[config] Add readinessProbe/livenessProbe checks to Kubernetes/Helm #8161
atombrella
started this conversation in
Ideas
Replies: 1 comment 4 replies
-
Hi @atombrella ! This is not security related and may create noise for users. You can write a custom check that will check for the presence of |
Beta Was this translation helpful? Give feedback.
4 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Description
I couldn't find this listed in https://www.stigviewer.com/stig/kubernetes/
Kubernetes' official documentation:
https://kubernetes.io/docs/concepts/configuration/liveness-readiness-startup-probes/
If you create a basic chart with
helm create sample
and then remove thelivenessProbe
,readinessProbe
(andstartupProbe
), Trivy doesn't come with these suggestions.It's related to reliability, and not security. The only Kubernetes linter that I know of which checks for this is
kube-score
If possible, you can leave some hints in this issue how to implement this. I guess
defsec
would be a good place to start.Target
Kubernetes
Scanner
Misconfiguration
Beta Was this translation helpful? Give feedback.
All reactions