Container images are not configured to be scanned for known vulnerabilities before deployment. Without image vulnerability scanning, insecure base images, outdated operating system packages, vulnerable application dependencies, or accidentally introduced pre-release/debug components may be promoted into production without detection.

This increases the risk that exploitable vulnerabilities are deployed into cloud workloads, where attackers may use them to gain unauthorised access, escalate privileges, access sensitive data, or compromise the availability and integrity of the application environment. Container images should be treated as release artefacts and validated through automated security scanning before they are deployed to production.

Remediation

Enable vulnerability scanning for container images. Where possible, enforce scanning as part of the CI/CD pipeline and block deployment of images that contain high or critical vulnerabilities. Ensure scan results are reviewed regularly, vulnerable images are rebuilt with patched base images and dependencies, and production deployments only use images that have passed security validation.