Back to catalog

30-Day Scan Age

No violationsstackroxmediumdeploy

Alert on deployments with images that haven't been scanned in 30 days

Rationale
Out-of-date scans may not identify the most recent CVEs.
Remediation
Integrate a scanner with the StackRox Kubernetes Security Platform to trigger scans automatically.
CategoriesSecurity Best PracticesSupply Chain Security
Compliance mappingsView coverage →
DORA EU 2022/2554
Art. 28.1Art. 9.2
ISO/IEC 27001 2022
A.8.25A.8.9
NIST SP 800-53 rev. 5
CM-2RA-5SR-4
PCI DSS 4.0
11.3.12.2.16.3.36.4.3
SOC 2 2017 TSC
CC6.8CC7.1

Generated artifacts

1 of 5 targets supported
30-day-scan-age.trivy.yaml
policies.io/source: stackrox
policies.io/policy-name: 30-Day Scan Age
severity:
  - HIGH
  - CRITICAL
exit-code: 1
max-scan-age-days: 30
IR (canonical)
{
  "id": "a3eb6dbe-e9ca-451a-919b-216cf7ee11f5",
  "name": "30-Day Scan Age",
  "description": "Alert on deployments with images that haven't been scanned in 30 days",
  "rationale": "Out-of-date scans may not identify the most recent CVEs.",
  "remediation": "Integrate a scanner with the StackRox Kubernetes Security Platform to trigger scans automatically.",
  "severity": "medium",
  "categories": [
    "Security Best Practices",
    "Supply Chain Security"
  ],
  "lifecycle": [
    "deploy"
  ],
  "eventSource": "none",
  "scope": [],
  "exclusions": [],
  "enforcement": {
    "failBuild": false
  },
  "expression": {
    "op": "criterion",
    "field": "image-scan-age",
    "values": [
      "30"
    ],
    "valuesOp": "or",
    "negate": false
  },
  "disabled": false
}
Original StackRox JSON
{
  "id": "a3eb6dbe-e9ca-451a-919b-216cf7ee11f5",
  "name": "30-Day Scan Age",
  "description": "Alert on deployments with images that haven't been scanned in 30 days",
  "rationale": "Out-of-date scans may not identify the most recent CVEs.",
  "remediation": "Integrate a scanner with the StackRox Kubernetes Security Platform to trigger scans automatically.",
  "disabled": false,
  "categories": [
    "Security Best Practices",
    "Supply Chain Security"
  ],
  "lifecycleStages": [
    "DEPLOY"
  ],
  "eventSource": "NOT_APPLICABLE",
  "exclusions": [],
  "scope": [],
  "severity": "MEDIUM_SEVERITY",
  "enforcementActions": [],
  "policySections": [
    {
      "sectionName": "",
      "policyGroups": [
        {
          "fieldName": "Image Scan Age",
          "booleanOperator": "OR",
          "negate": false,
          "values": [
            {
              "value": "30"
            }
          ]
        }
      ]
    }
  ],
  "notifiers": [],
  "lastUpdated": null,
  "SORTName": "",
  "SORTLifecycleStage": "",
  "SORTEnforcement": false,
  "policyVersion": "1.1",
  "mitreAttackVectors": [],
  "criteriaLocked": true,
  "mitreVectorsLocked": true,
  "isDefault": true,
  "source": "IMPERATIVE"
}