/
Container Images Should be Deployed from Trusted Registries Only
Container Images Should be Deployed from Trusted Registries Only
- Former user (Deleted)
Owned by Former user (Deleted)
Aug 12, 2021
1 min read
Analytics
Loading data...
Description:
Images running on your Kubernetes cluster should come from known and monitored container image registries. Trusted registries reduce your cluster's exposure risk by limiting the potential for the introduction of unknown vulnerabilities, security issues and malicious images.
Solution:
Ensure a regex, defining your organization private registries is configured, via the security policy parameters.
From the 'Unhealthy resources' tab, select the cluster. Security Center lists the pods running images from untrusted registries. If you see a pod running an unfamiliar image, remove it and report the incident to your security admin. Otherwise, move all images to a trusted private registry and redeploy the pods with the updated registry.
, multiple selections available,
Related content
Privileged Containers Should be Avoided
Privileged Containers Should be Avoided
More like this
Usage of Pod Hostpath Volume Mounts Should Be Restricted to a Known List to Restrict Node Access From Compromised Containers
Usage of Pod Hostpath Volume Mounts Should Be Restricted to a Known List to Restrict Node Access From Compromised Containers
More like this
Containers Sharing Sensitive Host Namespaces Should Be Avoided
Containers Sharing Sensitive Host Namespaces Should Be Avoided
More like this
Pod Security Policies Should be Defined on Kubernetes Services (Deprecated)
Pod Security Policies Should be Defined on Kubernetes Services (Deprecated)
More like this
Overriding or Disabling of Containers AppArmor Profile Should Be Restricted
Overriding or Disabling of Containers AppArmor Profile Should Be Restricted
More like this
Running Containers as Root User Should be Avoided
Running Containers as Root User Should be Avoided
More like this