From 9bfdaca93de94a49f19d09740c2da5fa9d55050b Mon Sep 17 00:00:00 2001
From: "iacbot-demo[bot]" <82255952+iacbot-demo[bot]@users.noreply.github.com>
Date: Fri, 13 Jan 2023 15:51:56 +0000
Subject: [PATCH] Lacework IaC Security fix

---
 kubernetes/job/prowler.yaml | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/kubernetes/job/prowler.yaml b/kubernetes/job/prowler.yaml
index c48d52a..3f91b64 100644
--- a/kubernetes/job/prowler.yaml
+++ b/kubernetes/job/prowler.yaml
@@ -1,14 +1,16 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: prowler
+    name: prowler
 spec:
-  template:
-    spec:
-      containers:
-        - image: gcr.io/soluble-repo/soluble-prowler:latest
-          name: prowler
-          imagePullPolicy: Always
-          #command: [ "/prowler/soluble-prowler" ]
-          args: [ "-M", "json,html" ]
-      restartPolicy: Never
+    template:
+        spec:
+            containers:
+                - image: gcr.io/soluble-repo/soluble-prowler:latest
+                  name: prowler
+                  imagePullPolicy: Always
+                  #command: [ "/prowler/soluble-prowler" ]
+                  args: ["-M", "json,html"]
+                  securityContext:
+                    allowPrivilegeEscalation: false
+            restartPolicy: Never