Cloud Security Rules

Find out if you have vulnerabilities that put you at risk

RULE	SERVICE GROUP
H Container is running in privileged mode	Deployment
H Container is running with Docker socket mount	Deployment
H Container is running with SYS_ADMIN capability	Deployment
H Policy allows `privileged` containers	Deployment
H Roles and cluster roles should not use wildcards for resource, verb, or apiGroup entries	Service
H Service is using an external IP	Service
H The built-in "cluster-admin" role is used	Deployment
M Container could be running with outdated image	Container
M Container does not drop all default capabilities	Deployment
M Container is running in host's IPC namespace	Deployment
M Container is running in host's network namespace	Deployment
M Container is running in host's PID namespace	Deployment
M Container is running with host device path mount	Container
M Container is running without AppArmor profile	Container
M Container is running without liveness probe	Container
M Container is running without privilege escalation control	Deployment
M Container is running without root user control	Deployment
M Container's UID could clash with host's UID	Container
M Default service account is enabled	Authorization
M Network policy does not restrict egress destinations	Deployment
M Pod is running with added capabilities	Deployment
M Pod stores secrets in environment variables	Service
M Pods and containers should apply a security context	Kubernetes (Container) Engine
M Pods should not run containers with the NET_RAW capability	Container
M Policy allows all capabilities	Pod Security Policy
M Policy allows any apparmor profile	Deployment
M Policy allows insecure seccomp profiles	Deployment
M Policy allows sharing of host's Network namespace	Network
M Policy allows sharing of host's PID namespace	Pod Security Policy
M Policy does not prevent use of root group	Pod Security Policy

AWS

Azure

Google

Kubernetes