Please fix optional check for seccomp #590

wargamez · 2024-03-17T14:19:56Z

It seems the optional check for seccomp only looks at some annotation (Which I am not sure is the right way to look for this). Kubernetes documentations says this should be set in securityContext or podSecurityContext and seems kubeaudit thinks the same. So even if I have this set like that (Without annotation, but in Context) kubescore is giving a warning.
Ref: https://github.com/Shopify/kubeaudit/blob/main/docs/auditors/seccomp.md and https://kubernetes.io/docs/tutorials/security/seccomp/

Also applying dry-run label on migration from psp to restricted psa the warining on not set vanishes when set as part of any securityContext...

/E

kmarteaux · 2024-11-06T21:35:50Z

@zegl - I will update the seccomp check to behave as @wargamez describes. I recently got tripped up on the same behavior.

zegl · 2024-11-07T09:17:52Z

@kmarteaux Thanks! 🙏

kmarteaux added a commit to kmarteaux/kube-score that referenced this issue Nov 9, 2024

Fix optional check for seccomp zegl#590

b2e7c02

zegl mentioned this issue Nov 25, 2024

Implement securityContext seccomp security checks at both pod and container level #631

Merged

zegl closed this as completed in #631 Nov 25, 2024

zegl pushed a commit that referenced this issue Nov 25, 2024

Fix optional check for seccomp #590

3c0ad34

kmarteaux mentioned this issue Jan 23, 2025

"kube-score list" generates a go panic #643

Open

Provide feedback