TF 0109 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
All container images must start with an ECR domain
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | omission |
Description
Container images are being pulled from registries outside of Amazon Elastic Container Registry (ECR), allowing untrusted or potentially malicious sources. This bypasses controls that ensure images are vetted and originate from trusted repositories.
Impact
Using images from untrusted registries increases the risk of introducing malware, vulnerabilities, or unauthorized code into the environment. Attackers could exploit this to compromise workloads, exfiltrate data, or disrupt services.
Resolution
Container image should be used from Amazon container Registry