Lateral movement

Controller creating pods without Security Context

Risk Level

Informational (4)

  • N/A

Compliance Frameworks


A security context defines the operating system security settings (uid, gid, capabilities, SELinux role, etc..) applied to a container. There are two levels of security context: pod level security context, and container level security context. Orca has detected that the {K8sController} controller creates pods without the SecurityContext property.
  • Recommended Mitigation

    Consider Applying Security Context attributes to {K8sController}