Skip to content

fix: add pod-level securityContext to secure backend deployment (CKV_K8S_29)#136

Draft
jcogs33 with Copilot wants to merge 2 commits into
masterfrom
copilot/fix-code-scanning-alert-12
Draft

fix: add pod-level securityContext to secure backend deployment (CKV_K8S_29)#136
jcogs33 with Copilot wants to merge 2 commits into
masterfrom
copilot/fix-code-scanning-alert-12

Conversation

Copilot AI commented Jul 9, 2026

Copy link
Copy Markdown

Checkov alert CKV_K8S_29 requires both pod-level and container-level securityContext to be defined. The secure backend deployment had only a container-level context, leaving pod-wide root-execution prevention unenforced.

Change

  • k8s/secure/backend/deployment.yaml — added securityContext.runAsNonRoot: true at spec.template.spec level:
    spec:
      serviceAccountName: webapp
+     securityContext:
+       runAsNonRoot: true
      containers:

Copilot AI changed the title [WIP] Fix code scanning alert #12 fix: add pod-level securityContext to secure backend deployment (CKV_K8S_29) Jul 9, 2026
Copilot AI requested a review from jcogs33 July 9, 2026 02:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants