SSH server that is running inside a container may be used by attackers. If attackers gain valid credentials to a container, whether by brute force attempts or by other methods (such as phishing), they can use it to get remote access to the container by SSH.
CronJob, DaemonSet, Deployment, Job, Pod, ReplicaSet, Service, StatefulSet
Check if service connected to some workload has an SSH port (22/2222). If so we raise an alert.
Remove SSH from the container image or limit the access to the SSH server using network policies.
Updated 6 days ago