# Detection Rules - Shoulder Browse 347 security detection rules across 7 languages - Total rules: 347 - CWE coverage: 94 - Languages: javascript, typescript, python, dockerfile, go, yaml, kubernetes ## Rules ### Dangerous Linux Capabilities Added - ID: kubernetes-dangerous-capabilities - Severity: CRITICAL - CWE: CWE-250 (CWE-250) - Languages: YAML Detects containers adding dangerous Linux capabilities like SYS_ADMIN, NET_ADMIN, or SYS_PTRACE. ### Hardcoded Secrets in Manifest - ID: kubernetes-hardcoded-secrets - Severity: CRITICAL - CWE: Hardcoded Credentials (CWE-798) - Languages: YAML Detects hardcoded secrets, passwords, or API keys in Kubernetes manifests. ### Host Namespace Access Enabled - ID: kubernetes-host-access - Severity: CRITICAL - CWE: CWE-250 (CWE-250) - Languages: YAML Detects pods configured to access host namespaces (network, PID, or IPC). ### HostPath Volume Mounted - ID: kubernetes-hostpath-volume - Severity: CRITICAL - CWE: CWE-668 (CWE-668) - Languages: YAML Detects HostPath volumes that mount directories from the host filesystem into pods. ### Privileged Container Detected - ID: kubernetes-privileged-container - Severity: CRITICAL - CWE: CWE-250 (CWE-250) - Languages: YAML Detects containers running with privileged security context. ### Privilege Escalation Allowed - ID: kubernetes-allow-privilege-escalation - Severity: HIGH - CWE: CWE-250 (CWE-250) - Languages: YAML Detects containers with privilege escalation explicitly enabled. ### Ingress Missing TLS Configuration - ID: kubernetes-ingress-missing-tls - Severity: HIGH - CWE: CWE-319 (CWE-319) - Languages: Kubernetes, YAML Detects Kubernetes Ingress resources without TLS configuration. ### Missing Container Security Context - ID: kubernetes-missing-security-context - Severity: HIGH - CWE: CWE-250 (CWE-250) - Languages: YAML Detects containers without securityContext configuration. ### Container Running as Root User - ID: kubernetes-root-user - Severity: HIGH - CWE: CWE-250 (CWE-250) - Languages: YAML Detects containers configured to run as root user (UID 0). ### Insecure TLS Verification Disabled - ID: kubernetes-skip-tls-verify - Severity: HIGH - CWE: CWE-319 (CWE-319) - Languages: YAML Detects when TLS certificate verification is disabled in Kubernetes configurations. ### Container Using Latest Tag - ID: kubernetes-image-latest-tag - Severity: MEDIUM - CWE: Inclusion of Untrusted Functionality (CWE-829) - Languages: YAML Detects container images using 'latest' tag or no tag. ### Missing Capability Restrictions - ID: kubernetes-missing-drop-capabilities - Severity: MEDIUM - CWE: CWE-250 (CWE-250) - Languages: YAML Detects containers that do not drop unnecessary Linux capabilities. ### Missing Network Policy - ID: kubernetes-missing-network-policy - Severity: MEDIUM - CWE: Improper Access Control (CWE-284) - Languages: Kubernetes, YAML Detects Kubernetes deployments without associated NetworkPolicy resources. ### Missing allowPrivilegeEscalation Setting - ID: kubernetes-missing-privilege-escalation-setting - Severity: MEDIUM - CWE: CWE-250 (CWE-250) - Languages: YAML Detects containers with securityContext that do not explicitly set allowPrivilegeEscalation. ### Missing Resource Limits - ID: kubernetes-missing-resource-limits - Severity: MEDIUM - CWE: Resource Exhaustion (CWE-400) - Languages: YAML Detects containers missing resource limits. ### NodePort Service Exposes Application - ID: kubernetes-nodeport-service - Severity: MEDIUM - CWE: CWE-668 (CWE-668) - Languages: YAML Detects services using NodePort type which exposes the application on all cluster nodes. ### Writable Root Filesystem - ID: kubernetes-writable-root-filesystem - Severity: MEDIUM - CWE: CWE-732 (CWE-732) - Languages: YAML Detects containers that allow writes to the root filesystem. ### Service Account Token Auto-Mounted - ID: kubernetes-automount-service-account - Severity: LOW - CWE: CWE-732 (CWE-732) - Languages: YAML Detects pods with service account token auto-mounting enabled. ### Using Default Namespace - ID: kubernetes-default-namespace - Severity: LOW - CWE: CWE-1188 (CWE-1188) - Languages: YAML Detects resources deployed to the default namespace. ### Missing Health Probes - ID: kubernetes-missing-health-probes - Severity: LOW - CWE: CWE-1188 (CWE-1188) - Languages: YAML Detects containers missing liveness and/or readiness probes. --- Showing 20 of 20 rules (page 1/1)