chore: add Checkov exemptions for ZNC root container

2026-02-08 11:15:59 -05:00
parent 5a5cfb2847
commit 31673ea837
1 changed files with 2 additions and 0 deletions
@@ -9,3 +9,5 @@ skip-check:
  - CKV_K8S_14  # Image tag should be fixed (same as above)
  - CKV_K8S_22  # Read-only filesystem (IRC apps need to write to volumes)
  - CKV_K8S_40  # Containers should run as high UID (ZNC LinuxServer container needs flexibility)
+  - CKV_K8S_23  # Minimize admission of root containers (ZNC requires root for s6-overlay init)
+  - CKV_K8S_20  # Containers should not run with allowPrivilegeEscalation (ZNC needs init flexibility)