Merge pull request #57 from za/issue-45-pod-security-read-only

Added to offenders list if there's no declaration on read only root filesystem config
aws-samples · Oct 15, 2024 · ddbef9a · ddbef9a
2 parents 164b51c + 8f53799
commit ddbef9a
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/hardeneks/namespace_based/security/pod_security.py b/hardeneks/namespace_based/security/pod_security.py
@@ -144,6 +144,8 @@ def check(self, namespaced_resources: NamespacedResources):
         offenders = []
         for pod in namespaced_resources.pods:
             for container in pod.spec.containers:
+                if container.security_context is None:
+                    offenders.append(pod)
                 if (
                     container.security_context
                     and not container.security_context.read_only_root_filesystem