Skip to content

feat(misconf): add ephemeral container support to KSV017#536

Open
adityaupasani2 wants to merge 3 commits intoaquasecurity:mainfrom
adityaupasani2:fix/ksv017-ephemeral-containers
Open

feat(misconf): add ephemeral container support to KSV017#536
adityaupasani2 wants to merge 3 commits intoaquasecurity:mainfrom
adityaupasani2:fix/ksv017-ephemeral-containers

Conversation

@adityaupasani2
Copy link

@adityaupasani2 adityaupasani2 commented Feb 27, 2026

Summary

KSV017 currently checks only containers for privileged mode,
but Pod Security Standards also require initContainers and
ephemeralContainers to be checked.

A privileged ephemeral container is a critical security risk as it
shares the host namespace and can be injected into any running pod.

Changes

  • Extended getPrivilegedContainers in KSV017 to include initContainers
    and ephemeralContainers
  • Updated recommended_action metadata to reflect the change
  • Added test cases for initContainers and ephemeralContainers

Related Issue

Related to #9936

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@simar7 simar7 Awaiting requested review from simar7 simar7 is a code owner

@nikpivkin nikpivkin Awaiting requested review from nikpivkin nikpivkin is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@adityaupasani2