Build and Deployment -> Build: Pinning of artifacts
Risk and Opportunity
Risk: Unauthorized manipulation of artifacts might be difficult to spot. For example, this may result in using images with malicious code. Also, intendend major changes, which are automatically used in an image used might break the functionality.
Opportunity: Pinning of artifacts ensure that changes are performed only when intended.
Dependencies: Defined build process
- Container technology automatically creates a hash for images, which can be used.
- Immutable images are an other way, e.g. by using a registry, which doesn't allow overriding of images.
Comments: The usage of pinning requires a good processes for patching. Therefore, choose this activity wisly.
Usefulness and Requirements of this Activity
Required knowledge: Low (one discipline)
Required time: Low
Required resources (systems): Low
OWASP SAMM VERSION 2