← all rules
iac/kubernetes/k8s-run-as-root
Container runs as root
highKubernetesiac-kubernetes
What it detects
`runAsUser: 0` (or `runAsNonRoot: false`) runs the container as UID 0. Any container-escape or mounted-volume bug then operates with root on the host kernel.
Remediation
Set `runAsNonRoot: true` and a non-zero `runAsUser` (e.g. 10001) in the securityContext.
How it runs
Run against YAML files that look like Kubernetes manifests (top-level `apiVersion:` + `kind:`). Line-based checks across multi-document files; Helm-templated lines are skipped.
Found a false positive or want this rule tuned? File an issue. You can also suppress per-repo via a .repoguardignore line.