Test and Verification -> Static depth for infrastructure: Test the definition of virtualized environments
Risk and Opportunity
Risk: The definition of virtualized environments (e.g. via Dockerfile) might contain unsecure configurations.
Opportunity: Test the definition of virtualized environments for unsecured configurations.
Additional InformationImplementation Guide
- Dockerfile with hadolint, Link, Tags:
- Deployment with kube-score, Link, Tags:
- dockerfilelint, Link, Tags: sast docker dockerfile
Usefulness and Requirements of this Activity
Required knowledge: Low (one discipline)
Required time: Very Low
Required resources (systems): Low
OWASP SAMM VERSION 2
- system hardening, virtual environments are not explicitly covered by ISO 27001 - too specific