From afdbee3752887ff9fecf09add54f5ab0fa368bd1 Mon Sep 17 00:00:00 2001
From: "iacbot-demo[bot]" <82255952+iacbot-demo[bot]@users.noreply.github.com>
Date: Mon, 21 Mar 2022 21:44:26 +0000
Subject: [PATCH] Lacework IaC Security fix

---
 kubernetes/job/prowler.yaml | 25 +++++++++++++++----------
 1 file changed, 15 insertions(+), 10 deletions(-)

diff --git a/kubernetes/job/prowler.yaml b/kubernetes/job/prowler.yaml
index c48d52a..4d5cdbc 100644
--- a/kubernetes/job/prowler.yaml
+++ b/kubernetes/job/prowler.yaml
@@ -1,14 +1,19 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: prowler
+    name: prowler
 spec:
-  template:
-    spec:
-      containers:
-        - image: gcr.io/soluble-repo/soluble-prowler:latest
-          name: prowler
-          imagePullPolicy: Always
-          #command: [ "/prowler/soluble-prowler" ]
-          args: [ "-M", "json,html" ]
-      restartPolicy: Never
+    template:
+        spec:
+            containers:
+                - image: gcr.io/soluble-repo/soluble-prowler:latest
+                  name: prowler
+                  imagePullPolicy: Always
+                  #command: [ "/prowler/soluble-prowler" ]
+                  args: ["-M", "json,html"]
+                  securityContext:
+                    capabilities:
+                        drop:
+                            - NET_RAW
+                            - ALL
+            restartPolicy: Never