Skip to content

fix(KSV104): add ephemeralContainers support to seccomp profile check#539

Open
adityaupasani2 wants to merge 1 commit intoaquasecurity:mainfrom
adityaupasani2:fix/ksv104-ephemeral-containers
Open

fix(KSV104): add ephemeralContainers support to seccomp profile check#539
adityaupasani2 wants to merge 1 commit intoaquasecurity:mainfrom
adityaupasani2:fix/ksv104-ephemeral-containers

Conversation

@adityaupasani2
Copy link

@adityaupasani2 adityaupasani2 commented Feb 28, 2026

Summary

KSV104 currently checks only containers for seccomp profile, but Pod Security Standards also require initContainers and ephemeralContainers to be checked.

Changes

  • Added ephemeralContainers to pod_containers in lib/kubernetes/kubernetes.rego — benefits all checks using the lib
  • Updated recommended_action metadata in seccomp_profile_unconfined.rego
  • Added 4 test cases for initContainers and ephemeralContainers

Test Results

All 1955 tests pass locally.

Related Issue

Fixes #9936

@adityaupasani2
fix(KSV104): add ephemeralContainers support to seccomp check and lib
698fc56 
- Add ephemeralContainers to pod_containers in lib/kubernetes/kubernetes.rego
- Update recommended_action metadata for KSV104
- Add 4 test cases for initContainers and ephemeralContainers

Fixes #9936
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@simar7 simar7 Awaiting requested review from simar7 simar7 is a code owner

@nikpivkin nikpivkin Awaiting requested review from nikpivkin nikpivkin is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@adityaupasani2