Container images from public registries used
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | omission |
Description#
Container images are being pulled from public registries or lack a specified registry, exposing deployments to untrusted or potentially malicious images. Using public sources bypasses organizational control over image authenticity and updates.
Impact#
Attackers could compromise containers by introducing malicious images or tampered software, leading to unauthorized access, data breaches, or service disruption. Reliance on public registries increases the risk of supply chain attacks and reduces visibility into image provenance.
Resolution#
Use images from private registries.