Loading controls...
Control: 2.3.7 Ensure pipelines are automatically scanned for vulnerabilities
Description
Scan pipelines for vulnerabilities. It is recommended that this be implemented automatically.
Rationale
Automatic scanning for vulnerabilities detects known vulnerabilities in pipeline instructions and components, allowing faster patching in case one is found. These vulnerabilities can lead to a potentially massive breach if not handled as fast as possible, as attackers might also be aware of such vulnerabilities.
Audit
For each pipeline, verify that it is automatically scanned for vulnerabilities.
Remediation
For each pipeline, set automated vulnerability scanning.
Usage
Run the control in your terminal:
powerpipe control run github_compliance.control.cis_supply_chain_v100_2_3_7Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run github_compliance.control.cis_supply_chain_v100_2_3_7 --shareSQL
This control uses a named query:
default_branch_pipelines_scan_for_vulnerabilities