Invalid Image Tag

• Query id: 583053b7-e632-46f0-b989-f81ff8045385
• Query name: Invalid Image Tag
• Platform: Kubernetes
• Severity: Low
• Category: Supply-Chain
• CWE: 665
• URL: Github

Description

Image tag must be defined and not be empty or equal to latest.
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file

apiVersion: v1
kind: Pod
metadata:
  name: private-image-test-3
spec:
  containers:
    - name: uses-private-image-container
      image: nginx
      imagePullPolicy: Always
      command: [ "echo", "SUCCESS" ]
---
apiVersion: v1
kind: Pod
metadata:
  name: private-image-test-33
spec:
  containers:
    - name: uses-private-image-container
      image: nginx:latest
      imagePullPolicy: Always
      command: [ "echo", "SUCCESS" ]

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

apiVersion: v1
kind: Pod
metadata:
  name: private-image-test-1
spec:
  containers:
    - name: uses-private-image
      image: nginx:1.21
      imagePullPolicy: Always
      command: [ "echo", "SUCCESS" ]