Skip to content

Clarification on "points" and "advise", especially for RunAsNonRoot #504

New issue
New issue
Open
Open
Clarification on "points" and "advise", especially for RunAsNonRoot#504
Labels
question
@huornlmj

Description

@huornlmj
huornlmj
opened on Aug 15, 2023

Your question
I observed that the output of $ kubesec print-rules shows values for both "points" and "advise". I do not understand how the advise for the .runAsNonRoot context works though. Why does it have 1 point and 10 advise? For example, where does the 10 advise points come into play and in what situations?

 {
    "id": "RunAsNonRoot",
    "selector": "containers[] .securityContext .runAsNonRoot == true",
    "reason": "Force the running image to run as a non-root user to ensure least privilege",
    "kinds": [
      "Pod",
      "Deployment",
      "StatefulSet",
      "DaemonSet"
    ],
    "points": 1,
    "advise": 10
  }

Metadata

Metadata

Assignees

No one assigned

    Labels

    question

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions