Checkov Findings and Gitlab Helm Chart Deploy Variables

devops/aws/chart/values.yaml

 # Service Config
 image: __CONTAINER__
-imagePullPolicy: IfNotPresent
+imagePullPolicy: Always
 service:
   type: ClusterIP
   port: 8080
@@ -61,7 +61,8 @@ environmentVariables:
     value: "true"
   - name: MONGODB_ENABLE_TLS
     value: "false"
-podAnnotations: {}
+podAnnotations: 
+  seccomp.security.alpha.kubernetes.io/pod: "runtime/default"
 
 # Resource Config
 maxConnections: 200
@@ -95,13 +96,15 @@ cors:
     - Data-Partition-Id
     - Correlation-Id
     - Content-Type
-securityContext: {}
-  # capabilities:
-  #   drop:
-  #   - ALL
-  # readOnlyRootFilesystem: true
-  # runAsNonRoot: true
-  # runAsUser: 1000
+securityContext: 
+  runAsUser: 10001
+  runAsNonRoot: true
+  readOnlyRootFilesystem: false
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+    - ALL
+
 allowedPrincipals:
   - cluster.local/ns/istio-system/sa/istio-ingressgateway-service-account
   - cluster.local/ns/{{ .Release.Namespace }}/sa/compliance-queue-trigger