CME-1103

Automated Container Image Rebuilds

Evict Application Medium Confidence

Description

CI/CD pipeline automatically rebuilds and redeploys container images when base image CVEs are published. Running containers are replaced with patched versions without manual intervention.

CVSS Vector Impacts

Metric Transition Rationale
Attack Complexity (AC) L H Temporal: vulnerable container images replaced within pipeline cycle time

Verification

Verify image age and rebuild pipeline

$ podman image inspect <image> | grep Created
# Expected: Recent date
Platform: linux
← CME-1102: Live Kernel Patching (kpatch/livepatch) CME-1201: Immutable Infrastructure →