CWE
Definition
CWE, or Common Weakness Enumeration, is a community-developed list of software and hardware weakness types. It serves as a common language for describing software security vulnerabilities, providing a framework for identifying, categorizing, and addressing these weaknesses. CWE is widely used by developers, security professionals, and tools to improve software security by understanding and mitigating potential vulnerabilities.
Secure Settings Example
# Kubernetes Pod Security Context Example
apiVersion: v1
kind: Pod
metadata:
name: secure-pod
spec:
securityContext:
runAsNonRoot: true
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
containers:
- name: secure-container
image: secure-image:latest
securityContext:
capabilities:
drop:
- ALL
Insecure Settings Example
# Kubernetes Pod Security Context Example
apiVersion: v1
kind: Pod
metadata:
name: insecure-pod
spec:
securityContext:
runAsNonRoot: false
readOnlyRootFilesystem: false
allowPrivilegeEscalation: true
containers:
- name: insecure-container
image: insecure-image:latest
securityContext:
capabilities:
add:
- NET_ADMIN