move more security checks to jsonschema

2026-05-10 19:26:46 +00:00 · 2019-12-23 19:14:23 +00:00
parent 6c588848ef
commit f7dccc079b
5 changed files with 52 additions and 41 deletions
--- a/checks/notReadOnlyRootFileSystem.yaml
+++ b/checks/notReadOnlyRootFileSystem.yaml
@@ -0,0 +1,18 @@
+name: NotReadOnlyRootFileSystem
+id: notReadOnlyRootFileSystem
+successMessage: Filesystem is read only
+failureMessage: Filesystem should be read only
+category: Security
+target: Container
+schema:
+  '$schema': http://json-schema.org/draft-07/schema
+  type: object
+  required:
+  - securityContext
+  properties:
+    securityContext:
+      required:
+      - readOnlyRootFilesystem
+      properties:
+        readOnlyRootFilesystem:
+          const: true