Invalid Image Tag

  • Query id: 583053b7-e632-46f0-b989-f81ff8045385
  • Query name: Invalid Image Tag
  • Platform: Kubernetes
  • Severity: Low
  • Category: Supply-Chain
  • CWE: 665
  • URL: Github

Description

Image tag must be defined and not be empty or equal to latest.
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
apiVersion: v1
kind: Pod
metadata:
  name: private-image-test-3
spec:
  containers:
    - name: uses-private-image-container
      image: nginx
      imagePullPolicy: Always
      command: [ "echo", "SUCCESS" ]
---
apiVersion: v1
kind: Pod
metadata:
  name: private-image-test-33
spec:
  containers:
    - name: uses-private-image-container
      image: nginx:latest
      imagePullPolicy: Always
      command: [ "echo", "SUCCESS" ]

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
apiVersion: v1
kind: Pod
metadata:
  name: private-image-test-1
spec:
  containers:
    - name: uses-private-image
      image: nginx:1.21
      imagePullPolicy: Always
      command: [ "echo", "SUCCESS" ]