Skill Being Reviewed
Skill name: container-security
Skill path: skills/cloud/container-security/
False Positive Analysis
Benign evidence that should pass:
workload: deploy/api
rendered_image: registry.example.com/app/api@sha256:8d5f...
build:
commit: 4f2c18a
ci_run: https://ci.example.com/runs/9912
signature:
verifier: cosign
result: pass
trusted_identity: github.com/org/repo/.github/workflows/release.yml
sbom:
digest: sha256:8d5f...
admission_policy:
mode: enforce
namespaces: [production]
Why this is not a finding: The image is digest-pinned, signature evidence is tied to the deployed digest, SBOM/provenance evidence matches the same digest, and admission policy is enforcing the trust requirement in production.
Coverage Gaps
Missed variant 1: signed tag, different deployed digest
image: registry.example.com/app/api:1.4.2
review_evidence:
signed_image: registry.example.com/app/api:1.4.2
signed_digest: sha256:aaa...
runtime:
resolved_digest: sha256:bbb...
Why it should be caught: A tag can move. Signature/SBOM evidence must match the digest actually deployed.
Missed variant 2: admission policy in audit mode only
policy: verify-image-signature
mode: audit
namespace: production
Why it should be caught: Audit-only policy records violations but does not prevent unsigned or untrusted images from running.
Missed variant 3: Helm values override a pinned image
# template default
image: registry.example.com/app/api@sha256:aaa...
# prod values
image:
tag: latest
Why it should be caught: Reviewers need rendered manifest evidence, not just template defaults.
Missed variant 4: SBOM exists but cannot be linked to the deployed artifact
SBOM: app-api-1.4.2.spdx.json
Workload digest: sha256:bbb...
SBOM digest field: sha256:aaa...
Why it should be caught: SBOM/provenance evidence is weak if it belongs to an older or different digest.
Edge Cases
- Some environments still use tags for operational reasons; the review should record the resolved digest and exception lifecycle rather than failing every tag categorically.
- Admission policy may be split across registry controls, Kyverno/Gatekeeper, and CI policy checks; reviewers should capture the effective production enforcement point.
- Development namespaces can run looser policy, but production exceptions need owner, expiry, and compensating controls.
imagePullPolicy: Always is often mistaken for provenance. It changes pull behavior but does not prove signature, digest pinning, or build origin.
Remediation Quality
Comparison to Other Tools
| Tool / Framework |
Catches this? |
Notes |
| Cosign |
Partial |
Can verify signatures and attestations, but the review must ensure it verifies the deployed digest and trusted identity. |
| Kyverno / Gatekeeper |
Partial |
Can enforce admission controls, but policy mode, namespace coverage, and exceptions still need review. |
| Trivy / Grype |
Partial |
Can scan images and SBOMs, but do not prove that the scanned artifact is the exact deployed digest. |
| NIST SP 800-190 |
Partial |
Calls out image and registry countermeasures; the skill needs concrete evidence fields to operationalize them. |
Overall Assessment
Strengths: The skill already covers Dockerfile hardening, Pod Security Standards, RBAC, network policies, secrets, runtime hardening, and NIST image countermeasures.
Needs improvement: It mentions content trust, signing, and immutable references, but the current report does not require an end-to-end evidence chain proving the deployed image is the built, scanned, signed, attested, and admission-approved artifact.
Priority recommendations:
- Add a dedicated image provenance and admission evidence-chain step.
- Add
CONT-PROV-* findings for mutable tags, signature/digest mismatch, SBOM mismatch, audit-only admission, weak signer identity checks, Helm/Kustomize override drift, stale exceptions, and registry lifecycle gaps.
- Extend the output report with an image provenance evidence table.
- Add pitfalls warning that
imagePullPolicy: Always is not provenance and that signatures/SBOMs must match the deployed digest.
Sources Checked
Bounty Info
Skill Being Reviewed
Skill name:
container-securitySkill path:
skills/cloud/container-security/False Positive Analysis
Benign evidence that should pass:
Why this is not a finding: The image is digest-pinned, signature evidence is tied to the deployed digest, SBOM/provenance evidence matches the same digest, and admission policy is enforcing the trust requirement in production.
Coverage Gaps
Missed variant 1: signed tag, different deployed digest
Why it should be caught: A tag can move. Signature/SBOM evidence must match the digest actually deployed.
Missed variant 2: admission policy in audit mode only
Why it should be caught: Audit-only policy records violations but does not prevent unsigned or untrusted images from running.
Missed variant 3: Helm values override a pinned image
Why it should be caught: Reviewers need rendered manifest evidence, not just template defaults.
Missed variant 4: SBOM exists but cannot be linked to the deployed artifact
Why it should be caught: SBOM/provenance evidence is weak if it belongs to an older or different digest.
Edge Cases
imagePullPolicy: Alwaysis often mistaken for provenance. It changes pull behavior but does not prove signature, digest pinning, or build origin.Remediation Quality
Comparison to Other Tools
Overall Assessment
Strengths: The skill already covers Dockerfile hardening, Pod Security Standards, RBAC, network policies, secrets, runtime hardening, and NIST image countermeasures.
Needs improvement: It mentions content trust, signing, and immutable references, but the current report does not require an end-to-end evidence chain proving the deployed image is the built, scanned, signed, attested, and admission-approved artifact.
Priority recommendations:
CONT-PROV-*findings for mutable tags, signature/digest mismatch, SBOM mismatch, audit-only admission, weak signer identity checks, Helm/Kustomize override drift, stale exceptions, and registry lifecycle gaps.imagePullPolicy: Alwaysis not provenance and that signatures/SBOMs must match the deployed digest.Sources Checked
Bounty Info