Build and Deployment -> Patch Management: Usage of a short maximum lifetime for images
Risk and Opportunity
Risk: Vulnerabilities in running containers stay for too long and might get exploited.
Opportunity: A good practice is to perform the build and deployment daily or even just-in-time, when a new component (e.g. package) for the image is available.
- Sample concept:
(1, , Tags:
Usefulness and Requirements of this Activity
Required knowledge: Medium (two disciplines)
Required time: High
Required resources (systems): Low
OWASP SAMM VERSION 2