Trivy misconfig : Use High Gid
Opened this issue · 1 comments
padmankosalaram commented
Issue: https://avd.aquasec.com/misconfig/kubernetes/general/avd-ksv-0021/
Runs with GID <= 10000
Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table.
Links : https://kubesec.io/basics/containers-securitycontext-runasuser/
padmankosalaram commented
This violation can not be fixed, please find the details below
Eventhough we didn’t set GID in helm template of the Job yaml (which creates the pod), the pod which actually gets created will get the runAsUser injected via the Openshift default SecurityContextConstraints.
Please find the pod YAML which has the fsGroup https://ibm.box.com/s/cio2il1xsz6e0j2ymegchiuc4k0r6wm9