2 個答案
- 最新
- 最多得票
- 最多評論
0
已回答 9 個月前
0
Personally this should be based on your companies security strategy.
A Regular scanning strategy of your ECR should be put in place paired with AWS inspector.
Vulnerabilities are being discovered on a daily basis and should be monitored closely.
Containers should be patched based off when vulnerabilities are discovered. Depending on the CVE score and the impact may dictate how urgent you should deploy a patched version.
Regular patching is good practice in my eyes. Time is normally against most people to review release notes for every package in a container and many mainly rely on the likes of inspector,qualys, tenable etc container scanning.
相關內容
- 已提問 7 個月前
- AWS 官方已更新 2 年前
- AWS 官方已更新 1 年前