Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix code scanning alert - Ensure ECR Image Tags are immutable #20

Open
1 task
dragonfleas opened this issue Aug 1, 2023 · 1 comment
Open
1 task

Fix code scanning alert - Ensure ECR Image Tags are immutable #20

dragonfleas opened this issue Aug 1, 2023 · 1 comment
Labels
help wanted Extra attention is needed

Comments

@dragonfleas
Copy link
Contributor

Tracking issue for:

Looking for discussion on this topic, is it important that we use MUTABLE tags? I can't recall a time where we've needed to mutate an already existing tag name, also feel like it's a bad practice.

The security risk there too is if someone gained access to ECR they would be able to swap an image with the same tag for a malicious image.

Tagging @synapsestudios/platform
@dragonfleas dragonfleas added the help wanted Extra attention is needed label Aug 1, 2023
@spruce-bruce
Copy link
Contributor

Does the reuse of the "latest" tag count as mutable? We do use the latest tag, and we probably need to keep using it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@spruce-bruce @dragonfleas