C-0078 - Images from allowed registry
Images from allowed registry
ArmoBest, cis-eks-t1.2.0, AllControls
Description of the the issue
If attackers get access to the cluster, they can re-point kubernetes to a compromized container repository. This control is intended to ensure that all the container images are taken from the authorized repositories only. User should list all the approved repositories in the parameters of this control so that any potential dangerous image can be identified.Note, this control is configurable. See below the details.
CronJob, DaemonSet, Deployment, Job, Pod, ReplicaSet, StatefulSet
What does this control test
Checks if image is from allowed listed registry.
You should enable all trusted repositories in the parameters of this control.
This control can be configured using the following parameters. Read CLI/UI documentation about how to change parameters.
Allowed image repositories
Kubescape checks that all the containers are using images from the allowed repositories provided in the following list.
Updated 2 days ago