All container images must start with an ECR domain
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | omission |
Description#
Container images are being pulled from registries outside of Amazon Elastic Container Registry (ECR), allowing untrusted or potentially malicious sources. This bypasses controls that ensure images are vetted and originate from trusted repositories.
Impact#
Using images from untrusted registries increases the risk of introducing malware, vulnerabilities, or unauthorized code into the environment. Attackers could exploit this to compromise workloads, exfiltrate data, or disrupt services.
Resolution#
Container image should be used from Amazon container Registry