All container images must start with a GCR domain
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | omission |
Description#
Container images are being used from registries outside of trusted Google Container Registry (GCR) domains, increasing the risk of running unverified or malicious images. The code does not enforce that images originate from approved GCR sources.
Impact#
Using images from untrusted sources can lead to the deployment of compromised or vulnerable containers, potentially allowing attackers to gain unauthorized access, execute arbitrary code, or compromise the security and integrity of the Kubernetes environment.
Resolution#
Use images from trusted GCR registries.