Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Best practice for a container lifecycle age?

0

What is the best practice for a container (ECS) lifecycle age? Should they be refreshed (patched/deployed) daily/weekly/monthly?

Argomenti
ContainerAWS Well-Architected Framework
Tag
Servizio container Amazon ElasticContainerSicurezza
Lingua
English
Boarder
posta 9 mesi fa293 visualizzazioni
2 Risposte
0

https://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html

Asha Kanta Sharma
con risposta 9 mesi fa
0

Personally this should be based on your companies security strategy.

A Regular scanning strategy of your ECR should be put in place paired with AWS inspector.

Vulnerabilities are being discovered on a daily basis and should be monitored closely.

Containers should be patched based off when vulnerabilities are discovered. Depending on the CVE score and the impact may dictate how urgent you should deploy a patched version.

Regular patching is good practice in my eyes. Time is normally against most people to review release notes for every package in a container and many mainly rely on the likes of inspector,qualys, tenable etc container scanning.

profile picture
ESPERTO
Gary Mclean
con risposta 9 mesi fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente