Benchmark: PR.PS-06
Description
Secure software development practices are integrated, and their performance is monitored throughout the software development life cycle.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select PR.PS-06.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.nist_csf_v2_pr_ps_06
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.nist_csf_v2_pr_ps_06 --share
Controls
- ECR repositories should have image scan on push enabled
- ECR repositories should have lifecycle policies configured
- ECR repositories should prohibit public access
- ECR private repositories should have tag immutability configured
- ECS task definition containers should not have secrets passed as environment variables
- Secrets Manager secrets should be rotated within a specified number of days