Improve forensics ephemeral cloud workload evidence gates by bnpl7 · Pull Request #1548 · UnitOneAI/SecuritySkills

bnpl7 · 2026-06-06T22:05:25Z

Summary

Adds evidence gates for ephemeral cloud workloads including Kubernetes and managed container workloads (spec, events, logs, container statuses, image digests, etc.), as well as serverless workloads (versions, environment configurations, deployment package hashes, execution roles, triggers).
Addresses mutable tag and alias vulnerabilities (e.g. relying on :latest or prod aliases rather than immutable SHA-256 digests or version IDs) by introducing verification findings (EPHEMERAL-WL-01 through EPHEMERAL-WL-05) and required fields.
Updates the Findings Classification section to escalate ephemeral workload metadata and container/log capture priority (Critical/High) due to rapid recycling risk.
Expands Section 5 (Output Format) report template to include a structured "Ephemeral Cloud Workloads" section with a clear metric table.
Adds "Pitfall 6: Relying on Mutable Tags and Aliases for Ephemeral Workloads" to the Common Pitfalls section.
Appends references for Kubernetes pods, AWS Lambda versions, and NIST SP 800-190.

Addresses #1395.

I have read and agree to the CONTRIBUTING.md bounty terms. Preferred payment method: PayPal, to be provided privately after acceptance.

Add ephemeral workload forensics evidence gates

78049ee