Skip to content

misconf: Revise KSV-0022 to allow valid capabilities #9844

Description

@nikpivkin

Currently, the KSV-0022 check flags all added capabilities, even those allowed by the Pod Security Standard, such as NET_BIND_SERVICE. We need to review and update this check to ensure it aligns with compliance requirements, allows valid capabilities, and provides a clearer, more informative message that specifies which capabilities are causing violations.

Discussed in #9824

Metadata

Metadata

Assignees

No one assigned

    Labels

    scan/misconfigurationIssues relating to misconfiguration scanning

    Type

    Fields

    No fields configured for Task.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions