Use of Unmaintained Third Party Components
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-1104: Use of Unmaintained Third Party Components |
| OWASP | A06:2021 - Vulnerable and Outdated Components |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The AWS ECR repository is not set to automatically scan container images for vulnerabilities when they are pushed. This means potentially unsafe images could be stored and deployed without any security checks.
Impact#
Without image scanning on push, vulnerable or outdated components within container images may go undetected, increasing the risk of running insecure workloads. Attackers could exploit these vulnerabilities to gain unauthorized access, compromise applications, or affect the integrity of your infrastructure.