# Writable Root Filesystem

- ID: kubernetes-writable-root-filesystem
- Severity: MEDIUM
- CWE: CWE-732 (CWE-732)
- Languages: YAML
- Frameworks: kubernetes

## Description

Detects containers that allow writes to the root filesystem.

## Detection Message

Container allows writes to the root filesystem.

## Remediation

Enable read-only root filesystem.

```yaml
securityContext:
  readOnlyRootFilesystem: true
```

Learn more: https://shoulder.dev/learn/kubernetes/cwe-732/writable-root-filesystem

## Documentation

[object Object]

## Related Rules

- **Service Account Token Auto-Mounted** [LOW]: