Answer-first summary for fast verification
Answer: Introduce a post-build CodePipeline stage with ECR image scanning and Lambda for result analysis, halting the pipeline on findings.
The correct answer is B. This approach integrates security scanning directly into the CI/CD pipeline and leverages AWS services for image scanning. By creating a new CodePipeline stage that occurs after the container image is built and configuring ECR basic image scanning to scan on image push, the Lambda function can be used to check the scan results. If there are any findings, the pipeline will fail. This ensures that the container image is analyzed earlier in the CI/CD pipeline with the most operational efficiency.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
How can a company integrate container image analysis into a CI/CD pipeline using Amazon ECR, Amazon EKS, and AWS CodePipeline to ensure images are hardened before deployment, with the most operational efficiency?
A
Locally build and scan container images, mitigating issues before source code repository updates.
B
Introduce a post-build CodePipeline stage with ECR image scanning and Lambda for result analysis, halting the pipeline on findings.
C
Implement a CodePipeline stage post source code retrieval, applying security scans and pipeline failure on detected issues.
D
Insert a pre-deployment action in CodePipeline for ECR image scanning, using Lambda to review results and stop the pipeline on security issues.
No comments yet.