Ensure that container images and artifacts stored in the container registry are scanned for vulnerabilities to identify and remediate security issues before deployment.
Devtools / Container Registry / Controls / DEV
Implement Vulnerability Scanning for Artifacts
CCC.CntrReg.CN01 · Orchestration
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.CntrReg.CP05 | Image Scanning | Provides vulnerability scanning for container images (built-in or through integration to scanning services) to detect security issues and generate reports for known CVEs (Common Vulnerabilities and Exposures). |
Related Threats
| ID | Title | Description |
|---|---|---|
| CCC.CntrReg.TH01 | Vulnerabilities in Artifacts are Exploited | Attackers exploit known vulnerabilities in container images or artifacts stored in the registry, leading to unauthorized access, data breaches, or system compromise. |
Assessment Requirements
| ID | Text | Applicability |
|---|---|---|
| CCC.CntrReg.CN01.AR01 | Attempt to push an artifact with known vulnerabilities to the registry and observe if it is flagged or rejected by the vulnerability scanning process. | tlp-red, tlp-amber |