Detecting image usages in gitlab workflows
Description
This policy checks for the usage of images in GitLab CI/CD workflows. It detects when an image is used in a workflow, which could potentially introduce security risks if the image is not properly validated or if it contains vulnerabilities. The check is important to ensure that only trusted and validated images are used in workflows. By detecting image usage, this policy helps prevent potential security risks associated with untrusted or vulnerable images.
Code Example
yaml
image: docker:stable
services:
- name: postgres:latest
alias: dbRemediation
To fix this, ensure that all images used in workflows are trusted and validated. Validate the source and integrity of the images, and consider using trusted repositories or registries.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1068 |
| Severity | LOW |
| IaC Type | gitlab_ci |
| Frameworks | *.image[], *.services[] |
| Checkov ID | CKV_GITLABCI_3 |