From the Snyk app, we will go to the Projects menu where we can expand each integration and have a holistic view of our project. Here we will select the Kubernetes deployment under our Amazon EKS cluster.
Here we see that our application was deployed to our cluster, however, several security context properties were either misconfigured or not configured at all.
If we navigate back to our imported Bitbucket project and review the
goof-deployment-template.yaml file results, we are able to see additional context about these issues.
To fix these, we simply add
securityContext to our manifest and explicitly define these properties. We will copy the following block into our manifest file.
securityContext:allowPrivilegeEscalation: falsereadOnlyRootFilesystem: truerunAsNonRoot: truecapabilities:drop:- all
Let's once again, navigate to our Bitbucket repository and edit
./deployment/goof-deployment-template.yaml with Bitbucket's built-in editor so that it looks as follows: