Detections
Analytics
Configure Image Provenance using ImagePolicyWebhook admission controller
MEDIUM
Description
Description:
Configure Image Provenance for your deployment.
Rationale:
Kubernetes supports plugging in provenance rules to accept or reject the images in your deployments. You could configure such rules to ensure that only approved images are deployed in the cluster.
You need to regularly maintain your provenance configuration based on container image updates.
Remediation
Follow the Kubernetes documentation and setup image provenance.
Policy Details
Rule Reference ID: AC_K8S_0001
CSP: Kubernetes
Remediation Available: No
Domain: Identity and Access Management
Resource: kubernetes_admission_configuration
Resource Category: Management
Resource Type: Admission Configuration