configure precommit ci

[bushong1]

Fixes Issue: configure-precommit-ci

Description:

Security Impact Analysis Questionnaire

Submitter Checklist

• Is there an impact on Auditing and Logging procedures or capabilities?
• Is there an impact on Authentication procedures or capabilities?
• Is there an impact on Authorization procedures or capabilities?
• Is there an impact on Communication Security procedures or capabilities?
• Is there an impact on Cryptography procedures or capabilities?
• Is there an impact on Sensitive Data procedures or capabilities?
• Is there an impact on any other security-related procedures or capabilities?
• No security impacts identified.

Security Risks Identified - For any applicable items on the "Submitter Checklist," describe the impact of the change and any implemented mitigations.

[robo-gotham]

Snyk Scanning for Commit: c80523f

Snyk Infrastructure as Code

• Snyk testing Infrastructure as Code configuration issues.
  ✔ Test completed.

Issues

Medium Severity Issues: 3

[Medium] Container or Pod is running without root user control
Info: Container or Pod is running without root user control. Container or
Pod could be running with full administrative privileges
Rule: https://security.snyk.io/rules/cloud/SNYK-CC-K8S-10
Path: [DocId: 0] > input > spec > template > spec > containers[inflate] >
securityContext > runAsNonRoot
File: test/test.yaml
Resolve: Set securityContext.runAsNonRoot to true

[Medium] Container does not drop all default capabilities
Info: All default capabilities are not explicitly dropped. Containers are
running with potentially unnecessary privileges
Rule: https://security.snyk.io/rules/cloud/SNYK-CC-K8S-6
Path: [DocId: 0] > input > spec > template > spec > containers[inflate] >
securityContext > capabilities > drop
File: test/test.yaml
Resolve: Add ALL to securityContext.capabilities.drop list, and add only
required capabilities in securityContext.capabilities.add

[Medium] Container is running without privilege escalation control
Info: allowPrivilegeEscalation attribute is not set to false. Processes
could elevate current privileges via known vectors, for example SUID
binaries
Rule: https://security.snyk.io/rules/cloud/SNYK-CC-K8S-9
Path: [DocId: 0] > spec > template > spec > containers[inflate] >
securityContext > allowPrivilegeEscalation
File: test/test.yaml
Resolve: Set spec.{containers, initContainers}.securityContext.allowPrivilegeEscalation to false

---

Test Summary

Organization: batcave-ispg
Project name: CMS-Enterprise/batcave-tf-karpenter

✔ Files without issues: 8
✗ Files with issues: 1
Ignored issues: 0
Total issues: 3 [ 0 critical, 0 high, 3 medium, 0 low ]

---

Report Complete

Your test results are available at: https://snyk.io/org/batcave-ispg/projects
under the name: CMS-Enterprise/batcave-tf-karpenter