Aqua Vulnerability Database
Get Demo
Vulnerabilities
Misconfiguration
Runtime Security
Compliance
Compliance
>
Kubernetes
no-password-reuse
no-password-reuse
no-policy-wildcards
no-public-ingress-sgr
no-public-log-access
no-public-log-access
no-root-access-keys
no-root-access-keys
no-user-attached-policies
no-user-attached-policies
Non-root containers
Pod and/or namespace Selectors usage
Prefer using secrets as files over secrets as environment variables (Manual)
Preventing privileged containers
Privilege Escalation
Privileged Containers
Privileged Containers
Protecting Pod service account tokens
remove-expired-certificates
require-bucket-access-logging
require-bucket-access-logging
require-cloud-trail-change-alarm
require-cloud-trail-change-alarm
require-cmk-disabled-alarm
require-cmk-disabled-alarm
require-config-configuration-changes-alarm
require-config-configuration-changes-alarm
require-console-login-failures-alarm
require-console-login-failures-alarm
require-iam-policy-change-alarm
require-iam-policy-change-alarm
require-lowercase-in-passwords
require-mfa-delete
require-nacl-changes-alarm
require-nacl-changes-alarm
require-network-gateway-changes-alarm
require-network-gateway-changes-alarm
require-network-gateway-changes-alarm
require-network-gateway-changes-alarm
require-non-mfa-login-alarm
require-non-mfa-login-alarm
require-numbers-in-passwords
require-org-changes-alarm
require-root-user-usage-alarm
require-root-user-usage-alarm
require-s3-bucket-policy-change-alarm
require-s3-bucket-policy-change-alarm
require-sg-change-alarms
require-sg-change-alarms
require-support-role
require-symbols-in-passwords
require-unauthorised-api-call-alarm
require-unauthorised-api-call-alarm
require-uppercase-in-passwords
require-vpc-changes-alarm
require-vpc-changes-alarm
Restrict a container's access to resources with AppArmor
restrict-all-in-default-sg
Restricts escalation to root privileges
rotate-access-keys
rotate-access-keys
Run with root privileges or with root group membership
Running as Non-root
Running as Non-root user
Seccomp
Seccomp
Seccomp
SELinux
SELinux
set-max-password-age
set-minimum-password-length
set-minimum-password-length
Sets the seccomp profile used to sandbox containers.
Sets the SELinux context of the container
Share containers process namespaces
Share host process namespaces
Sysctls
Sysctls
The default namespace should not be used
Use CNI plugin that supports NetworkPolicy API (Manual)
Use LimitRange policies to limit resources
Use ResourceQuota policies to limit resources
Use the host network
Verify that the --read-only-port argument is set to 0
Verify that the RotateKubeletServerCertificate argument is set to true
Volume Types
<< Prev
Aqua Container Security