Currently, the KSV-0022 check flags all added capabilities, even those allowed by the Pod Security Standard, such as NET_BIND_SERVICE. We need to review and update this check to ensure it aligns with compliance requirements, allows valid capabilities, and provides a clearer, more informative message that specifies which capabilities are causing violations.
Discussed in #9824
Currently, the
KSV-0022check flags all added capabilities, even those allowed by the Pod Security Standard, such asNET_BIND_SERVICE. We need to review and update this check to ensure it aligns with compliance requirements, allows valid capabilities, and provides a clearer, more informative message that specifies which capabilities are causing violations.Discussed in #9824