Fork me on GitHub

Build and Deployment -> Patch Management: Usage of a short maximum lifetime for images

Risk and Opportunity

Risk: Vulnerabilities in running containers stay for too long and might get exploited.
Opportunity: A good practice is to perform the build and deployment daily or even just-in-time, when a new component (e.g. package) for the image is available.

Additional Information

Implementation hints

Usefulness and Requirements of this Activity

Usefullness: Medium
Required knowledge: Medium (two disciplines)
Required time: High
Required resources (systems): Low

OWASP SAMM VERSION 2

ISO27001 2017