Fork me on GitHub

Test and Verification -> Static depth for infrastructure: Check for new image version

Risk and Opportunity

Risk: When a new version of an image is available, it might fixes security vulnerabilities.
Opportunity: Check for new images of containers in production.

Exploit details

Usefullness: Low
Required knowledge: Medium (two disciplines)
Required time: Medium
Required resources (systems): Very Low

Additional Information

OWASP SAMM 2 Mapping: v-security-testing|A|2
ISO27001:2017 Controls Mapping: