Guides

Ensure Azure Pipelines Workflows Are Without Usage of Image

Image usages may affect the security and reliability of your pipeline because:

  • You may not have control over the updates, patches, or changes of an image from a public registry.
  • You may expose private information or credentials in your image that could be compromised by malicious actors.
    Therefore, it is recommended to use images from trusted sources and to avoid exposing sensitive data in your images.
Suggest Edits

Risk Level: medium
Platform: Azure Pipelines
Spectral Rule ID: AZRPPL005

REMEDIATION

In stages.job.pool of in job.pool delete vmImage

pool:
- vmImage: windows-latest

Read more:

Updated about 1 year ago