YAML-scanning, AllControls, ArmoBest
If attackers get access to the cluster, they can re-point kubernetes to a compromized container repository. This control is intended to ensure that all the container images are taken from the authorized repositories only. User should list all the approved repositories in the parameters of this control so that any potential dangerous image can be identified.Note, this control is configurable. See below the details.
CronJob, DaemonSet, Deployment, Job, Pods, ReplicaSet, StatefulSet
Checks if image is from allowed listed registry.
You should enable all trusted repositories in the parameters of this control.
This control can be configured using the following parameters. Read CLI/UI documentation about how to change parameters.
Kubescape checks that all the containers are using images from the allowed repositories provided in the following list.
Updated about 17 hours ago