Make sure that Container Image Scanning (CIS) / Image Scanning is in place for your repository. Container image scanning is a crucial aspect of DevSecOps, especially as containers become more prevalent in application deployment. Container scanning is the process and scanning tools used to identify vulnerabilities within containers and their components. It is key to container security, and enables developers and cybersecurity teams to fix security threats in containerized applications before deployment. Container scanning tools, scan containers and compare them against public or proprietary vulnerability databases to uncover potential security issues. Learn more: https://owasp.org/www-project-devsecops-guideline/latest/02f-Container-Vulnerability-Scanning https://www.practical-devsecops.com/top-container-security-tools/ https://www.aquasec.com/cloud-native-academy/container-security/image-scanning/ https://snyk.io/learn/container-security/container-scanning
1. Navigate to Project -> Pipelines. 2. Open your repository CI Pipeline. 3. Ensure a Container Image Scanning (CIS) tool is present in your pipeline.
{
"target": "ADORepositoryPipelines",
"if": {
"allOf": [
{
"resource": "ADORepositoryPipelines",
"property": "PipelinesFinalYaml",
"operator": "match",
"value": "$(ADO_POLICY_VAR_DEVSECOPS_CIS_CONTAINER_IMAGE_SCANNING_TOOLS_PATTERNS)"
}
]
},
"then": {
"effect": "Audit"
}
}Copyright © DevOps Shield. All Rights Reserved. Privacy Policy | Cookie Policy | Terms and Conditions