Trivy misconfig : Use High Gid

Question

Trivy misconfig : Use High Gid

Opened this issue 5 months ago · 1 comments

padmankosalaram commented 5 months ago

Issue: https://avd.aquasec.com/misconfig/kubernetes/general/avd-ksv-0021/

Runs with GID <= 10000
Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table.

Links : https://kubesec.io/basics/containers-securitycontext-runasuser/

Answer 1 · 2024-05-08T06:29:22.000Z

This violation can not be fixed, please find the details below

Eventhough we didn’t set GID in helm template of the Job yaml (which creates the pod), the pod which actually gets created will get the runAsUser injected via the Openshift default SecurityContextConstraints.

Please find the pod YAML which has the fsGroup https://ibm.box.com/s/cio2il1xsz6e0j2ymegchiuc4k0r6wm9