Scanners use runAsNonRoot: false in their values.yaml securityContext #723
Description
Once PR #714 is applied, all values.yaml files have a securityContext set. During testing this, it was noted that some scanners have to use runAsNonRoot: false and/or readOnlyRootFilesystem: false in order to function. This can be due to the behaviour of the underlying scanner or because the Dockerfile uses a non-numeric user. Fixing this may require our own Scanner Dockerfile where an already build original image is used or pull requests in other repositories in order to have them use non-numeric, kubernetes-friendly users.
See also: #285
Affected scanners:
- amass (Amass Docker Container does not use a non-numeric user #715)
- cmseek (readOnlyRootFilesystem)
- gitleaks
- kube-hunter
- ssh-scan
- sslyze
- trivy
- typo3scan (readOnlyRootFilesystem)
- wpscan
- zap
- zap-advanced