shareProcessNamespace enabled
Part of Security, which counts for 30% of the overall score. When this check fires it deducts 4 points from that category, once per scan, no matter how many places it turns up.
What it detects
shareProcessNamespace: true lets every container in the pod see and signal the other containers' processes, weakening isolation between sidecars.
Why it matters
shareProcessNamespace: true lets every container in the pod see and signal the other containers' processes and inspect their /proc entries. That weakens the isolation between an application container and its sidecars, so a compromise in one can more easily read memory maps or kill processes in another. It is rarely needed.
How to fix it
Remove shareProcessNamespace: true unless a sidecar genuinely needs to observe the main container process (some debugging or reaping patterns do). If it is required, keep the sidecar minimal and its securityContext tight so sharing the namespace grants as little as possible.
The paid report includes a ready-to-paste prompt for your AI coding agent for every check it finds, pointed at the exact findings from your scan. See pricing
Does your repo trip this check?
Paste a GitHub URL or drop a project folder. Scans run in your browser and take seconds.
Scan your repo