Ensure Azure Pipelines Workflows Are Without Usage of Image
Image usages may affect the security and reliability of your pipeline because:
- You may not have control over the updates, patches, or changes of an image from a public registry.
- You may expose private information or credentials in your image that could be compromised by malicious actors.
Therefore, it is recommended to use images from trusted sources and to avoid exposing sensitive data in your images.
Risk Level: medium
Platform: Azure Pipelines
Spectral Rule ID: AZRPPL005
REMEDIATION
In stages.job.pool
of in job.pool
delete vmImage
pool:
- vmImage: windows-latest
Read more:
Updated over 1 year ago