Back to all scenarios
Scenario #209
Security
K8s v1.19, On-Premise
Lack of Regular Vulnerability Scanning in Container Images
The container images used in the cluster were not regularly scanned for vulnerabilities, leading to deployment of vulnerable images.
Find this helpful?
What Happened
A critical vulnerability in one of the base images was discovered after deployment, as no vulnerability scanning tools were used to validate the images before use.
Diagnosis Steps
- 1Checked the container image build pipeline and confirmed that no vulnerability scanning tools were integrated.
- 2Analyzed the CVE database and identified that a vulnerability in the image was already known.
Root Cause
Lack of regular vulnerability scanning in the container image pipeline.
Fix/Workaround
• Integrated a vulnerability scanning tool like Clair or Trivy into the CI/CD pipeline.
• Rebuilt the container images with a fixed version and redeployed them.Lessons Learned
Regular vulnerability scanning of container images is essential to ensure secure deployments.
How to Avoid
- 1Integrate automated vulnerability scanning tools into the container build process.
- 2Perform regular image audits and keep base images updated.