Privileged container allowed (SCC)KUBELIN-W1059ServiceMonitor selector mismatchKUBELIN-W1052Job TTL misconfiguredKUBELIN-W1053Liveness probe port mismatchKUBELIN-W1054PDB unhealthy pod eviction policyKUBELIN-W1055Missing/invalid priority classKUBELIN-W1056Readiness probe port mismatchKUBELIN-W1057Missing restart policyKUBELIN-W1058Startup probe port mismatchKUBELIN-W1060Missing NetworkPolicy for deployment-like objectsKUBELIN-W1033Missing `dnsConfig` options in deploymentsKUBELIN-W1011`PodDisruptionBudget` with `maxUnavailable` value preventing disruptionsKUBELIN-W1034`docker.sock` volume mounted in containersKUBELIN-W1012Container with `NET_RAW` capabilityKUBELIN-W1013Duplicate env vars dedicatedKUBELIN-W1014Insecure use of secrets in environment variablesKUBELIN-W1015Forbidden service types for exposed servicesKUBELIN-W1016Pods sharing host's network namespaceKUBELIN-W1018Missing readiness probeKUBELIN-W1030Missing rolling update strategyKUBELIN-W1031Invalid service account referenceKUBELIN-W1032Unrestricted access to create podsKUBELIN-W1001Unrestricted access to SecretsKUBELIN-W1002`cluster admin` role should be used only where requiredKUBELIN-W1003Missing `scaleTargetRef` in `HorizontalPodAutoscaler`KUBELIN-W1004Ingress without associated servicesKUBELIN-W1005NetworkPolicy without associated deploymentsKUBELIN-W1006Misconfigured NetworkPolicyPeer podSelectorsKUBELIN-W1007Missing deployment for serviceKUBELIN-W1008Pods using default service accountKUBELIN-W1009Sharing host's process namespaceKUBELIN-W1019Use of deprecated `serviceAccount` field in deploymentsKUBELIN-W1010Insufficient `minReplicas` in `HorizontalPodAutoscaler`KUBELIN-W1020Invalid port names in deployments or servicesKUBELIN-W1021Invalid container imageKUBELIN-W1022Insufficient number of replicasKUBELIN-W1023Mismatching deployment selector and pod template labelsKUBELIN-W1024Missing inter-pod anti-affinity in deployments with multiple replicasKUBELIN-W1025Deprecated API versions used under `extensions/v1beta`KUBELIN-W1026Missing liveness probe in containersKUBELIN-W1027Missing node affinity in deploymentsKUBELIN-W1028Containers running without a read-only root filesystemKUBELIN-W1029Misconfigured `minAvailable` in `PodDisruptionBudget`KUBELIN-W1035Container allows privilege escalationKUBELIN-W1036Containers running in privileged modeKUBELIN-W1037Containers mapping privileged portsKUBELIN-W1038Reading secrets from environment variablesKUBELIN-W1039Invalid email annotationKUBELIN-W1040Owner object without email annotationKUBELIN-W1041Containers running as rootKUBELIN-W1042Sensitive host system directories mounted in containersKUBELIN-W1043Non-SSH services using port 22KUBELIN-W1044Containers with unsafe `/proc` mountKUBELIN-W1045Unsafe kernel parameters configured in containersKUBELIN-W1046Containers without CPU resource requests and limitsKUBELIN-W1047Containers without memory resource requests and limitsKUBELIN-W1048Resources deployed to default namespaceKUBELIN-W1049Use of wildcards in `Role` or `ClusterRole` rulesKUBELIN-W1050Sharing host's IPC namespaceKUBELIN-W1017Containers with writable host path mountsKUBELIN-W1051
Container with `NET_RAW` capabilityKUBELIN-W1013
Indicates when containers do not drop NET_RAW capability
Remediation
NET_RAW makes it so that an application within the container is able to craft raw packets, use raw sockets, and bind to any address. Remove this capability in the containers under containers security contexts.
 Slither
 Slither