← all rules
iac/kubernetes/k8s-allow-privilege-escalation
allowPrivilegeEscalation enabled
mediumKubernetesiac-kubernetes
What it detects
`allowPrivilegeEscalation: true` lets a process gain more privileges than its parent (e.g. via setuid binaries). Combined with a vulnerable binary this is a path to root inside the container.
Remediation
Set `allowPrivilegeEscalation: false` in the container's securityContext.
How it runs
Run against YAML files that look like Kubernetes manifests (top-level `apiVersion:` + `kind:`). Line-based checks across multi-document files; Helm-templated lines are skipped.
Found a false positive or want this rule tuned? File an issue. You can also suppress per-repo via a .repoguardignore line.