Kubernetes Policy Index

How to Use this Page

This page lists the Kubernetes Policies that Bridgecrew helps you enforce. You can browse this page, or search for a specific policy ID or short title. For each policy, press the link for more details about a policy and its remediation options.

Do Not Admit Containers Wishing to Share the Host Process ID Namespace
Violation ID: BC_K8_1

Do Not Admit Privileged Containers
Violation ID: BC_K8S_2

Do Not Admit Containers Sharing the Host IPC Namespace
Violation ID: BC_K8S_3

Do Not Admit Containers Wishing to Share the Host Network Namespace
Violation ID: BC_K8S_4

Do Not Admit Root Containers
Violation ID: BC_K8S_5

Do Not Admit Containers With NET_RAW Capability
Violation ID: BC_K8_6

Liveness Probe Should be Configured
Violation ID: BC_K8S_7

Readiness Probe Should be Configured
Violation ID: BC_K8S_8

CPU Request Should be Set
Violation ID: BC_K8S_9

CPU Limits Should be Set
Violation ID: BC_K8S_10

Memory Requests Should be Set
Violation ID: BC_K8S_11

Memory Limits Should be Set
Violation ID: BC_K8S_12

Image Tag Should be Fixed - Not Latest or Blank
Violation ID: BC_K8S_13

ImagePullPolicy set to Always
Violation ID: BC_K8S_14

Container Should Not Be Privileged
Violation ID: BC_K8S_15

Containers Should Not Share Host Process ID Namespace
Violation ID: BC_K8S_16

Containers Should Not Share Host IPC Namespace
Violation ID: BC_K8S_17

Containers Should Not Share the Host Network Namespace
Violation ID: BC_K8S_18

Containers Should Not Run with AllowPrivilegeEscalation
Violation ID: BC_K8S_19

Default Namespace Should Not be Used
Violation ID: BC_K8S_20

Use Read-Only Filesystem For Containers Where Possible
Violation ID: BC_K8S_21

Minimize Admission of Root Containers
Violation ID: BC_K8S_22

Do Not Allow Containers With Added Capability
Violation ID: BC_K8S_23

Do Not Specify HostPort Unless Absolutely Necessary
Violation ID: BC_K8S_25

Restrict Mounting Docker Socket in a Container
Violation ID: BC_K8S_26

Minimize Admission of Containers With NET_RAW Capability
Violation ID: BC_K8S_27

Apply Security Context to Pods and Containers
Violation ID: BC_K8S_28

Ensure seccomp Profile is Set to Docker/Default or Runtime/Default
Violation ID: BC_K8S_29

Ensure default seccomp profile set to docker/default or runtime/default
Violation ID: BC_K8S_30

Ensure Kubernetes Dashboard Is Not Deployed
Violation ID: BC_K8S_31

Ensure Tiller (Helm V2) Is Not Deployed
Violation ID: BC_K8S_32

Prefer Using Secrets As Files Over Secrets As Environment Variables
Violation ID: BC_K8S_33

Minimize Admission of Containers with Capabilities Assigned
Violation ID: BC_K8S_34

Ensure Service Account Tokens are Mounted where Necessary
Violation ID: BC_K8S_35

Do Not Use CAP_SYS_ADMIN Linux Capability
Violation ID: BC_K8S_36

Containers Should Run as a High UID to Avoid Host Conflict
Violation ID: BC_K8S_37

Ensure Default Service Accounts are Not Actively Used
Violation ID: BC_K8S_38

Ensure images are selected using a digest
Violation ID: BC_K8S_39

Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster
Violation ID: BC_K8S_40

Ensure that the Tiller Service (Helm v2) is deleted
Violation ID: BC_K8S_41

Updated about a month ago


Kubernetes Policy Index


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.