Privileged container allowed (SCC)KUBELIN-W1059ServiceMonitor selector mismatchKUBELIN-W1052Job TTL misconfiguredKUBELIN-W1053Liveness probe port mismatchKUBELIN-W1054PDB unhealthy pod eviction policyKUBELIN-W1055Missing/invalid priority classKUBELIN-W1056Readiness probe port mismatchKUBELIN-W1057Missing restart policyKUBELIN-W1058Startup probe port mismatchKUBELIN-W1060Missing NetworkPolicy for deployment-like objectsKUBELIN-W1033Missing `dnsConfig` options in deploymentsKUBELIN-W1011`PodDisruptionBudget` with `maxUnavailable` value preventing disruptionsKUBELIN-W1034`docker.sock` volume mounted in containersKUBELIN-W1012Container with `NET_RAW` capabilityKUBELIN-W1013Duplicate env vars dedicatedKUBELIN-W1014Insecure use of secrets in environment variablesKUBELIN-W1015Forbidden service types for exposed servicesKUBELIN-W1016Pods sharing host's network namespaceKUBELIN-W1018Missing readiness probeKUBELIN-W1030Missing rolling update strategyKUBELIN-W1031Invalid service account referenceKUBELIN-W1032Unrestricted access to create podsKUBELIN-W1001Unrestricted access to SecretsKUBELIN-W1002`cluster admin` role should be used only where requiredKUBELIN-W1003Missing `scaleTargetRef` in `HorizontalPodAutoscaler`KUBELIN-W1004Ingress without associated servicesKUBELIN-W1005NetworkPolicy without associated deploymentsKUBELIN-W1006Misconfigured NetworkPolicyPeer podSelectorsKUBELIN-W1007Missing deployment for serviceKUBELIN-W1008Pods using default service accountKUBELIN-W1009Sharing host's process namespaceKUBELIN-W1019Use of deprecated `serviceAccount` field in deploymentsKUBELIN-W1010Insufficient `minReplicas` in `HorizontalPodAutoscaler`KUBELIN-W1020Invalid port names in deployments or servicesKUBELIN-W1021Invalid container imageKUBELIN-W1022Insufficient number of replicasKUBELIN-W1023Mismatching deployment selector and pod template labelsKUBELIN-W1024Missing inter-pod anti-affinity in deployments with multiple replicasKUBELIN-W1025Deprecated API versions used under `extensions/v1beta`KUBELIN-W1026Missing liveness probe in containersKUBELIN-W1027Missing node affinity in deploymentsKUBELIN-W1028Containers running without a read-only root filesystemKUBELIN-W1029Misconfigured `minAvailable` in `PodDisruptionBudget`KUBELIN-W1035Container allows privilege escalationKUBELIN-W1036Containers running in privileged modeKUBELIN-W1037Containers mapping privileged portsKUBELIN-W1038Reading secrets from environment variablesKUBELIN-W1039Invalid email annotationKUBELIN-W1040Owner object without email annotationKUBELIN-W1041Containers running as rootKUBELIN-W1042Sensitive host system directories mounted in containersKUBELIN-W1043Non-SSH services using port 22KUBELIN-W1044Containers with unsafe `/proc` mountKUBELIN-W1045Unsafe kernel parameters configured in containersKUBELIN-W1046Containers without CPU resource requests and limitsKUBELIN-W1047Containers without memory resource requests and limitsKUBELIN-W1048Resources deployed to default namespaceKUBELIN-W1049Use of wildcards in `Role` or `ClusterRole` rulesKUBELIN-W1050Sharing host's IPC namespaceKUBELIN-W1017Containers with writable host path mountsKUBELIN-W1051
Sharing host's process namespaceKUBELIN-W1019
Alert on pods/deployment-likes with sharing host's process namespace
Remediation
Ensure the host's process namespace is not shared.
 Slither
 Slither