Cloud Security Rules

RULE	SERVICE GROUP
M Policy allows sharing of host's Network namespace	Network
M Policy allows sharing of host's PID namespace	Pod Security Policy
M Policy does not prevent use of root group	Pod Security Policy
M Policy does not prevent use of root user	Deployment
M Policy does not restrict default capabilities	Pod Security Policy
M Policy sets insecure default privilege escalation control	Pod Security Policy
M Policy sets insecure default privilege escalation control	Pod Security Policy
M Policy sets insecure default seccomp profile	Pod Security Policy
M Role grants permissions to system reserved namespace	RoleBinding
M Role with dangerous permissions	Role
M Role with too wide permissions	Deployment
M RoleBinding or ClusterRoleBinding is using a pre-defined role	RoleBinding
M Roles and cluster roles should not grant 'create' permissions for pods	Role
M Roles and cluster roles should not grant 'get', 'list', or 'watch' permissions for secrets	Service
M Security policy allows all volume types	Pod Security Policy
M Security policy allows privilege escalation	Pod Security Policy
M Security policy allows sharing of host's IPC namespace	Pod Security Policy
M Service does not restrict ingress sources	Service
L Container has no CPU limit	Deployment
L Container is running with custom hosts file configuration	Deployment
L Container is running with custom SELinux options	Deployment
L Container is running with shared mount propagation	Deployment
L Container is running without memory limit	Deployment
L Pod spec 'automountServiceAccountToken' should be set to 'false'	Service
L RoleBinding is set to the default service account	Deployment
L Service account spec 'automountServiceAccountToken' should be set to 'false'	Authorization

AWS

Azure

Google

Kubernetes