github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/aws/ecr/AVD-AWS-0031/docs.md

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/aws/ecr/AVD-AWS-0031/docs.md (about)

     1  
     2  ECR images should be set to IMMUTABLE to prevent code injection through image mutation.
     3  
     4  This can be done by setting <code>image_tab_mutability</code> to <code>IMMUTABLE</code>
     5  
     6  ### Impact
     7  Image tags could be overwritten with compromised images
     8  
     9  <!-- DO NOT CHANGE -->
    10  {{ remediationActions }}
    11  
    12  ### Links
    13  - https://sysdig.com/blog/toctou-tag-mutability/
    14  
    15