Test and Verification -> Static depth for infrastructure: Check for malware
Risk and Opportunity
Risk: Third party might include malware. Ether due to the maintainer (e.g. typo squatting of an image name and using the wrong image) or by an attacker on behalf of the maintainer with stolen credentials.
Opportunity: Check for malware in components (e.g. container images, VM baseline images, libaries).
Required knowledge: Low (one discipline)
Required time: Low
Required resources (systems): Low
OWASP SAMM 2 Mapping: v-security-testing|A|2
ISO27001:2017 Controls Mapping: