Workload misconfigurations

Ensure that the host’s network namespace is not shared (Automated)

Risk Level

Informational (4)

Platform(s)
  • N/A

Compliance Frameworks

Description

The dockerfile for a container image defines the ports which are opened by default on a container instance. The list of ports are relevant to the application you are running within the container and should only be open if they are needed.
  • Recommended Mitigation

    You should not pass the --net=host option when starting any container.