Fork me on GitHub

Culture and Organization -> Process: Prevention of unauthorized installation

Risk and Opportunity

Risk: Unapproved components are used.
Opportunity: Components must be whitelisted. Regular scans on the docker infrastructure (e.g. cluster) need to be performed, to verify that only standardized base images are used.

Additional Information

Implementation hints

Comments: By preventing teams from trying out new components, innovation might be hampered

Usefulness and Requirements of this Activity

Usefullness: Medium
Required knowledge: Low (one discipline)
Required time: Very Low
Required resources (systems): Very Low

OWASP SAMM VERSION 2

ISO27001 2017