Gate generated images in CI/CD pipeline
Placing gates in the CI\CD pipeline that can cancel or fail pipeline execution to block container images not meeting content trust requirements.
Techniques Addressed by Mitigation
ID | Name | Use |
---|---|---|
MS-TA9002 | Compromised image in registry | Ensure that only images that passed the security compliance policies are pushed to registries and deployed to Kubernetes clusters. |
MS-TA9004 | Application vulnerability | Scan images for vulnerabilities |
MS-TA9009 | Application exploit (RCE) | Block vulnerable images |