Values.discoveryfinder.image.repository }}:{{ .Values.discoveryfinder.image.version | default .Chart.AppVersion }}
@@ -24,6 +26,11 @@ spec:
           {{- end }}
           ports:
             - containerPort: {{ .Values.discoveryfinder.containerPort }}
+#         Containers should not run with allowPrivilegeEscalation in order to prevent them from gaining more privileges than their parent process
+#         Refer Set the security context for a Pod section here - https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+          securityContext:
+            runAsUser: 100
+            allowPrivilegeEscalation: false
           livenessProbe:
             httpGet:
               path: /actuator/health/liveness