Illustrative StackRox / RHACS finding examples

Deploy-time violation

Policy: Privileged Container Entity: Deployment/payments-api Type: DEPLOYMENT Severity: HIGH Cluster: prod-cluster-1 Namespace: payments Message: Container 'api' is configured to run as privileged

Image finding

Deployment: billing-worker Image: registry.example.com/billing/worker:2.8.0 Critical CVEs: 3 Fixable CVEs: 11 Riskiest layer: package-manager layer Suggested action: rebuild with patched base image and rerun roxctl image check

Network baseline deviation

Policy: Network Baseline Violation Entity: Deployment/reporting-api Severity: MEDIUM Observed flow: reporting-api -> 198.51.100.25:443 Expected baseline: internal-only egress to approved SaaS endpoints