Skip to content

Gate generated images in CI/CD pipeline


ID: MS-M9005.001
Sub-mitigation of: MS-M9005 MITRE mitigation: M1016, M1045

Placing gates in the CI\CD pipeline that can cancel or fail pipeline execution to block container images not meeting content trust requirements.

Techniques Addressed by Mitigation

ID Name Use
MS-TA9002 Compromised image in registry Ensure that only images that passed the security compliance policies are pushed to registries and deployed to Kubernetes clusters.
MS-TA9004 Application vulnerability Scan images for vulnerabilities
MS-TA9009 Application exploit (RCE) Block vulnerable images