Ensure image tag is set to Fixed - not Latest or Blank

Error: Image tag is not set to Fixed

Bridgecrew Policy ID: BC_K8S_13
Checkov Check ID: CKV_K8S_14
Severity: LOW

Image tag is not set to Fixed

Description

You can add a :fixed tag to a container image, making it easier to determine what it contains, for example to specify the version. Container image tags and digests are used to refer to a specific version or instance of a container image.

We recommend you avoid using the :latest and :blank tags when deploying containers in production as it is harder to track which version of the image is running, and more difficult to roll back properly.

Fix - Buildtime

Kubernetes

Resource: Container
Argument: image:tag (Optional)
Defines the image version by a specific number or by using latest.

apiVersion: v1
kind: Pod
metadata:
  name: <name>
spec:
  containers:
  - name: <container name>
+   image: <image>:<image version>
-   image: <image>
-   image: <image>:latest

Did this page help you?