hostPID enabled
Part of Security, which counts for 30% of the overall score. When this check fires it deducts 15 points from that category, once per scan, no matter how many places it turns up.
What it detects
hostPID: true shares the host process namespace, letting the container see and signal every process on the node.
Why it matters
hostPID: true shares the host process namespace with the pod. The container can then see every process on the node, read their command lines and environment, and send them signals. That is a straightforward way to snoop on or disrupt other workloads sharing the node.
How to fix it
Remove hostPID: true unless the workload is a debugging or monitoring tool that genuinely needs to inspect host processes. If it does, scope it tightly: run it on dedicated nodes, drop all capabilities you can, and keep it out of general workload namespaces.
The paid report includes a ready-to-paste prompt for your AI coding agent for every check it finds, pointed at the exact findings from your scan. See pricing
Does your repo trip this check?
Paste a GitHub URL or drop a project folder. Scans run in your browser and take seconds.
Scan your repo