# Service Account Token Auto-Mounted

- ID: kubernetes-automount-service-account
- Severity: LOW
- CWE: CWE-732 (CWE-732)
- Languages: YAML
- Frameworks: kubernetes

## Description

Detects pods with service account token auto-mounting enabled.

## Detection Message

Service account token is automatically mounted into the pod.

## Remediation

Disable auto-mounting if not needed.

```yaml
spec:
  automountServiceAccountToken: false
```

Learn more: https://shoulder.dev/learn/kubernetes/cwe-732/automount-service-account

## Documentation

[object Object]

## Related Rules

- **Writable Root Filesystem** [MEDIUM]: