30-Day Scan Age
No violationsstackroxmediumdeployAlert on deployments with images that haven't been scanned in 30 days
- Rationale
- Out-of-date scans may not identify the most recent CVEs.
- Remediation
- Integrate a scanner with the StackRox Kubernetes Security Platform to trigger scans automatically.
CategoriesSecurity Best PracticesSupply Chain Security
Compliance mappingsView coverage →
- DORA EU 2022/2554
- Art. 28.1Art. 9.2
- ISO/IEC 27001 2022
- A.8.25A.8.9
- NIST SP 800-53 rev. 5
- CM-2RA-5SR-4
- PCI DSS 4.0
- 11.3.12.2.16.3.36.4.3
- SOC 2 2017 TSC
- CC6.8CC7.1
Generated artifacts
1 of 5 targets supported30-day-scan-age.trivy.yaml
policies.io/source: stackrox policies.io/policy-name: 30-Day Scan Age severity: - HIGH - CRITICAL exit-code: 1 max-scan-age-days: 30
IR (canonical)
{
"id": "a3eb6dbe-e9ca-451a-919b-216cf7ee11f5",
"name": "30-Day Scan Age",
"description": "Alert on deployments with images that haven't been scanned in 30 days",
"rationale": "Out-of-date scans may not identify the most recent CVEs.",
"remediation": "Integrate a scanner with the StackRox Kubernetes Security Platform to trigger scans automatically.",
"severity": "medium",
"categories": [
"Security Best Practices",
"Supply Chain Security"
],
"lifecycle": [
"deploy"
],
"eventSource": "none",
"scope": [],
"exclusions": [],
"enforcement": {
"failBuild": false
},
"expression": {
"op": "criterion",
"field": "image-scan-age",
"values": [
"30"
],
"valuesOp": "or",
"negate": false
},
"disabled": false
}Original StackRox JSON
{
"id": "a3eb6dbe-e9ca-451a-919b-216cf7ee11f5",
"name": "30-Day Scan Age",
"description": "Alert on deployments with images that haven't been scanned in 30 days",
"rationale": "Out-of-date scans may not identify the most recent CVEs.",
"remediation": "Integrate a scanner with the StackRox Kubernetes Security Platform to trigger scans automatically.",
"disabled": false,
"categories": [
"Security Best Practices",
"Supply Chain Security"
],
"lifecycleStages": [
"DEPLOY"
],
"eventSource": "NOT_APPLICABLE",
"exclusions": [],
"scope": [],
"severity": "MEDIUM_SEVERITY",
"enforcementActions": [],
"policySections": [
{
"sectionName": "",
"policyGroups": [
{
"fieldName": "Image Scan Age",
"booleanOperator": "OR",
"negate": false,
"values": [
{
"value": "30"
}
]
}
]
}
],
"notifiers": [],
"lastUpdated": null,
"SORTName": "",
"SORTLifecycleStage": "",
"SORTEnforcement": false,
"policyVersion": "1.1",
"mitreAttackVectors": [],
"criteriaLocked": true,
"mitreVectorsLocked": true,
"isDefault": true,
"source": "IMPERATIVE"
}